Activity Logs in FIM
The Activity Logs tab provides a comprehensive record of all user and system actions performed on FIM Profiles and Incidents. It helps you monitor activities and track and compare changes.
The Activity Logs ensures transparency and accountability by keeping a detailed audit trail history of events.
Key Features
- Audit Trails
Provides a chronological record of all actions and user activities related to the FIM profiles and incidents. - Event Tracking
Logs actions performed on Profiles and Incidents by a user. - Time-stamped Records
Displays the exact date and time of each action for precise tracking. - User Identification
Specifies which user performed each action. - Action Details
Provides information about the action taken, such as updates made to a profile or an incident.
Activity Logs Tab
The Activity Logs tab displays the following information:
| Details | Description |
|---|---|
| Activity Date | Displays the date and time on which the action is performed. |
| Action | Displays the action performed. |
| User | Displays the logged-in user name. |
| Target Name | Displays the name of the profile or incident on which the action is performed. |
| Target Type | Displays the target that has been modified, such as Profile or Incident. |
| Details | Displays a summary of an action. For example, if you update rules within a profile, the specific changes are summarized in one line in the Details column. |
Actions
The following Actions are displayed in the Activity Logs tab:
| Action | Description |
|---|---|
| Create | This action is logged when a new profile or Incident is created. |
| Update | This action is logged when a profile or incident is updated. For profiles or incidents created in versions older than FIM 4.4.1, the system does not have the record of the Create action. In such cases, the system creates a Baseline and Update action. |
| Baseline | This action is logged when a profile or incident created prior to FIM version 4.4.1 is updated. It includes the details of the profile before the modification. |
| Delete | This action is logged when you delete an existing profile or incident.
Deleting a profile or incident does not provide more details beyond the Delete action. |
| Failure | This action is logged when the system fails to complete certain actions successfully. For example, if you are creating a new profile using the import option and the system fails to import the profile successfully, this action is displayed as Failure in the Actions column. |
When you update your profile, such as adding or removing rules or assets, an additional update activity is generated. This activity shows the timestamps for the changes made to the profile.
Compare Log Details
You can compare two different activity logs of a profile or incident to analyze the changes made by a user. For example, by comparing the activity log of a profile before and after a user made updates, you can see what changes were made and when they occurred. This process can help you track any modifications made to a profile.
Compare Profile Log Details
To compare, follow these steps:
- Navigate to the Activity Logs tab.
- Hover over a profile log and click View Activity Logs from the Quick Actions menu.
The Activity Logs page is displayed. On this page you can view all the actions performed on the profile.
- Select any two versions and click Compare Selected Versions.
-
You can only compare two versions at a time. If more than two versions are selected, the Compare Selected Versions button becomes disabled.
-
Comparison is limited between Update, Create, and Baseline actions. The Compare Selected Versions button is disabled for Delete and Failure actions, as profile details are not available in these cases.
The comparison between the selected versions is displayed in the JSON format. The change are highlighted in different colors to easily distinguish between the original and modified values.
The value of "date" is given in Epoch time which is a machine-readable format.
Epoch time (also called Unix time) is the number of seconds (or milliseconds) that have passed since January 1, 1970, at 00:00:00 UTC. This time stamp is used in computing to represent dates and times in a consistent and machine-readable format. -
Compare Incident Log Details
- Navigate to the Activity Logs tab.
- Hover over an incident log and click View Activity Logs from the Quick Actions menu.
The Activity Logs page is displayed. On this page you can view all the actions performed on the incident.
- Select any two versions and click Compare Selected Versions.
-
You can only compare two versions at a time. If more than two versions are selected, the Compare Selected Versions button becomes disabled.
-
Comparison is limited to Update, Create, and Baseline actions. The Compare Selected Versions button is disabled for Delete and Failure actions, as incident details are not available in these cases.
The comparison between the selected versions is displayed in the JSON format. The change are highlighted in different colors to easily distinguish between the original and modified values.
The value of "date" is given in Epoch time which is a machine-readable format.
Epoch time (also called Unix time) is the number of seconds (or milliseconds) that have passed since January 1, 1970, at 00:00:00 UTC. This time stamp is used in computing to represent dates and times in a consistent and machine-readable format. -