SIEM integration
The Secure Private Access plug-in supports integration with Security Information and Event Management (SIEM) services. Security events are stored in real time to Windows Event Log (Event Viewer\Applications and Services Logs\Citrix Access Security) and can be collected and analyzed by third-party tools.
The following table lists the Secure Private Access plug-in security events:
| Event ID | Summary | Description | Source |
|---|---|---|---|
| 4624 | An account was successfully logged on | Event created when Secure Private Access administrator logged in to Secure Private Access admin console | Citrix Access Security Admin service |
| 4625 | An account failed to log on | Event created when Secure Private Access administrator failed to logged in to Secure Private Access admin console | Citrix Access Security Admin service |
| 4634 | An account was logged off | Event created when Secure Private Access administrator logged off from Secure Private Access admin console | Citrix Access Security admin service |
| 4720 | A user account was created | Event created when new Secure Private Access administrator added | Citrix Access Security admin service |
| 4738 | A user account was changed | Event created when new Secure Private Access administrator updated | Citrix Access Security admin service |
| 4726 | A user account was deleted | Event created when new Secure Private Access administrator removed | Citrix Access Security admin service |
| 8001 | User secure access session | Event created when user session initiated or terminated on endpoint. Contains user, session, and device details, visited internal and external domains during the session | Citrix Access Security admin service |
| 8002 | User access authorization request | Event created when Secure Private Access plugin authorizes access to resource. Contains resource FQDN and authorization decision | Citrix Access Security admin service |
References
SIEM integration
In this article
Copied!
Failed!