Applying search criteria
Use the query builder in the Activity Center to add and remove data from your activity audit log report to get the information you need.
By default, an activity audit log report includes all activity occurring within the last 24 hours. However, using the query options provided you can specify search criteria to retrieve specific information from the activity audit log. The available search criteria may include:
- Activity Category: Use this drop-down to narrow parameters and event details.
- Date Range: Use this drop-down to narrow results by hours, days, or a custom time frame you set.
- User Name: Clicking this field opens a dialog where you can select a user for the activity report.
- Asset Name: Clicking this field opens a dialog where you can select the asset for the activity report.
- Account Name: Clicking this field opens a dialog where you can select the account for the activity report.
To apply search criteria to the audit log
Activity Category and Time frame are required to generate a report. Other search criteria is optional and allows you to narrow the report to the exact parameters provided.
- Navigate to the Activity Center (Reports > Activity Center).
-
Activity Category defaults to All Activity (Summary Only). Click the drop-down to limit the report to select the activity category to be included in the report.
-
Date Range defaults to Last 24 Hours. To specify a different time frame, click the drop-down and select the time frame to be included in the report. If using the Custom option, specify the custom date and time range.
- Clicking the User Name field opens a dialog where you can select a user for the activity report.
- When available, clicking the Asset Name field opens a dialog where you can select the asset for the activity report.
- When available, clicking the Account Name field opens a dialog where you can select the account for the activity report.
-
To remove your selections, use Clear Search Criteria to reset the search back to the default.
Saving search criteria and loading previously saved search criteria
You can save the current search criteria defined to be used at a later time to generate an activity audit log report. You can save the current search criteria from the main Activity Center view (query builder page) or from the results view.
To save the current search criteria
- Navigate to the Activity Center (Reports > Activity Center).
- Specify the search criteria to be used to generate the desired report. For more information, see Applying search criteria.
- Click Save or Schedule Search.
-
In the Save Scheduled Report dialog, enter the following information:
- Name: Enter a name for the search.
- Description: Optionally, enter descriptive text to describe the search.
- Run Every: By default this is set to Never. Selecting another option from the drop-down will enable additional configuration options. For more information, see Scheduling an activity audit log report
- Click OK.
-
To run a previously saved search, click Select a Saved Search.
-
Select a search from the list.
-
Click OK.
The search criteria for the selected search appears on the Activity Center page.
To load previously saved search criteria
- Navigate to the Activity Center (Reports > Activity Center).
- Click Select a Saved Search.
- Select a search from the list.
-
Click Load Report.
The search criteria for the selected search appears on the Activity Center page.
Generating an activity audit log report
To generate an activity audit log report
- Navigate to the Activity Center (Reports > Activity Center).
-
Use the query options provided to specify the content of the report. By default the audit log returns all activity occurring within the last 24 hours. For more information, see Applying search criteria.
-
The information displayed by default depends on the type of activity report generated. You can change the columns displayed by selecting the Columns in the upper right of the results list.
Actions once a report is generated
Once a report is generated, you can use the buttons above the grid as described below.
- View Details: After selecting a result, click this button to open a detailed summary.
- Request Workflow Details: Select an access request event and click Workflow to audit the transactions that occurred during the request's workflow from request to approval to review. For session requests, you can also replay a recorded session or live session from the Request Workflow dialog.
- Export: Click to export the data as CSV or JSON to the location of your choice. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts. For more information, see Exporting data. The time is set according to the user time zone.
- Refresh: Closes the details and updates the search results page.
- Column: Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the report. Clear the check box for data to be excluded from the report. The additional columns available depend on the type of activity included in the report.
Scheduling an activity audit log report
Safeguard for Privileged Passwords allows you to schedule the generation of an activity audit log report, which will then be sent via email. The emailed report will be an attachment in the selected .csv or .json format.
To schedule an activity audit log report
- Navigate to the Activity Center (Reports > Activity Center).
-
Use the query options provided to specify the content of the report. By default the audit log returns all activity occurring within the last 24 hours. For more information, see Applying search criteria.
- Click Save or Schedule Search.
- In the Save Scheduled Report dialog, enter the following information:
- Name: Enter a name for the report.
- Description: Optionally, enter descriptive text for the report.
-
To set the schedule, use the following options:
-
Select a time frame:
- Never: The job will not run according to a set schedule. You can still manually run the job.
- Minutes: The job runs per the frequency of minutes you specify. For example, Run Every 30/Minutes runs the job every half hour over a 24-hour period. It is recommended you do not use the frequency of minutes except in unusual situations, such as testing.
-
Hours: The job runs per the minute setting you specify. For example, if it is 9 a.m. and you want to run the job every two hours at 15 minutes past the hour starting at 9:15 a.m., select Run Every 2/Hours/@ minutes after the hour 15.
-
Days: The job runs on the frequency of days and the time you enter.
For example, Run Every 2/Days/Starting @ 11:59:00 PM runs the job every other evening just before midnight.
-
Weeks The job runs per the frequency of weeks at the time and on the days you specify.
For example, Run Every 2/Weeks/Starting @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 a.m. on Monday, Wednesday, and Friday.
-
Months: The job runs on the frequency of months at the time and on the day you specify.
For example, If you select Run Every 2/Months/Starting @ 1:00:00 AM along with Day of Week of Month/First/Saturday, the job will run at 1 a.m. on the first Saturday of every other month.
-
Select Use Time Windows if you want to enter the Start and End time. You can click Add or Remove to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.
For example, for a job to run every ten minutes every day from 10 p.m. to 2 a.m., enter these values:
Enter Run Every 10/Minutes and set Use Time Windows:
If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.
For a job to run two times every other day at 10:30 am between the hours of 4 a.m. and 8 p.m., enter these values:
For days, enter Run Every 2/Days and set Use Time Windows as Start 4:00:00 AM and End 8:00:00 PM and Repeat 2.
If the scheduler is unable to complete a task within the scheduled interval, when it finishes execution of the task, it is rescheduled for the next immediate interval.
- Fields: Clicking this button opens a dialog where you can select which fields will be included in the results.
- Sort By: Clicking this button opens a dialog where you can select the sort order for the selected fields.
- Report Will be Sent To: Read-only field displaying the email address of the user currently logged into the Safeguard for Privileged Passwords client. This field is required. If this field is blank, you must set your email address in My Account.
- Select a Report Format, which can be CSV or JSON. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.
- Select the Detailed Report (Not Valid for All Activity) check box to generate a longer, more detailed report.
- Click OK.