[New Integration] Admin By Request EPM

[cpascale43]

Description

Admin By Request provides Endpoint Privilege Management (EPM) focusing on just-in-time elevation and audit logging of admin privileges. Their core offering includes audit logging of privilege elevations, software installations and administrative actions through their user portal.

Architecture

Admin By Request exposes audit and event data via their Public API. The integration should pull from two core endpoints:

The Auditlog API provides privilege elevation and session data, including elevation requests, approvals, application installations, and scan results. This data enables monitoring of privileged access patterns and application usage.

The Events API provides system security events and administrative changes, including group modifications, policy changes and security violations. This allows tracking of administrative activities and security-critical events.

Full documentation, including all fields and event types, is available here:

• Auditlog API
• Events API

Dashboard Ideas

The dashboard provides comprehensive visibility into privileged access management, administrative actions, and security events across the environment. It enables real-time monitoring of elevation requests, application installations, and security scanning to help teams maintain compliance and quickly identify potential security issues. These dashboard ideas will be transformed into detailed technical requirements in a subsequent tech design document. As a starting point, key monitoring categories are:

Privilege access intelligence

Monitor and analyze patterns of privileged access requests to identify potential security risks and ensure appropriate use of administrative privileges. The dashboard tracks request volumes, approval workflows and execution patterns to establish baseline behavior and flag anomalies. Key metrics include response times for approvals and the ratio of approved versus denied requests.

Possible visualizations:

• Trend line showing privilege escalation requests over time with status breakdown
• Average response time gauge for administrative approvals
• Pie chart showing distribution of Run As Admin vs. Admin Session types
• Bar chart of top requestors by volume with approval rates
• Timeline of elevation requests showing approval workflow stages

Security event tracking

Provide real-time visibility into security threats by monitoring malware scan results across multiple engines. The system analyzes all elevated applications for potential threats before execution and maintains an audit trail of scan results. Admin By Request includes integration with VirusTotal for additional threat intelligence and tracking of policy-based execution blocks.

Possible visualizations:

• Real-time counter of malware detection alerts from multiple antivirus engines
• Trend analysis of scan results (Clean/Malicious/Suspicious) by vendor
• Heatmap of threat detections by application type and vendor
• List of recently blocked executions with threat details

Administrative activity overview

Track all modifications to administrative privileges across the environment, including local admin group changes, emergency access usage, and PIN code authentications. This provides accountability for privileged access changes and helps identify unauthorized elevation attempts. The system maintains a complete audit trail of who made changes and when.

Possible visualizations:

• Local admin group membership change tracking
• PIN code usage patterns for elevated access
• Pie chart showing distribution of administrative actions by type
• Administrative session duration metrics

Application control center

Monitor all privileged software installations and removals across the environment. This includes tracking pre-approved applications, identifying common installation patterns, and maintaining an inventory of elevated applications by vendor. The dashboard helps ensure that software deployment follows organizational policies.

Possible visualizations:

• Bar chart of top 10 installed/uninstalled applications by vendor
• Pre-approved vs. manually-approved installation ratio
• Policy-blocked execution attempt patterns

Active session management

Provide real-time awareness of current privileged access usage. This enables security teams to understand who currently holds elevated privileges, track session durations, and monitor privileged activities. The ability to track concurrent sessions and unusual patterns helps identify potential security incidents in progress.

Possible visualizations:

• Current elevated session status table
• Session duration tracking by user and type
• List of current elevated access users

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

• Change follows the contributing guidelines
• Supported versions of the monitoring target are documented
• Supported operating systems are documented (if applicable)
• Integration or System tests exist
• Documentation exists, useful guidelines to follow
• Fields follow ECS and naming conventions
• At least a manual test with ES / Kibana / Agent has been performed.
• Required Kibana version set to: