Login
    Contents x
    Activities
    • 20 Aug 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Activities

    • Updated on 20 Aug 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    The Activities page provides insight into users in SaaS application usage by both individual users as well as entities. This allows you to detect any unusual or suspicious behaviors; reducing risk and maintaining strong security for your organization.

    Examples of unusual and potentially threatening behavior that you can detect and review with the Activities module might include:

    Creation of suspicious SSO admin accounts - If a new admin user is created in an SSO application and that admin logs into an app shortly after it's created, Axonius flags that account as 'suspicious.'

    Addition of Admin permissions - Axonius can create alerts when Admin permissions are added to user accounts in a SaaS application.

    Click the Assets icon Asset_Icon1 and from the left-pane, select Activities.

    ActivitiesScreen

    The Activities page opens displaying the default view. Not all of the fields are displayed by default. Use Edit Columns to add or remove columns. Each user can customize what fields appear in their own, personalized default view. For more information, see Setting Page Columns Displays.

    Click the arrow next to any of the fields to see more details about that field.

    Activities Fields

    There are many fields that you can view and query on the Activities page. These fields include:

    1. Location fields - Fields that show data related to the location where the activity occurred.
    2. Actor State fields - Fields that describe the actor who performed the recorded activity.
    3. Adapter Connections - The SaaS applications that the activity occurred on.
    4. Custom Properties - Shows event attributes such as "Failed" "Important" and others.
    5. Action Type - Indicate if events' actions were performed by a user or a system (SaaS application).

    Creating Queries on Activities

    The Query Wizard on the Activities page allows you to create a unique set of queries. You can query fields such as timestamp, location, affected user, type, and more. Use these queries to find out which events exist with asset context in your environment or how many events meet certain defined criteria. Refer to Creating Queries with the Queries Wizard to learn more about creating queries.

    For example, you can use a query to locate all admin assignments in the past seven days.

    After running the query, the table shows the queried applications, filtered by the criteria you defined in your query.

    Adding Custom Data to an Activity

    You can add custom fields to one or more activity at the same time. You can use this to add your own notes or other data specific to your organization.

    Select one or more applications and from the Actions menu choose Add Custom Fields.

    Refer to Working with Custom Data to learn about adding custom fields.

    Add Tags to an Activity

    Use tags to assign context to your activities for granular filters and queries. Apply new or existing tags to the selected applications. The list of selected tags is applied to all selected applications.

    Refer to Working with Tags to learn about adding tags to activities.

    View an Event Profile

    You can click on an individual asset in Activities to see all its relevant data. For more information, see Asset Profile Page.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout