SafeConsole Audit Log Content


Columns that can be displayed:


Example of Audit:



Each Action followed by example Data:


Activation Failure

  • data Error: 

This device (K300001234) was deleted. Please contact your SafeConsole Administrator to restore this device.

Reset

  • data: 

230A1280.SERIAL

  • &&

  • reason: 

reset-remote

  • &&

  • newStatus: 

RESET

  • oldStatus: 

RESET_PENDING

  • &&

  • reason: 

reset-manual

Device Registered With Token

  • data: 

device id = 230A1016.SERIAL, activation_code = {ACTIVATION_CODE}

Device Registered

  • data: 

230A1380.SERIAL

Device Password Recovery Stored

NULL

Needs Approval

  • data: 

0951153B.SERIAL

Device Disabled

  • newStatus: 

DISABLED

  • oldStatus: 

DISABLE_PENDING

Detonate Remotely

  • data: 

230A1016.SERIAL

  • &&

  • newStatus: 

DETONATE

  • oldStatus: 

DETONATE_PENDING

Audit Mode

  • newStatus:

AUDIT_MODE

  • oldStatus: 

AUDIT_MODE_PENDING

Anti-Malware Update

  • status: 

downloading

Anti-Malware Loaded

  • datVersion: 

10138

Anti-Malware Load Error

  • errCode: 

8

Unplugged

NULL

Deleted File

  • filename: 

E:/test.txt

Created File

  • filename: 

E:/test.txt

  • size: 

12

  • md5: 

031a282e2196e0aea4ccb9998c7aa1fd

File Blocked

  • path: 

G:\New Text Document.txt

Reset Results

  • result: 

success

  • drive_content:

User data wiped, configuration data reset

Device Format

  • (DEVICE DEPENDENT)

media_type: 

removable

  • file system: 

FAT32/EXFAT/NTFS

Moved File

  • new: 

E:/Test.docx

  • old: 

E:/New Microsoft Word Document.docx

File Modified

  • filename: 

F:/Device-System-Files/Reports/MalwareScanner_Report.txt

  • size: 

454

  • md5: 

ae3aa1ca4a78ad10cb3f1d9d7a2fdcf4

Malware Infection Detected

  • path:

G:eicar.com

  • infectionName: 

EICAR test file

  • action: 

deleted/quarantined

GeoFence Blocked Device

  • data: 

0

  • type: 

USER

  • policy: 

9947

  • OR

  • data: 

7194

  • type: 

DEVICE

  • policy: 

PB_SERIAL

Invalid Password

  • attempts_remaining: 

9

Password Reset

  • result: 

failure/success

Mass Deploy (SafeCrypt Only)

  • type: 

mass_deploy

  • action: 

passwd-awaiting_user_password/passwd-set_by_user/passwd-temporary_set_by_admin

Logged Out

NULL

Logged In

  • space_used: 

36697088

  • space_total: 

524288000

  • computerOS: 

Windows 10 Pro | Windows Admin

PortBlocker Block All

NULL

PortBlocker Allowed

  • eventId: 

2

  • deviceDescription: 

Plantronics Audio USB

  • vid: 

047F

  • pid: 

C011

  • sn: 

SERIAL

PortBlocker Allow All As Read-Only

NULL

PortBlocker Allow All

NULL

PortBlocker Blocked

  • eventId: 

1

  • vid: 

18d1

  • pid: 

4ee5

  • revision: 

440

  • sn: 

SERIAL

  • usbClass: 

6

  • usbSubClass: 

1

  • usbProtocol: 

1

  • deviceName: 

Pixel 5

  • vendorName: 

Google

  • interfaceNumber: 

0

  • interfaceCount: 

1

  • filterable: 

1

  • deviceDescription: 

Pixel 5

PortBlocker Active

NULL

PortBlocker Allowed Read-Only

  • eventId:

3

  • deviceDescription:

QEMU USB Tablet

  • vid: 

0627

  • pid: 

0001

  • sn: 

SERIAL

PortBlocker Allowed Read-Only Unlisted

  • eventId: 

3

  • vid: 

18d1

  • pid: 

4ee1

  • revision: 

440

  • sn:

SERIAL

  • usbClass: 

6

  • usbSubClass: 

1

  • usbProtocol 1

  • deviceName: 

Pixel 4 XL

  • vendorName: 

Google

  • interfaceNumber: 

0

  • interfaceCount: 

1

  • filterable: 

1

  • deviceDescription: 

Pixel 4 XL

Detonate

  • reason: 

Admin Initiated/Brute Force

Detonate Results

  • result: 

success

Quarantined File Deleted

  • path:

eicar.com

  • infectionName: 

EICAR test file

  • infectionTime:

08/18/20 11:42:02 AM

Quarantined File Restored

  • path: 

eicar.com

  • infectionName: 

EICAR test file

  • infectionTime: 

08/18/20 11:42:29 AM

Standalone Login Requested

  • saReason: 

convenience/automatic/cross-platform

Trusted Network Rejected Device Connection

  • data: 

3

  • type: 

OU

  • policy: 

-1