Security Violation Monitoring

To monitor security violations, use the Security Violation Monitoring section on the navigation panel.

NOTE. When roles of information security administrator and application administrator are separated, the Security Violation Monitoring section is available only for information security administrator.

As a result of the lack of access permissions, the current attempts to violate the system security are recorded: failed login attempts and actions on the objects.

NOTE. In the desktop application, security violations are registered only if the Security Violation Monitoring section is opened. When the security manager is closed, security violation records are not saved.

The following parameters are displayed for each security violation:

Workstation. Name of the workstation, from which the violation has been made.
OS user. Name of the user who tried to breach security.
Platform user. User name.
Object. Name of the repository object involved (the box is empty if violation occurred during login).
Identifier. Identifier of the repository object involved (the box is empty if violation occurred during login).
Operation. The operation that led to security violation.
Time. The time of security violation.
NOTE. It displays additional information regarding the violation.

The following can be additionally displayed in the web application:

Result. Operation execution result.
IP address. Workstation IP address.

To refresh records in the web application, select the time period in the the drop-down menu of the Refresh button on the toolbar:

Do not use.
Each 5 seconds.
Each 30 seconds.
Each minute.
Each 5 minutes.
Specify period. Clicking the button opens the Autorefresh Period dialog box:

Set custom refresh period in seconds, minutes or hours.

After executing the operations, monitoring of security violations will be refreshed according to the specified time period.

To set up table display, filtering, and sorting:

In the web application set sorting by clicking a column header.
In the desktop application:

Use table display setup.
Use table filtering and sorting.

To view all the information about the selected event, use the Event Information window.

To enable or disable window display:

In the web application select or deselect the Event Information checkbox in the context menu of security violation monitoring.
In the desktop application:

Select or deselect the View > Event Information main menu checkbox.
Select or deselect the Event Information checkbox in the context menu of security violation monitoring.

After executing the operations the event information is enabled or disabled. By default, the window is located at the bottom of the security manager window.

To search for security violation records:

In the web application:

Click the Search button on the toolbar.
Set up search options in the Search dialog box.
Click the OK button.

In the desktop application use list display options.

After executing the operations the searched record is found, if search parameters match the found object.