Audit

Description

The audit trail page allows you to query for audit records for the different components of Soffid.

Each action done at the Soffid console and in the Syncserver will be reported.

Screen overview

Related objects

Almost all Soffid components are audited in some way, so we could reference all the pages in the documentation.

Standard attributes

Date/Time: date on which the action was performed.
Author: user who launched the task. When the author is empty, the Syncserver launched this task.
Source IP: IP or host where the action has been performed.
Action: the task performed is specified.
Purpose: is the name of the internal object (also the table of the database) which the action was performed.
User: identity to which the action was performed.
Information system: details on which information system the action was performed (if a role is involved in the action).
Role: details the role with which the action was performed.
Account: if the action has taken place on an account, it will be indicated on which one in this section.
DB: name of the final system (agent)
Group: group involved in the action
Network: network involved in the action
Machine: host involved in the action
Printer: printer involved in the action
Domain: domain of the role involved in the action
Domain value: domain value of the domain of the role involved in the action
Mail domain: mail domain involved in the action
Mail list: mail list involved in the action
Mail list belongs: mail list belongs involved in the action
Parameter: parameter involved in the action
File: flle involved in the action
Authorization: authorization involved in the action
Federation: federation involved in the action
Users domain: users domain of the account involved in the action
Passwords domain: password domain of the account involved in the action
Jump servers group: jump servers group involved in the action
PAM session id: PAM session id involved in the action
Action code: action code of the action message involved in the action

Actions

"Query buttons"	Allows you to query accounts through different search systems, Quick and Advanced.
"Table filter"	It allows you to filter a column in the table based on the results loaded in it.
Download CSV file	Allows you to download a csv file with the information of audit records.
View	Allows you to add or remove columns to the table. It is also possible to change the order of the columns.

Examples

Common querys

Here you have a list of common Advanced searches, you only have to copy, paste and search, e.g.

// User changes trace
calendar ge "2020-01-01T00:00:00.000+01:00" AND user co "admin"
 
// User actions trace
calendar ge "2020-01-01T00:00:00.000+01:00" AND author co "admin"
 
// Soffid accounts
calendar ge "2020-01-01T00:00:00.000+01:00" AND user co "admin" AND database co "soffid"
 
// Created accounts
calendar ge "2020-01-01T00:00:00.000+01:00" AND action co "C" AND object co "SC_ACCOUN"
 
// Removed objects
calendar ge "2020-01-01T00:00:00.000+01:00" AND action co "D" AND object co "SC_ACCOUN"

Users

Groups

Accounts

Information systems

Roles

Role assignment rules

Segregation of Duties

Networks

Hosts

Detected browsers

Printers

Mail Domains

Mail Lists

Application access tree

Password vault

Custom objects

Clear redundant roles

Disable inactive users

Disable inactive accounts

Tenants

License and plugin

Look & feel

Soffid parameters

User types

Group types

Metadata

Network intelligence

Smart engine settings

Agents

Synchronization servers

Account naming rules

Attribute translation tables

Network discovery

Configure Workflow engine

Business process definition

BPM editor (addon bpm)

Authorizations

Authentication

Password policies

Configure PAM session servers

PAM policies

PAM rules

Issue policies

Digital certificates

OTP settings (addon otp)

Password recovery configuration (addon recovery)

Configuration wizard

Custom scripts (addon admin)

Attribute definition (addon federation)

Attribute sharing policies (addon federation)

Identity providers (addon federation)

Service Providers (addon federation)

Shared signals & events members (addon federation)

Sync server monitoring

Scheduled tasks

Scheduled jobs

Audit

Access logs

Sessions

Privileged accounts dashboard

Search in PAM recordings

Console log

Issues

Audit

Description

Actions

Examples

Common querys