Security Audit Log

The Security Audit Log provides Administrators a record of any changes or logins made to the account.

Access the Log:

From the navigation, click on Settings > Security > Audit.

This report will show any actions that have been performed in the account including logins, user deletions, alarm creations, Agents not reporting and more.

SAA.gif

Similar to other reports, the Security Audit Log can be filtered and allows you to export the information to a CSV file.

Access Log of Non-reporting Agents:

The Security Audit also periodically scans for computers considered actively reporting that have gone dormant for a period longer than a typical holiday weekend or out-of-office event. This simplifies account administration, allowing Admins to quickly identify computer Agents that may need to be upgraded or restarted.

Active Agents are defined as those that have logged activity within the last 30 days. Non-reporting active Agents are those that have stopped logging activity for a period of 7 days or more. Contact ActivTrak Support to modify and customize these default thresholds to your organization’s needs.

The relevant data fields for the audit log entry appear as:

Date/Time

UTC time when the report was run

ActivTrak ID

“last-activity-monitor-user@bgrove.com”

Event

ComputersNotReporting

Description

“Active computers (logging last 30 days) not reporting in last 7 days”

Action Type

Update

Action Data

Move the cursor to the eye icon to view action data and open a separate window with the list of identified Computer Agents

 

This scan runs weekly on Sundays and produces a single audit log entry with all computers matching the criteria. If all Agents are reporting properly or do not meet the non-reporting criteria, no audit log entry will be added that week.

ActivTrak-Security-Audit-ComputersNotResponding-Event_Anonymized.gif

Agent_security.png

You can also create an alarm to be actively notified of these entries. See details in the following section.

Create an Alarm:

The Security Audit Log also allows alarms to be created based on certain conditions. You can create one of these alarms either by going to Alarms and selecting "Security Audit" when making a new alarm or by clicking on "Create Alarm" at the top of the log.

The interface of the alarm creation page is very similar to an Activity Alarm, but the fields set to trigger the alarm are different:

ActivTrak ID This is the login for the user, i.e., example@youremail.com
Public IP Address The public internet protocol address a user logged in from
Description A detailed description of the activity performed (logged in, deleted users, etc).
Event The Activity performed.
Action Type The type of action taken (logging in, deleting something, creating, etc).

 

Now that the alarm triggers have been set, the action taken must be configured. The Security Audit Alarm provides the option to receive an email notification once it's triggered.

The subject line and email content can both be filled with fields that will change based on who triggers the alarm and when it was triggered. 

SAA2.gif

 

NOTE: If an Admin is deleted from the account, the logs in the Security Audit Log for that Admin will not be deleted.

The Security Audit Log is available in all paid subscription plans.

Was this article helpful?

0 out of 0 found this helpful

Comments

No comments