This document provides information about the Re-authentication logs report screen, which allows the administrator to view a report of all identity verification events triggered in Segura.
Requirements
Path to access
- On Segura, in the navigation bar, hover over the Products menu and select User Behavior.
- In the side menu, select Behavior analysis > Re-authentication logs.
Actions menu
| Item |
Type |
Description |
| Actions |
Dropdown menu |
Displays the options Print report, Export CSV, and Schedule report. |
Search fields
| Item |
Type |
Description |
| ID |
Text field |
Filters re-authentication events by their unique identification code. |
| Trigger |
Dropdown menu |
Filters re-authentication events by the trigger that initiated them. The options are: View attempts at prohibited, Blocked commands, Session attempts at prohibited, High risk sessions, Rating drop, and Token TOTP. Clear the field to enable the All option. Note: events marked as TOTP Token are related to TOTP Token requests during login. |
| User |
Text field |
Filters re-authentication events by the user who re-authenticated. |
| Date |
Date picker |
Filters re-authentication events by the period in which they occurred. |
| Status |
Dropdown menu |
Filters re-authentication events by their status. Available options are Success and Failure. Clear the field to enable the All option. |
Report fields
- ID.
- Trigger.
- User.
- Date.
- Status.
- Actions:
- Details: opens the Re-authentication details screen that displays a report of the selected re-authentication event.
Info
By default, the report displays 30 records per screen. To go to the next screen, click the forward buttons at the end of the report.
Re-authentication details screen
This section provides information about the details screen that displays a report of the selected re-authentication event.
| Item |
Description |
| Username |
Displays the Segura username associated with the re-authentication. |
| Status |
Displays the status of the re-authentication. |
| Trigger |
Displays the trigger that initiated the re-authentication. |
| Verification date |
Displays the date and time when the re-authentication was triggered. |
| Authentication method |
Displays the method used for re-authentication. |
| Browser |
Displays the browser used at the time of re-authentication. |
| IP |
Displays the IP address of the device where the re-authentication occurred. |
| Locale |
Displays the geographic location of the device. |
Details section
This section of the screen will only contain records if the re-authentication status is Success. The fields displayed in this section will vary depending on the type of trigger that occurred.
Trigger: Rating drop
| Item |
Description |
| Suspicious Events |
Event that caused the rating drop. |
| Date |
Date and time of the event. |
| Rating variation |
Score lost by the user due to the event. |
| Action |
Shortcuts to the Details and Session video screens. |
Trigger: High-Risk Sessions
| Item |
Description |
| Credential |
Credential used during the session. |
| Device |
Device used during the session. |
| Protocol |
Protocol executed during the session. |
| Proxy |
Type of proxy session. |
| Session ID |
Unique session identification code. |
| Start |
Session start time. |
| End |
Session end time. |
| Duration |
Duration of the session. |
| Action |
Shortcuts to the Session video, Session logs, Configure auditors, and Session text screens. |
Trigger: Blocked commands
| Item |
Description |
| Command |
Command executed during the session. |
| Criticality |
Session criticality. |
| Action during session |
Action performed during the session. |
| Session type |
Type of session. |
| Credential |
Credential used during the session. |
| Device |
Device used during the session. |
| Session ID |
Unique session identification code. |
| Start |
Session start time. |
| End |
Session end time. |
| Duration |
Duration of the session. |
| Action |
Shortcuts to the Session Video, Edit command, Session logs, Configure auditors, and Session text log screens. |
Trigger: Session attempts at prohibited times and View attempts at prohibited times
| Item |
Description |
| Credential |
Credential used during the access attempt. |
| Device |
Device used during the access attempt. |
| Day of the Week |
Day of the week when the access attempt occurred. |
| Attempt Date |
Date of the access attempt. |
| Time |
Time of the access attempt. |