Security Logging
In addition to other logging options, Atfinity logs security relevant actions in a special way to make it easy to detect suspicious activity. Security logging happens via the default logging mechanism.
Logging Format
A typical entry in the log for a security relevant user actions looks like this:
2021-03-16 14:34:31,581 [USER_ACTION] - ACTION update_phone_number USER thorben@atfinity.ch IP 165.5.3.18 PARAMS <QueryDict: {}> DATA {'phone_number': '+41786167706', 'tenant': 1} PATH /api/1/admin/users/26
As you can see, the date and time (2021-03-16 14:34:31,581), the action (update_phone_number), the performing user (thorben@atfinity.ch), the client IP (165.5.3.18) the query params (if any) the data of the change (so here the new phone number) and the local path are logged. With this information, it's possible to trace back exactly which action happened and what data has been manipulated.
If the request contains sensitive information like a password, this information is displayed with stars, e.g. ********
Logged Actions
At least these security relevant actions are logged:
Login
login_password_change_required
The user that made a login requests needs a password change.
login_success
Successful login.
login_with_password_change
Successful login after the user changed the password.
Login Errors
error_login_without_sso_but_sso_required
The user that made the login request tried to login with SSO, but is only cleared for login via SSO.
error_login_of_locked_user
The user that made the login request is locked.
error_login_invalid_2fa_code
The user provided an invalid 2FA code.
error_login_inactive_account
The given username exists, but the user is marked as inactive.
error_login_wrong_password
The given password doesn't match the given username.
error_login_unknown_username
The given username is unknown.
Case Manager
download_booklet
The booklet of a case was downloaded as a PDF file.
download_booklet_zip
The booklet of a case was downloaded as a zip file.
send_booklet
The booklet of a case was send via email.
download_uploaded_documents
All the uploaded files of a case were downloaded as a zip file.
unautorized_case_request
The user doesn't have access to the requested case
Integrations
get_comply_advantage_hits_for_person
A request was sent to ComplyAdvantage.
get_world_check_hits_for_person
A request was sent to WorldCheck.
send_custom_api_request
Custom API request was sent.
create_idnow_ident
A request to IDNow was sent.
send_sms
SMS was sent.
send_email
Email was sent.
external_source_search
A search request to external data source was sent.
external_source_load_values
A request to load values from external data source was sent.
Avaloq
avaloq_export_create
Avaloq xml file was created for a case.
avaloq_export_toogle_email_updates
The user has toogled the subscription to email updates about Avaloq response for a specific case.
avaloq_export_download_xml
Avaloq xml file of a case was downloaded.
avaloq_export_download_result_xml
Avaloq result xml file of a case was downloaded.
HyperArchive
hyperarchive_export_create
Case documents and sidecar files were exported to HyperArchive folder.
hyperarchive_download_rendered_files
HyperArchive sidecar files of a case were downloaded.
Admin
create_user
User was created.
create_users_via_import
Users were created while importing a user list
10.3
update_user_roles
Roles of a user were changed.
update_user_groups
Groups of a user were changed.
reset_password
Password of a user was reset.
reset_users_password_via_import
Some user passwords were reset while importing a user list
10.3
update_user_details
Details about a user were updated.
delete user
A user was deleted
10.3
delete_users_via_import
Users were deleted while importing a user list
10.3
switch_tenant
The user has switched to a different tenant.
Last updated