Basic overview

The following page explains the different events that are logged when using the 'Security audit log'.

A 'Security audit log' can be used to track relevant activities performed in Valsight. 

The relevant files to activate the security audit log are located in the Valsight settings (navigation bar)  → Metric and Logs → Download 'Valsight Security Audit Log Files (ZIP)'.

What is logged?

Each event has the following aspects that are logged via the security audit log:

Header

Description

Time

When the event occurred

User

The logged in user who caused the event

Object type

On what object type has the vent occurred (Group. User, Project, Model, ...)

Object key

The exact object on which the event occurred

Project

The exact project in which the event occurred

Action type

Which event occurred

Action parameter1

Additional info if all other headers aren't enough

Action parameter2

Additional info if all other headers aren't enough

Action parameter3

Additional info if all other headers aren't enough


Precise details about newly logged objects and what we log on them:

Domain Object

Action Type

Detail

Dimension

Created



Deleted



Property change

everything except description

Level

Created



Deleted



Property change

everything

Model

Property change

modelConfig

Node

Property change

everything except description and displayConfig

SimulationWorkspace

Property change

simulationConfig

SimulationRun

Property change

name, baseline, parentSimulationRun

DataParameter

Deleted

except when deleted by deleting a workspace, model or project


Property change

everything except description

AssumptionGroup

Property change

ame

Not logged

  • sheet/chart changes in workspace

  • Project space create/delete

  • workspace create/delete

  • description change on nodes, parameter

  • user/group properties: e-mail address, full name, ...

  • model to submodel link and unlink

  • baselines

  • DSL upload, model + workspace

  • failed SAML logons (when user does not exist and is not created)

  • XLS export (assumptions, charts)

Logged events

Add+Create/Remove+Delete/Change

Event

Action type

Action Parameter1

Action Parameter2

Action Parameter3

Added in Version

Adding permissions

Added permission

For which user/group is the permission added

/

/

SINCE BEGINNING

Adding a role to the user or group

Added role

name of the role

/

/

SINCE BEGINNING

Adding an user to a group

Added user to group

user

/

/

SINCE BEGINNING

Creating an user or group

Created

'preAuth', 'SAML', 'openIdConnect' or no parameter

/

/

SINCE BEGINNING

Create project variables

Created default variables for project

variable name

variable value

/

3.4.0

Update project variables

Update default variables for project

variable name

variable value

/

3.4.0







Removing permissions

Removed permission

For which user/group is the permission removed

/

/

SINCE BEGINNING

Removing a role from the user or group

Removed role

name of the role

/

/

SINCE BEGINNING

Removing user from the group

Removed user from the group

user

/

/

SINCE BEGINNING

Deleting an user or group

Deleted

/

/

/

SINCE BEGINNING

Node deletion

Deleted

names of the node, its model and project

/

/

4.0.0







Changing the project or application setting

Changed setting

A detailed description on which setting was changed, what was the previous value and what is the new value

/

/

SINCE BEGINNING

Changing password of the user

Password changed

/

/

/

SINCE BEGINNING

Changed data access permissions on a dimension or level (value)

Data permissions

/

/

/

3.1.0

Moving a node

Node changed models

old model

new model

/

4.0.0







A line item was selected or unselected from a scenario

Line item selection

'selected' or 'unselected'

parameter's key

/

3.1.0

User enabled or disabled

Property change

'enabled'

old value

new value

3.7.0

Actions by users 

Event

Action type

Action Parameter1

Action Parameter2

Action Parameter3

Added in Version

User creates, deletes or reverts a version

Versioning action

'versioned', 'shared', 'unshared', 'deleted version' or 'reverted'

optional: the created version or version you are reverting from

optional: workflow's key if it was a submission

3.1.0

User links or unlinks levels

Object linking

'extended' or 'extension removed'

the key of the level that we extending by or removing extension to

/

3.1.0

User removes a value from a level

Property change

'levelValueRemove'

the value


3.1.0

User changes a value of a level

Property change

'levelValueChange'

the value


3.1.0

User change a parent value of a value

Property change

'levelValueParentChange'

the value

<old_parent> → <new_parent>

3.1.0

User renames an object

Property change

'name'

old name

new name

3.1.0

User changes a property on an object

Property change

name of the property

new value


3.1.0

User moves a line item from one group to another

Property change

'movedFromGroup' or 'movedToGroup'

the group


3.1.0

User does an action on a debug page

Special admin action

action name

HTTP method used


3.1.0

User logged in

User logged in

'preAuth', 'SAML', ' openIdConnect' or no parameter

/

/

SINCE BEGINNING

User failed to login

Failed login

User that failed to login

empty or ''credentials OK - user blocked' or 'credentials OK - IP blocked'

/

SINCE BEGINNING

User uploads a file that may change a DS or dimension table

File upload

/

/

/

3.1.0

User downloaded log files

Log download

'server.log' or 'securityAudit.csv'

/

/

3.1.0

User was denied access to modify data

Data permissions write denied

Level value

Data permission class name

/

3.8.8

User performed an action that caused time dimension data to be regenerated

Time dimension change

[<start_date>...<end_date>]...Q<year_start_quarter>

/

/

3.1.0

User saved or discarded the workspace

Workspace save action

'save', 'discard', 'saveAs'

/

/

3.1.0

User changed data of a line item

Line item data change

/

/

/

3.1.0

User created new API key

API key created

/



3.6.0

Block events

Event

Action type

Action Parameter1

Action Parameter2

Action Parameter3

Added in Version

User blocked, due to too many unsuccessful consecutive logins

User blocked

'unsuccessful logins'

/

/

SINCE BEGINNING

Blocked user manually unblocked

User unblocked

'on boot' or no parameter

/

/

SINCE BEGINNING

Blocking IPs due to too many unsuccessful consecutive logins from the same IP

IP blocked

The blocked IP

/

/

SINCE BEGINNING

Others

Event

Action type

Action Parameter1

Action Parameter2

Action Parameter3

Added in Version

host header poisoning - The supplied host header is not included in the allowlist

Bad Host Header

Actual host header

/

/

3.3.0

Jdbc / Odata table import

External Datasource import

imported tables names

/

/

4.0.0

Information on the Storage of Log Data

If you want to find out more about the storage of log data and possible configuration settings, please refer to https://valsight-documentation.atlassian.net/l/c/vKbXg3FF


Contact

You may contact the Valsight Customer Support via:

+49 30 46799042

support@valsight.com

Availability: Mon-Fri *, 9 AM to 5 PM (Berlin, Germany) .

*Except Public holidays in Berlin, Germany.