Auditlog

Introduction

The Auditlog shows recent administrator activity.

Similar to the Summary page, the information available in the auditlog changes depending on the product view selected.

Product views

  • Endpoint Privilege Management
  • Secure Remote Access

The menu selection Endpoint Privilege Management  shows the product view for managing local admin rights on your endpoint clients.


Header

The "Header" is available from every page in the portal. It contains company logos, Product  and User Account  drop-down menus and the portal main menu.

  1. Logos:

    Shows the Admin By Request logo and your organization's logo if configured.

    To configure a logo in the portal, go to Endpoint Privilege Management > Settings > Windows Settings > Endpoint > BRANDING.

    Refer to Branding tab for more information.

  2. Product drop-down:

    Lists products for selection:

    • Endpoint Privilege Management

    • Secure Remote Access

    • Mix Products

    Choosing a product adjusts the options available under other menus. The Mix Products  selection combines both Endpoint Privilege Management and Secure Remote Access so that all menu options are available.

  3. User Account drop-down:

    Shows the name of the organization and name + email of the logged-in user. Also provides Change password and Sign out links.

  4. Main menu:

    To find out more about each main menu option in the portal, click its corresponding link below.

    Summary   Auditlog   Requests   Inventory   Reports   Settings   Download   Logins  Docs   Support


Tabs

The auditlog provides tabs for examining the following entries:

  • RUN AS ADMIN - workstation

  • ADMIN SESSIONS - workstation

  • SERVERS - all events

For any tab, in the table displayed, right-click column headings for sort, search, group and filter options.

For an entry in the table, click the name of the endpoint (Computer column) to go to its Inventory  record and use the > (expand) symbol at left to drill-down into an entry for further analysis.

This example shows what is recorded in the auditlog for application Local Users and Groups when run by user Administrator  under RUN AS ADMIN:

Note the following:

  1. Activity shows the number of installs / uninstalls / elevated processes (0/0/1 in this example). If a number is red, an alert was generated and is available in the Alerts log (Reports > Endpoint Reports > Events > ALERTS).

  2. Indicates the settings that were applied (Global Settings in this example). If sub-settings were applied, the name of the sub-setting is given here.

  3. Shows the current "popularity scores" for AI approvals (10 for application and 100 for vendor in this example). In the portal, go to Endpoint Privilege Management > Settings > Windows Settings > App Control > AI APPROVAL to adjust app and vendor auto-approval scores.

  4. Use the links here to pre-approve or block this application (applies to RUN AS ADMIN only). In the portal, go to Endpoint Privilege Management > Settings > Windows Settings > App Control > PRE-APPROVE / BLOCK to pre-approve or block apps.

  5. This table provides the file name and vendor of the application. Use this information when pre-approving or blocking by file or vendor.


Legend

The right-most column in the auditlog table (no column heading) shows an icon indicating the type of each endpoint. The legend below the table matches icons with platform names.

Users listed in red in column User are administrators.


Buttons

Search

Use this button to search the auditlog. Right-click the table column headings and select any combination of the options available for further group, search and filter options.

Aggregated View

Produces a report showing which applications are elevated the most.

The page that opens is the same as that opened via portal menu Reports > User Reports > Elevated Applications.

Export buttons

Four export buttons are also provided:

  • Export to PDF

  • Export to XLSX

  • Export to CSV (;)

  • Export to CSV (,)


The menu selection Secure Remote Access  shows the product view for managing your endpoints that can be remotely accessed.


Header

The "Header" is available from every page in the portal. It contains company logos, Product  and User Account  drop-down menus and the portal main menu.

  1. Logos:

    Shows the Admin By Request logo and your organization's logo if configured.

    To configure a logo in the portal, go to Endpoint Privilege Management > Settings > Windows Settings > Endpoint > BRANDING.

    Refer to Branding tab for more information.

  2. Product drop-down:

    Lists products for selection:

    • Endpoint Privilege Management

    • Secure Remote Access

    • Mix Products

    Choosing a product adjusts the options available under other menus. The Mix Products  selection combines both Endpoint Privilege Management and Secure Remote Access so that all menu options are available.

  3. User Account drop-down:

    Shows the name of the organization and name + email of the logged-in user. Also provides Change password and Sign out links.

  4. Main menu:

    To find out more about each main menu option in the portal, click its corresponding link below.

    Summary   Auditlog   Requests   Inventory   Reports   Settings   Download   Logins  Docs   Support


Tabs

The auditlog provides tabs for examining the following entries:

  • UNATTENDED ACCESS

  • REMOTE SUPPORT

For any tab, in the table displayed, right-click column headings for sort, search, group and filter options.

For an entry in the table, click the name of the endpoint (Computer column) to show auditlog entries for only that endpoint.


Legend

The time a remote connection occurred is shown in the Time column and can be displayed in either local time for the portal user (i.e. you) or server time. Click Your Time < > Server Time to toggle from one to the other.


Buttons

Search

Use this button to search the auditlog for Unattended Access entries. For Remote Support entries, right-click the table column headings and select Search Panel to display the search text entry panel.

Export buttons

Four export buttons are also provided:

  • Export to PDF

  • Export to XLSX

  • Export to CSV (;)

  • Export to CSV (,)