All scripts
fault
Advanced
~5 min
AAA / TACACS+ Audit Engine
AAA security audit: TACACS+ log parsing with failed attempt correlation, privilege escalation detection, session anomaly scoring, off-hours access alerting, RBAC policy gap analysis, and compliance reporting.
cisco-ios
cisco-nxos
juniper
arista
You're viewing a preview
The full script, parameters, and execution console are available with a free account.
Already have access? Sign in โ
Capabilities
- TACACS+
- AAA
- Auth log
- Privilege escalation
- RBAC
- TACACS log parsing
Required inputs
Parameters the script accepts. Defaults shown; some are vendor- or context-gated.
| Parameter | Type | Default | Notes |
|---|---|---|---|
Lookback Hours window_hours | number | 24 | โ |
Failed Attempt Threshold fail_threshold | number | 5 | โ |
Sample inventory schema
Authoritative shape of the device/policy data this script consumes.
No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.
Expected output
Reference terminal output the script should produce โ used as a stylistic and structural target.
terminal
[INFO] Pulled 24h of AAA logs (TACACS+ + RADIUS) [CRIT] User 'admin' from 203.0.113.5: 47 failed attempts in 10min [WARN] 3 service accounts used outside business hours [CRIT] Privilege escalation: user 'opsro' executed 'configure terminal' (no priv 15) [OK] No expired passwords currently in use