User Guide: Admin Tab
Audit Logs
Overview
The Audit Logs subtab within Admin provides a record of BlueFletch Portal events, allowing an administrator to review and search for changes made to the the organization's Portal instance and profile.
View Audit Logs
The administrator is able to view the the timestamp of the action, the logged-in user who initiated the action, the kind of action performed, the section of the BlueFletch Portal the action occurred in, and additional information as relevant to certain logs.
Audit Logs defaults to showing all the logs for the filtered timeframe, or the most recent 100 logs. Pressing the Show More button at the bottom of the list will expand the list by 100 logs each time it is pressed if there are more logs to show within the filtered timeframe.
Some logs will have details of the changes that were made. These can be seen by selecting the expand function on that line item.
Events that are logged are labeled as actions. Below are the actions that are currently available in the BlueFletch Portal:
| Action | Definition |
|---|---|
| create | A user has created a new instance of a BlueFletch Portal item. |
| delete | A user has deleted a previously created instance of a BlueFletch Portal item. |
| update | A user has edited a previously created instance of a BlueFletch Portal item. |
| login | A user has logged into the BlueFletch Portal. |
| ssoLogin | A user has logged in using their preferred Single Sign-On method. |
| changePassword | A user has changed his/her own password. |
| activationRequest | A user has sent an activation requests to a new, or previously created user. |
| passwordReset | An administrator has reset someone's password. |
| TermsOfService | A user has acknowledged the Terms of Service. |
| LockedOut | A user has been locked out of his or her account. |
| Subscribed | A user has subscribed to a report. |
| Unsubscribed | A user has unsubscribed from a report. |
| FailedLogin | A user attempted to login but entered an incorrect password. |
Every action occurs in the context of a section, or table. The actions "create", "update", and "delete" occur in multiple sections. Below are the sections that are currently available in the BlueFletch Portal:
| Section | Definition |
|---|---|
| Configurations | The action applies to the organization's settings (occurs in conjuction with Organizations). |
| DeploymentGroups | The action applies to a deployment group. |
| Devices | The action applies to an MDM device. |
| EmmDevices | The action applies to an EMM device. |
| EmmEnrollmentTokens | The action applies to an enrollment token for an EMM Console policy. |
| EmmPolicies | The action applies to an EMM Console policy. |
| FileArtifactLocations | The action applies to a cloud-hosted file. |
| FileArtifactMeta | The action applies to the service for managing cloud-hosted files. |
| LauncherConfigurations | The action applies to a launcher configuration file. |
| LoginAttempts | The action applies to attempts by a user to login to the BlueFletch Portal. |
| Organizations | The action applies to the organization's settings (occurs in conjuction with Configurations). |
| Playbooks | The action applies to a playbook. |
| Plays | The action applies to a play. |
| Roles | The action applies to a role. |
| Reports | The action applies to a report. |
| ReportSubscription | The action applies to the subscription or unsubscription of user to a report. |
| SitesMeta | The action applies to managing the site list files for the organization's dashboards (often in conjunction with SitesView). |
| SitesViews | The action applies to managing the site list files for the organization's dashboards (often in conjunction with SitesMeta). |
| SSOConfigs | The action applies to an SSO configuration. |
| Users | The action applies to a user. |
Filter Audit Logs
Audit Logs can be filtered to show a specific date/time range of logs, or logs relevant to specific users, actions, sections, or any combination thereof.
The default Date/Time filter is 24 hours. Three predefined filters can be selected: Past 30 Days, Past 7 Days, and Past 24 Hours. A custom filter can also be created where the administrator can select a date range from a calendar, a Start Time for the earlier date, and an End Time for the later date.
To use the other filters, expand the dropdown for the Users, Actions, or Sections filter and select specific items. Chips will display above the filter selectors to indicate what criteria is being filtered for in the query. These chips can be individually removed with their respective "X" buttons.
Pressing Apply Filters applies the filters to the log queries, expanding or contracting the results accordingly.
Filtering for combinations that do not exist will display a message in the results section informing the user that no logs could be found matched the criteria that was filtered.
Pressing Clear All removes all Users, Actions, and Sections filters and returns the Date/Time range to the default filter of 24 hours.