Docs

Audit Log Activity

Suggest Edits

Preview

Overview

Purpose: The Audit Log Activity dashboard provides detailed tracking of user actions, classes of activity, and audit logs within the system. This dashboard helps administrators monitor user activity, detect unusual behavior, and maintain an audit trail for security and compliance purposes.

Components: The dashboard includes the following visualizations:

  • Top Users
  • Top Classes
  • Top Actions
  • Audits
  • Last Events

Getting Here

  1. From the main menu, go to Dashboards > All.
  2. In the horizontal navigation at the top, select the System tab.
  3. Click on Audit Log Activity.

Main Points

Usage Scenarios: This dashboard is essential for security teams and administrators who need to review user activities, detect unauthorized access, and ensure compliance with auditing requirements.

Best Practices: Regularly review the top users, actions, and classes to identify any unusual or high-risk activity. Utilize the Last Events log for detailed insights into recent actions taken within the system.

Charts

Top Users

Description: A bar chart displaying the users with the highest number of actions in the system.

Key Elements:

  • X-axis: Action count.
  • Y-axis: Usernames of the top users.

Usage: Use this chart to quickly identify the most active users and monitor their activity levels for any unusual patterns.

Top Classes

Description: A bar chart showing the most common classes of actions (e.g., authentication).

Key Elements:

  • X-axis: Action count.
  • Y-axis: Classes of actions, such as authentication and customer.

Usage: Helps administrators understand which types of actions are most frequent in the system, aiding in security analysis.

Top Actions

Description: A bar chart displaying the most frequent actions performed, such as event creation.

Key Elements:

  • X-axis: Action count.
  • Y-axis: Specific actions, such as event and create.

Usage: Provides insights into the common actions performed within the system, helping to detect repetitive or unexpected activity.

Audits

Description: A line chart showing the frequency of audit events over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Count of audit events.

Usage: Use this chart to observe trends in audit activity and identify any spikes that could indicate suspicious activity.

Last Events

Description: A table listing recent events with detailed information, including timestamp, class, subclass, action, user, description, and account.

Key Elements:

  • Columns: Detailed attributes of each event, such as timestamp and user.
  • Scrollable Log: Enables users to browse through recent events for quick insights.

Usage: This table is useful for detailed auditing and investigation, allowing administrators to track specific actions and user behavior.

Interpreting the Data

User Monitoring: The Top Users chart highlights the most active users, which is useful for identifying and monitoring frequent system interactions.

Action Trends: The Top Actions and Audits charts help detect patterns in user behavior, providing insights into potential anomalies or repetitive activities.

Detailed Event Analysis: The Last Events table offers a granular view of recent actions, supporting compliance efforts and aiding in forensic analysis if needed.

Additional Features

Metric Selection: The dashboard allows users to select different metrics, such as bitrate, to customize the view and focus on specific data points.

Time Range: Users can adjust the time range for the displayed data, enabling detailed examination of activity over specific periods.

Interactive Elements: The SYNC HOVER feature provides synchronized insights across related visualizations, allowing for a more cohesive analysis of user actions.

Updated about 1 month ago