Versions Compared

Old Version 15

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version 16

changes.mady.by.user Shirly Tsang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To view the security logs, do the following:

  1. In the Cloud Services Portal, click Administration > Logs > Security Logs

  2. On the Security Logs page, click Display Recent to display the most recent 100 security events.

...


  1. or
    Click

    Image Modified

    to activate the filtering feature, and then click

    Image Modified

    to configure your filter.
    From the Basic Columns menu, choose the filtering criterion you want to add. For example, if you choose Timestamp,

...

  1. select an applicable timeline within which you want to filter the results, using the calendar provided.

...

  1. To add more filtering criteria, click

    Image Modified

    again

...

  1. to add another criterion. When you are done, click

    Image Modified

    to filter the events.

...


  1. You can also click

    Image Added

    to remove the filter you

...

  1. just created

...

  1. . If you want to use the same criteria for

...

  1. future filtering, you can save the filter by clicking

    Image Modified

...

  1. and

...

  1. entering a name for

...

  1. the filter. You can then click

    Image Added

    to find the saved filter in the future without setting the filtering criteria again

...

  1. .

On the Security Logs page, the Cloud Services Portal displays the following information for each

...

event:

  • Timestamp: The UTC timestamp for the time the event was logged.

  • User: The user account that triggered the event.

  • App: The BloxOne application source that generated the event. The following sources are supported:

    • identity: Identity and Access Management Service.

    • ngnix: The NGNIX or Apache web server.

  • Security Event Type: The type of the event. The following are supported types and their descriptions:

Security Event Type

App Source

Description

nginx.access

nginx

The equivalent of an HTTP access log from NGNIX or Apache. The log includes the user who is authenticated and claims in the request.

nginx.data_export

nginx

A request for exporting data.

nginx.legal_reason

nginx

A request from a country prohibited by the US trade rules (HTTP 451).

nginx.unauthorized

nginx

A request that is made by using an API key and that resulted in an unauthorized response (HTTP 403).

iam.login_succeeded

identity

Successful login.

iam.login_failed

identity

Failed login. When a user or a user account can be identified, the information is added to the event.

iam.logout_succeeded

identity

Successful logout.

iam.logout_failed

identity

Failed logout. When a user or a user account can be identified, the information is added to the event.

iam.apikey_disabled

identity

A request made by using a disabled API key.

iam.apikey_expired

identity

A request made by using an expired API key.

iam.denied_groups_claim

identity

An indication that the signed-in user has a restricted JSON web token group claim.

iam.empty_groups_claim

identity

An indication that the signed-in user has an empty JSON web token group claim.

...

  • Domain: The name of the domain from which the security event was generated.

  • Message: The nature of the event. For example, successful login is displayed for a successful login via an identity or sso-identify app source. For a nignix app source, detailed information is displayed, such as the source IP, the API request type, and the HTTP status for the event.

Downloading

...

Security Logs in CSV Format

On the Security Logs page, click Download. This will download a file formatted as security-log-the timestamp in UTC format.csv, such as security-log-10-10-2022, 10-30-59 PM UTC.csv.

...