Netop Portal Audit Logging Events

This article provides complete information which will help you understating and auditing the log reports available in the Netop Portal.

The generated log report will contain the following details (columns):

Report column

Description

Session

A unique identifier of the user session, useful to group log events for a specific user session.

User Id

The internal ID of the logged Portal user. If the action is performed by the Portal rather than the actual user, the value logged is SYSTEM.

User Name

The username of the logged Portal user. If the action is performed by the Portal rather than the actual user, there will be no logged value in this column.

Account Id

The internal ID of the logged Portal user's account.

Entity Type

The type of the entity involved in the current log event. For the complete list of entity types, please refer to the next section of this article.

Action

The action executed by the entity. For the complete list actions each entity can perform, please refer to the next section of this article.

Entity Id

The internal ID of the entity involved in the current log event.

Entity Name

The name of the entity involved in the current log event.

Result Code

Indicates whether the action performed by the entity was successful or not. 0 means the action has been successful, anything greater than 0 means an error has occurred.

Data

Contains different data based on the action performed by the entity, as follows:

  • If the current action is CREATE, UPDATE or DELETE, it will contain raw data with the entity updates.
  • If the current action is LOGIN, it will contain raw data of the authenticated user, the public IP of the user performing the action and the User Agent.
  • In all the other cases, it will contain raw data for the involved entity.

Action timestamp

The Linux timestamp of the current log event.

Action date

The UTC date and time of the current log event.

Source

The module generating the log event. Currently, the only possible value is portal.

Environment

The environment generating the log event. Currently, the only possible value is live.

 

Below is the complete list actions that can be performed on the Portal entity types and the description of the events logged in the audit trails.

Entity Type

Action

Event Description

ACCOUNT

CREATE

An event is logged when the superadmin creates an account. It is the first event logged for any account.

UPDATE

An event is logged in one of the following situations:

  • An account owner updates the account details.
  • An account owner or account admin updates the account security settings.
  • The superadmin updates the account.

ACCOUNT_AUTH_METHOD

CREATE

An event is logged when a new authentication method is created.

UPDATE

An event is logged when an existing authentication method has been updated.

DELETE

An event is logged when an existing authentication method has been deleted.

DEVICE

CREATE

An event is logged when a device is created in the Portal through the enrollment process available with the Netop Host version 12.65 or above or when registering previous versions of the Netop Host.

UPDATE

An event is logged in one of the following situations:

  • The device details are updated in the Portal, including the device updated its status (going online/offline)).
  • The Enrollment State is updated, that is, the device is enrolled in the Portal by clicking the Enroll button.

ATTACH_TO_GROUP

An event is logged when a device is attached to a Device Group.

DELETE

An event is logged when a Portal user deletes the device.

REVOKE

An event is logged when a deployment package is revoked from the Portal and subsequently revokes all its associated devices.

CONNECT

An event is logged when the Portal user connects to the device via the Browser-based Support Console.

AUTHORIZE

An event is logged when a device requests and receives the list of permissions for a specific user requesting access.

REGISTER

An event is logged when a Netop Host changes having an earlier version than 12.65its status (online/offline).

ENROLL

An event is logged when a Host enrolls to the Portal.

RE_ENROLL

An event is logged when a Host reenrolls to the Portal following a conflict (e.g., the Host or its machine was cloned). For information on device identity conflicts and workarounds, see this article.

GET_ACCESS

An event is logged whenever a Host tries to authorize itself for accessing the Portal.

UPGRADE

An event is logged when a Netop Host having an earlier version than 12.65 first tries to authenticate into the Portal and is migrated from a user/password configuration to an enrollment key configuration.

DEVICE_CONFLICTS

CREATE

An event is logged after a Netop Host starts and detects a conflict with another online Host. For information on device identity conflicts and workarounds, see this article.

UPDATE

An event is logged as part of the conflict solving process from the conflicting Netop Host. For information on device identity conflicts and workarounds, see this article.

DEPLOYMENT_PACKAGE

CREATE

An event is logged when a deployment package is created in the Portal.

UPDATE

An event is logged in one of the following situations:

  • A deployment package is updated in the Portal.
  • A new Host enrolls in the Portal.
  • A Host is deleted from the Portal.

DELETE

An event is logged when a deployment package is deleted from the Portal.

REVOKE

An event is logged when a deployment package is revoked in the Portal.

GET_DOWNLOAD_URL

An event is logged when a user initiates the download of the online installer from the Portal.

UPLOAD_MSI

An event is logged when a user successfully uploads a MSI file for a specific deployment package in the Portal.

UPLOAD_MST

An event is logged when a user successfully uploads a MST file for a specific deployment package in the Portal.

DOWNLOAD_EXE

An event is logged when a user successfully downloads the online installer from the Portal.

DOWNLOAD_MSI

An event is logged when the online installer successfully downloads the needed MSI file from the Portal.

DOWNLOAD_MST

An event is logged when the online installer successfully downloads the needed MST file from the Portal.

USER_GROUP

CREATE

An event is logged when a user creates a User Group in the Portal.

UPDATE

An event is logged when a user updates a User Group in the Portal.

DELETE

An event is logged when a user deletes a User Group in the Portal.

DEVICE_GROUP

CREATE

An event is logged when a user creates a Device Group in the Portal.

UPDATE

An event is logged when a user updates a Device Group in the Portal.

DELETE

An event is logged when a user deletes a Device Group in the Portal.

LOG_REPORT

CREATE

An event is logged when a user starts generating a log report. Usually, this log event is followed by an UPDATE event, when the log report is successfully generated.

UPDATE

An event is logged when a log report is updated; usually this happens when the log report is generated successfully.

DELETE

An event is logged when a user deletes a log report in the Portal.

ROLE_ASSIGNMENT

CREATE

An event is logged when a user creates a Role Assignment in the Portal.

UPDATE

An event is logged when a user updates a Role Assignment in the Portal.

DELETE

An event is logged when a user deletes a Role Assignment in the Portal.

USER

CREATE

An event is logged when a user creates another User in the Portal.

UPDATE

An event is logged when a user updates a User in the Portal

DELETE

An event is logged when a user deletes another User in the Portal.

UPSERT

An event is logged when a user logs in the Portal via ADFS and the user is created/updated.

START_RESET_PASSWORD

An event is logged when a user initiates the reset password mechanism in the Portal, by providing their email.

RESET_PASSWORD

An event is logged when a user resets the password using the instructions received by email.

CANCEL_RESET_PASSWORD

An event is logged when a user cancels a previous reset password request.

ATTACH_TO_GROUP

An event is logged when a user is added to a specific User Group by clicking the Attach to Group button.

GENERATE_MFA_OTC

An event is logged when a user generates one-time Multi-Factor Authentication codes to be used for login.

LOGIN

An event is logged when a user attempts to log into the Portal.

MFA_EMAIL_LOGIN

An event is logged when a user authenticates in the Portal with a Multi Factor token received by email.

MFA_OTC_LOGIN

An event is logged when a user authenticates in the Portal with a one-time Multi-Factor Authentication code previously generated in the Portal.

LOGOUT

An event is logged when a user logs out from the Portal.

Posted - Wed, Oct 18, 2017 2:07 PM.
Online URL: http://kb.netop.com/article/netop-portal-audit-logging-events-464.html