Security audit log
Basic overview
The following page explains the different events that are logged when using the 'Security audit log'.
A 'Security audit log' can be used to track relevant activities performed in Valsight.
The relevant files to activate the security audit log are located in the Valsight settings (navigation bar) → Metric and Logs → Download 'Valsight Security Audit Log Files (ZIP)'.
What is logged?
Each event has the following aspects that are logged via the security audit log:
Header | Description |
|---|---|
Time | When the event occurred |
User | The logged in user who caused the event |
Object type | On what object type has the vent occurred (Group. User, Project, Model, ...) |
Object key | The exact object on which the event occurred |
Project | The exact project in which the event occurred |
Action type | Which event occurred |
Action parameter1 | Additional info if all other headers aren't enough |
Action parameter2 | Additional info if all other headers aren't enough |
Action parameter3 | Additional info if all other headers aren't enough |
Precise details about newly logged objects and what we log on them:
Domain Object | Action Type | Detail |
|---|---|---|
Dimension | Created | |
Deleted | ||
Property change | everything except description | |
Level | Created | |
Deleted | ||
Property change | everything | |
Model | Property change | modelConfig |
Node | Property change | everything except description and displayConfig |
SimulationWorkspace | Property change | simulationConfig |
SimulationRun | Property change | name, baseline, parentSimulationRun |
DataParameter | Deleted | except when deleted by deleting a workspace, model or project |
Property change | everything except description | |
AssumptionGroup | Property change | ame |
Not logged
sheet/chart changes in workspace
Project space create/delete
workspace create/delete
description change on nodes, parameter
user/group properties: e-mail address, full name, ...
model to submodel link and unlink
baselines
DSL upload, model + workspace
failed SAML logons (when user does not exist and is not created)
XLS export (assumptions, charts)
Logged events
Add+Create/Remove+Delete/Change
Event | Action type | Action Parameter1 | Action Parameter2 | Action Parameter3 | Added in Version |
|---|---|---|---|---|---|
Adding permissions | Added permission | For which user/group is the permission added | / | / | SINCE BEGINNING |
Adding a role to the user or group | Added role | name of the role | / | / | SINCE BEGINNING |
Adding an user to a group | Added user to group | user | / | / | SINCE BEGINNING |
Creating an user or group | Created | 'preAuth', 'SAML', 'openIdConnect' or no parameter | / | / | SINCE BEGINNING |
Create project variables | Created default variables for project | variable name | variable value | / | 3.4.0 |
Update project variables | Update default variables for project | variable name | variable value | / | 3.4.0 |
Removing permissions | Removed permission | For which user/group is the permission removed | / | / | SINCE BEGINNING |
Removing a role from the user or group | Removed role | name of the role | / | / | SINCE BEGINNING |
Removing user from the group | Removed user from the group | user | / | / | SINCE BEGINNING |
Deleting an user or group | Deleted | / | / | / | SINCE BEGINNING |
Node deletion | Deleted | names of the node, its model and project | / | / | 4.0.0 |
Changing the project or application setting | Changed setting | A detailed description on which setting was changed, what was the previous value and what is the new value | / | / | SINCE BEGINNING |
Changing password of the user | Password changed | / | / | / | SINCE BEGINNING |
Changed data access permissions on a dimension or level (value) | Data permissions | / | / | / | 3.1.0 |
Moving a node | Node changed models | old model | new model | / | 4.0.0 |
A line item was selected or unselected from a scenario | Line item selection | 'selected' or 'unselected' | parameter's key | / | 3.1.0 |
User enabled or disabled | Property change | 'enabled' | old value | new value | 3.7.0 |
Actions by users
Event | Action type | Action Parameter1 | Action Parameter2 | Action Parameter3 | Added in Version |
|---|---|---|---|---|---|
User creates, deletes or reverts a version | Versioning action | 'versioned', 'shared', 'unshared', 'deleted version' or 'reverted' | optional: the created version or version you are reverting from | optional: workflow's key if it was a submission | 3.1.0 |
User links or unlinks levels | Object linking | 'extended' or 'extension removed' | the key of the level that we extending by or removing extension to | / | 3.1.0 |
User removes a value from a level | Property change | 'levelValueRemove' | the value | 3.1.0 | |
User changes a value of a level | Property change | 'levelValueChange' | the value | 3.1.0 | |
User change a parent value of a value | Property change | 'levelValueParentChange' | the value | <old_parent> → <new_parent> | 3.1.0 |
User renames an object | Property change | 'name' | old name | new name | 3.1.0 |
User changes a property on an object | Property change | name of the property | new value | 3.1.0 | |
User moves a line item from one group to another | Property change | 'movedFromGroup' or 'movedToGroup' | the group | 3.1.0 | |
User does an action on a debug page | Special admin action | action name | HTTP method used | 3.1.0 | |
User logged in | User logged in | 'preAuth', 'SAML', ' openIdConnect' or no parameter | / | / | SINCE BEGINNING |
User failed to login | Failed login | User that failed to login | empty or ''credentials OK - user blocked' or 'credentials OK - IP blocked' | / | SINCE BEGINNING |
User uploads a file that may change a DS or dimension table | File upload | / | / | / | 3.1.0 |
User downloaded log files | Log download | 'server.log' or 'securityAudit.csv' | / | / | 3.1.0 |
User was denied access to modify data | Data permissions write denied | Level value | Data permission class name | / | 3.8.8 |
User performed an action that caused time dimension data to be regenerated | Time dimension change | [<start_date>...<end_date>]...Q<year_start_quarter> | / | / | 3.1.0 |
User saved or discarded the workspace | Workspace save action | 'save', 'discard', 'saveAs' | / | / | 3.1.0 |
User changed data of a line item | Line item data change | / | / | / | 3.1.0 |
User created new API key | API key created | / | 3.6.0 |
Block events
Event | Action type | Action Parameter1 | Action Parameter2 | Action Parameter3 | Added in Version |
|---|---|---|---|---|---|
User blocked, due to too many unsuccessful consecutive logins | User blocked | 'unsuccessful logins' | / | / | SINCE BEGINNING |
Blocked user manually unblocked | User unblocked | 'on boot' or no parameter | / | / | SINCE BEGINNING |
Blocking IPs due to too many unsuccessful consecutive logins from the same IP | IP blocked | The blocked IP | / | / | SINCE BEGINNING |
Others
Event | Action type | Action Parameter1 | Action Parameter2 | Action Parameter3 | Added in Version |
|---|---|---|---|---|---|
host header poisoning - The supplied host header is not included in the allowlist | Bad Host Header | Actual host header | / | / | 3.3.0 |
Jdbc / Odata table import | External Datasource import | imported tables names | / | / | 4.0.0 |
Information on the Storage of Log Data
If you want to find out more about the storage of log data and possible configuration settings, please refer to https://documentation.valsight.com/documentation/logging-configuration
Contact
You may contact the Valsight Customer Support via:
+49 30 46799042
Availability: Mon-Fri *, 9 AM to 5 PM (Berlin, Germany) .
*Except Public holidays in Berlin, Germany.