Security Logging

In addition to other logging options, Atfinity logs security relevant actions in a special way to make it easy to detect suspicious activity. Security logging happens via the default logging mechanism.

Logging Format

A typical entry in the log for a security relevant user actions looks like this:

2021-03-16 14:34:31,581 [USER_ACTION] - ACTION update_phone_number USER thorben@atfinity.ch IP 165.5.3.18 PARAMS <QueryDict: {}> DATA {'phone_number': '+41786167706', 'tenant': 1} PATH /api/1/admin/users/26

As you can see, the date and time (2021-03-16 14:34:31,581), the action (update_phone_number), the performing user (thorben@atfinity.ch), the client IP (165.5.3.18) the query params (if any) the data of the change (so here the new phone number) and the local path are logged. With this information, it's possible to trace back exactly which action happened and what data has been manipulated.

If the request contains sensitive information like a password, this information is displayed with stars, e.g. ********

Logged Actions

At least these security relevant actions are logged:

KeyDescriptionSince version

Login

login_password_change_required

The user that made a login requests needs a password change.

login_success

Successful login.

login_with_password_change

Successful login after the user changed the password.

Login Errors

error_login_without_sso_but_sso_required

The user that made the login request tried to login with SSO, but is only cleared for login via SSO.

error_login_of_locked_user

The user that made the login request is locked.

error_login_invalid_2fa_code

The user provided an invalid 2FA code.

error_login_inactive_account

The given username exists, but the user is marked as inactive.

error_login_wrong_password

The given password doesn't match the given username.

error_login_unknown_username

The given username is unknown.

Case Manager

download_booklet

The booklet of a case was downloaded as a PDF file.

download_booklet_zip

The booklet of a case was downloaded as a zip file.

send_booklet

The booklet of a case was send via email.

download_uploaded_documents

All the uploaded files of a case were downloaded as a zip file.

unautorized_case_request

The user doesn't have access to the requested case

Integrations

get_comply_advantage_hits_for_person

A request was sent to ComplyAdvantage.

get_world_check_hits_for_person

A request was sent to WorldCheck.

send_custom_api_request

Custom API request was sent.

create_idnow_ident

A request to IDNow was sent.

send_sms

SMS was sent.

send_email

Email was sent.

external_source_search

A search request to external data source was sent.

external_source_load_values

A request to load values from external data source was sent.

Avaloq

avaloq_export_create

Avaloq xml file was created for a case.

avaloq_export_toogle_email_updates

The user has toogled the subscription to email updates about Avaloq response for a specific case.

avaloq_export_download_xml

Avaloq xml file of a case was downloaded.

avaloq_export_download_result_xml

Avaloq result xml file of a case was downloaded.

HyperArchive

hyperarchive_export_create

Case documents and sidecar files were exported to HyperArchive folder.

hyperarchive_download_rendered_files

HyperArchive sidecar files of a case were downloaded.

Admin

create_user

User was created.

create_users_via_import

Users were created while importing a user list

10.3

update_user_roles

Roles of a user were changed.

update_user_groups

Groups of a user were changed.

reset_password

Password of a user was reset.

reset_users_password_via_import

Some user passwords were reset while importing a user list

10.3

update_user_details

Details about a user were updated.

delete user

A user was deleted

10.3

delete_users_via_import

Users were deleted while importing a user list

10.3

switch_tenant

The user has switched to a different tenant.

Last updated