User Activity Details

The User Activity audit view displays the audit information from the context of the user from the context of the User Activity view.

This means from the context of the User who's activity is being reviewed.

Event Header

The Event Header indicates which type of event was encountered in this Activity Detail.

Event Information Panel

The Event Information Panel displays detailed information about the event.

The following Event fields are shown:

Field
Description

EID

The unique identifier of the event.

Action

The action performed by the user (e.g. Execute, Creation, Read, Update, Delete).

Event

The type of event associated with the action (e.g. Security Alert, Authentication, Import Data, Export Data, Query).

Timestamp

The date and time when the activity was performed.

Outcome

The result of the action (e.g. Success, Minor/Moderate Fail, Serious Fail, Major Fail).

Process

The process in which the instance of the application is running on (e.g. PID XXXXX)

Source

A number representing the source of the entity.

Network Panel

The Network Panel illustrates the nodes that this event traveled across.

In this example, the event originated from the webserver on 127.0.0.1 and executed the Execute action onto the ICDR named office-pc.

Below the diagram, the URL used to trigger the event is displayed.

Users and Computers Panel

The Users and Computers Panel shows a table of entities involved in the event.

The following User and Computer Fields are shown:

Column
Description

Username

The display name of the user associated with the event.

Machine

The IP address or hostname of the client, server, or device involved.

R

Indicates the entity viewing the audit.

Roles

A number representing the role, or humanuser if the entity/client/server was a human user.

Data and Objects Panel

About this Example

In this example, Query Executed is displayed as a section.

❗However, the section displayed depends on the type of event.

The Data and Objects Panel has two sections:

  • 🗒️HTTP Headers Section,

  • 🧑‍💻Query Executed Section.

Event Type Reference

  • 🚨 Security Alert → An event related to a security alert.

  • 🔐 Authentication → An event related to authentication within the system or by an external entity.

  • ↪️ Import Data → An event related to importing data into the system.

  • ↩️ Export Data → An event related to exporting data from the system.

  • 🔍 Query → An event related to searching or filtering data within the system.

Http Headers Section

This section displays information about HTTP headers associated with the event.

The following Http Header fields are show:

Field
Description

Type

The type of HTTP header (e.g. SystemObject).

Role

The role associated with the header (e.g. Query).

Query Executed

The URL used in the query

Extended Data

A key/value table containing additional header information (e.g. Accept: application/xml).

Lifecycle

Indicates the lifecycle state of the object (e.g. NotSet, Disclosure, Access, etc...).

ID Type

Identifier type (e.g. UserIdentifier, SearchCriterion, Custom, etc...).

Query Executed Section

This section displays information about the query executed during the event.

The following fields Query Executed fields are shown:

Field
Description

Type

The type of Query object (e.g. SystemObject).

Role

Role associated with the Query (e.g. Query).

Query Executed

The URI portion of the Query executed.

Lifecycle

Indicates the lifecycle state of the Query object (e.g. NotSet, Disclosure, Access, etc...).

ID Type

Identifier type of the Query object (e.g. UserIdentifier, SearchCriterion, Custom, etc...).

PreviousUser ActivityNextAccess & Audit Trail

Last updated