View Source

Introduction

The purpose of the "Authentication Activity" report template is to allow the administrator to create reports that are based upon authentication activity events recorded in the audit logs.

The report can be found by navigating to "Administration | Reports", then scrolling down to the report "Authentication Activity";

DualShield MFA Platform > Report of Authentication Activity > image2023-9-14_11-17-28.png

Creating a report using the "Authentication Activity" template

To create a report based on user authentication events detected in the audit logs, you will need to use the context menu option "Create" from the report template "Authentication Activity" (highlighted template above).

Using the "Condition Builder" tool to filter reported records

If no conditions are specified, then the report will list details of all authentication activity, but additional conditions can be added that filter which records are included in the report.

Condition filters are added using the "Condition Builder" tool that is used to construct the Query Statement and is employed using the icon.

Filters may be applied based on any of the following fields;

Report Scheduling

Whilst the report can be run manually from the management console, it is possible you might want to schedule the report to run a specific times automatically.

This can be achieved by use the report scheduling option;

Configuring Report Output

The default layout and contents of the report can be customised using the button.

The purpose of the configuration feature is to specify which of the available field are to be listed in the report columns.

In the following table the items listed as included are listed in the report columns, whilst the optional items are not included in the report;

Included	Optional
Domain	ID
Login Name	Agent
Event Code	Applications
Error Code	Unit
Timestamp	First Name
	Last Name
	Description

Running and Exporting the Report

The newly created report will now be listed in the "Reports" tab (listed under the name that you gave your report, and should be at the end of the list).

Example Report

In the following example we will create a report that will search the audit logs for authentication activity for all users in the domain "spt.deepnetid.com".

We start by naming our report and providing a suitable description, then we click on the icon in order to build our query statement;.

DualShield MFA Platform > Report of Authentication Activity > image2023-9-14_10-49-20.png

A new window now opens titled "Condition Builder";

DualShield MFA Platform > Report of Authentication Activity > image2023-9-14_10-55-54.png

For this report we want to search the audit logs for all authentication activity within our example domain "spt.deepnetid.com";

DualShield MFA Platform > Report of Authentication Activity > image2023-9-14_11-41-23.png

For this simple report we don't need any additional conditions so we click to build the condition, and the Query Statement parameter is updated;

DualShield MFA Platform > Report of Authentication Activity > image2023-9-14_10-52-57.png

After the report has been saved and run, we will find that the exported report shows authentication activity for the selected domain;

DualShield MFA Platform > Report of Authentication Activity > image2023-9-14_11-1-31.png