Kaspersky Industrial CyberSecurity for Networks can save information about actions performed by users in the application. Information is saved in the audit log if user activity audit is enabled.
Only users with the Administrator role can view audit entries.
To view audit entries:
Connect to the Kaspersky Industrial CyberSecurity for Networks Server through a web browser using the account credentials of a user with the Administrator role.
Select the Settings section and go to the Audit tab.
The table will display the audit entries that match the defined filter and search settings.
The columns of the audit entries table contain the following information:
Date and time – date and time when the user activity data was registered.
Action – registered action performed by the user.
Result – result of the registered action (successful or unsuccessful).
User – name of the user that performed the registered action.
Node – IP address of the node on which the registered action was performed.
Description – additional information about the registered action.
When viewing the audit entries table, you can use the following functions:
To configure the list of columns displayed in the table:
On the Audit tab in the Settings section, click the Customize table button.
A window opens for configuring the display of the audit entries table.
Select the check boxes opposite the settings that you want to view in the table. You must select at least one setting.
If you want to change the order in which columns are displayed, select the name of the column that needs to be moved to the left or right in the table and use the buttons containing an image of the up or down arrows.
The selected columns will be displayed in the audit entries table in the order you specified.
When filtering by a defined period, the table will no longer be updated. The table displays only the entries that were registered during the specified period.
To configure filtering of audit entries based on a specified period:
On the Audit tab in the Settings section, perform one of the following actions:
Open the Period drop-down list in the toolbar.
Click the filtering icon in the Date and time column.
In the drop-down list, select Specify a period.
If table updates are enabled, in the opened window confirm that you agree to suspend table updates.
On the right of the Period drop-down list in the toolbar, you will see additional buttons that you can use to manually define the filtering period.
Click any of the buttons containing a date and time value in the From and to fields.
The calendar opens.
In the field under the calendar on the left, specify the date and time for the start boundary of the filtering period. In the field under the calendar on the right, specify the date and time for the end boundary of the filtering period. If you want to remove the limit for the end boundary of the period, delete the value in the field under the calendar on the right.
To enter a value in the field, you can select a date in the calendar (the current time will be indicated) or manually enter the necessary value in the format DD-MM-YYYY hh:mm:ss.
Click OK.
The table will display audit entries for the period you specified.
You can filter the audit entries table based on the values in all columns except the Description column.
When filtering by the Date and time column, you can use one of the standard periods or define a specific period.
To filter the audit entries table by the Action or Result column:
On the Audit tab, in the Settings section, click the filtering icon in the relevant column.
When filtering by the results of actions, you can also use the corresponding buttons in the toolbar.
The filtering window opens.
Select the check boxes opposite the values by which you want to filter events.
Click OK.
To filter the audit entries table by the User or Node column:
On the Audit tab, in the Settings section, click the filtering icon in the relevant column.
The filtering window opens.
In the Including and Excluding fields, enter the values for audit entries that you want to include into the filter and/or exclude from the filter.
If you want to apply multiple filter conditions combined by the logical operator OR, in the filter window of the column click the Add condition button and enter the condition in the opened field.
If you want to delete one of the created filter conditions, in the filter window of the column click the icon.
To reset the defined filter and search settings in the audit entries table:
On the Audit tab in the Settings section, click the Clear filter button in the toolbar (this button is displayed if search or filter settings are defined).
On the Audit tab in the Settings section, click the header of the column by which you want to sort.
You can filter the audit entries table based on the values of any column except the Description column.
If you need to sort the table based on multiple columns, press the SHIFT key and hold it down while clicking the headers of the columns by which you want to sort.
The table will be sorted by the selected column. When sorting by multiple columns, the rows of the table are sorted according to the sequence of column selection. Next to the headers of columns used for sorting, you will see icons displaying the current sorting order: in ascending order or descending order of values.