ZTrust Documentation
  • User Manual - ZTrust V3.0
    • Key Terminologies
    • Guide to Navigation
      • Clients
        • Clients List
        • Initial Access Token
        • Client Registration
      • Client Scopes
      • Realm Roles
      • Users
      • Groups
      • Sessions
      • Events
        • User events
        • Admin events
      • Realm Settings
        • General
        • Login
        • Email
        • Themes
        • Keys
        • Events
        • Localization
        • Security Defenses
        • Sessions
        • Tokens
        • Client Policies
        • User profile
        • User Registration
      • Authentication
        • Flows
        • Required Actions
        • Policies
      • Identity Providers
      • User Federation
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
        • How to set-up 2FA Authentication
      • ZTrust Authenticator App
      • Self-Service Portal (SSP)
        • Authenticator Setup from Self-Service Portal
        • Set Your Profile Photo in Self-Servicce Portal
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • Role-Specific Attribute Based Access Control at client level
      • Self-Role Request at the Business Level
      • Self-Role Request at the Application Level
      • How to setup Delete Archived/Inactive User feature
      • Reporting Module
      • Geo Tagging and Fencing
      • Event Type
  • Release Notes
    • ZTrust V3.1.0
    • ZTrust V3.0.0
    • ZTrust V2.1.0
    • ZTrust V2.0.1
    • ZTrust V2.0.0
    • ZTrust V1.0.4
    • ZTrust V1.0.3
    • ZTrust V1.0.2
    • ZTrust V1.0.1
    • ZTrust V1.0.0
  • Frequently Asked Questions
  • User Manual - ZTrust V2.0
    • Key Terminologies
    • Guide to Navigation
      • Clients
        • Clients List
        • Initial Access Token
        • Client Registration
      • Client Scopes
      • Realm Roles
      • Users
      • Groups
      • Sessions
      • Events
        • User events
        • Admin events
      • Realm Settings
        • General
        • Login
        • Email
        • Themes
        • Keys
        • Events
        • Localization
        • Security Defenses
        • Sessions
        • Tokens
        • Client Policies
        • User profile
        • User Registration
      • Authentication
        • Flows
        • Required Actions
        • Policies
      • Identity Providers
      • User Federation
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup Time-based One-Time Password (TOTP) Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
        • How to set-up 2FA Authentication
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • How to setup Delete Archived/Inactive User feature
      • Role-Specific Attribute Based Access Control at client level
      • Reporting Module
      • Geo Tagging and Fencing
      • Event Type
  • User Manual - ZTrust V1.0
    • Guide to Navigation
      • Realm Settings
        • General
        • Login
        • Keys
        • Email
        • Themes
        • RabbitMQ Config
        • Localization
        • Cache
        • Tokens
        • Client Registration
        • Client Policies
        • Security Defenses
      • Clients
      • Client Scopes
        • Default Client Scopes
      • Roles
        • Realm Roles
        • Default Roles
      • Identity Providers
      • User Federation
      • Authentication
        • Flows
        • Bindings
        • Required Actions
        • Password Policy
        • OTP Policy
        • WebAuthn Policy
        • WebAuthn Passwordless Policy
        • CIBA Policy
      • Groups
        • Default Groups
      • Users
      • Sessions
        • Realm Sessions
        • Revocation
      • Events
        • Login Events
        • Admin Events
        • Config
      • Import
      • Export
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • How to setup Delete Archived/Inactive User feature
Powered by GitBook
On this page
  1. User Manual - ZTrust V3.0
  2. Admin Manual

Reporting Module

Provide an overview of user activities, including session invalidation and brute-force attacks.Help administrators track user behaviour and identify unauthorised activities.

PreviousHow to setup Delete Archived/Inactive User featureNextGeo Tagging and Fencing

Last updated 2 months ago

Report tracks all actions performed by users within the system, where user sessions are invalidated for security reasons and if the user is attacked by brute-force attacks on user accounts .

Purpose and Benefits:

  • Increased Security: By tracking user activities, administrators can quickly identify suspicious behaviour and take appropriate action.

  • Admin Awareness: Admin will get to know if any unusual activities linked to their accounts, promoting proactive security practices.

Detailed Records: Maintaining detailed logs of user actions assists in compliance and auditing processes.

Enable Events

To enable user activity tracking in the reports section, follow these steps:

  1. Go to Realm Settings in Admin UI and Navigate to the Events section

  1. After navigating to the Events click on Save events to track the user records.

Data Stored in Reports:

Our reporting section helps monitor user activity and system behavior through key data points collected from various areas. These reports are designed to give quick insights, detect potential issues, and support better decision-making.

The main report types include:

  • Overview: Displays key metrics using charts like line and bar graphs to show general trends and usage patterns.

  • User Activity: Tracks user interactions such as logins and feature usage, helping identify active users and behaviors.

  • Session Invalidation: Logs session termination events to help monitor session security and policy enforcement.

  • Brute Force Detection: Detects multiple failed login attempts and potential brute force attacks for better security visibility.

  1. Overview Page:

Presents a visual dashboard with line and bar charts showing key metrics such as login successes, login failures, and overall activity counts. Users can apply filters like date range or user roles to customize the data and gain deeper insights into system usage trends.

  • Line Chart

  • Bar chart

  1. User Activity Report:

  • Username: The name of the user performing the action.

  • User ID: A unique identifier for the user within the system.

  • Action Performed: Action taken by the user (e.g., login, logout, data access).

  • Time and Date: Timestamp indicating when the action occurred.

  • IP Address: The IP address from which the user accessed the system.

  • Geolocation: The geographical location providing context for the user’s activity.

Column Name
Data Type

Username

String

User ID

UUID/String

Time and Date

DateTime

IP Address

String

Action Type

String

Geolocation

String

  1. Session Invalidation Report:

  • Username: The name of the user whose session was invalidated.

  • User ID: Unique identifier for the user whose session is affected.

  • Time and Date: Timestamp of when the session was invalidated.

  • Reason: Details regarding the session invalidation event.

  • IP Address: The IP address associated with the invalidated session.

  • Geolocation: Location information related to the invalidated session.

Column Name
Data Type

Username

String

User ID

UUID/String

Time and Date

DateTime

IP Address

String

Reason

String

Geolocation

String

  1. BruteForce Detection Report:

  • Username: The name of the user targeted by the brute-force attack.

  • User ID: Unique identifier for the user whose account is under attack.

  • Time and Date: Timestamps for each failed login attempt.

  • No of Failed Attempts: Track of failed attempts of a user can be performed.

  • Action Taken: The action taken by the user after exceeding the number of failed login attempts (e.g., account lockout).

  • IP Address: The IP address from which the brute-force attempts originated.

  • Geolocation: Geographical information associated with the IP address of the attacker.

Column Name
Data Type

Username

String

User ID

UUID/String

Time and Date

DateTime

No of Failed Attempts

String

Action Taken

String

IP Address

String

Geolocation

String

Report Formats:

To facilitate easy tracking and analysis of user’s activities, reports are generated in multiple formats, including:

  • PDF: Provides a printable format that is suitable for sharing and archiving.

  • Excel: Allows for easy manipulation and analysis of data using spreadsheet tools.

  • CSV: Offers a simple, text-based format that can be imported into various applications for further processing.

Page Routing (Steps to Create the Report Component) :

  • Create a Tab in Realm Settings: Add a new tab under Realm Settings to create a dedicated section for reports managing specific settings within the realm.

  • Create a Report Component: Develop a new Report.tsx file that defines the Report component.

  • Add a Tab Link: In PageNav.tsx, add a new tab link to navigate to the Report component.

  • Define Report Routing: In route.tsx, create a constant route. Import the new Report component and define the route for it.

  • Connect Report Tab: Ensure that the Report component connects with other tabs using RoutableTabs.

Report Section :

  • We need to create sections to store relevant data in reports, so that when any respective events occur, the corresponding field data is stored in the appropriate sections:

  1. User Activity Report: In the User Activity Report, we store user activity data, including the username, user ID, IP address, time and date, action type, and geolocation.

  2. Session invalidation Report: The Session Invalidation Report captures information related to session invalidations. This includes the username, user ID, IP address, time and date, action type, and reason for invalidation.

  3. BruteForce Attack Report: In the Brute Force Attack Report, we document details about detected attacks, such as the username, user ID, IP address, time and date, action type, and action taken.

This ensures that when a user event occurs, the corresponding user data is stored in these sections.

IP Address :

  • When an event occurs, ZTrust stores the IP address from the user's location, allowing the admin to easily identify where the event took place.

  • Previously, it was using the server's IP address; however, after making these changes, we are now able to capture the actual IP address from which the event originated.

Steps to Retrieve the Actual Source IP Address in ZTrust :

  • Update Ingress Annotations: If ZTrust is deployed on Kubernetes and is reachable via an ingress endpoint, add the following annotation to the ingress:

“nginx.ingress.kubernetes.io/real-ip-header: X-Forwarded-For”

  • Modify Ingress Controller Service: Edit the ingress controller service for the same ingress and include the following under the "Spec:" section:

“externalTrafficPolicy: Local”

By implementing these changes, the actual IP address will be forwarded to ZTrust, allowing for accurate tracking of user locations.

Download Report :

Reports can be downloaded in three formats: PDF, Excel, and CSV. We utilize JasperReports to generate these formats, ensuring that the data is accurately formatted and saved in the chosen option.

“Note: When storing the geolocation, ensure that your device has location services turned on so that it can be saved in the geolocation section.Additionally, remember to enable the "Save Events" under Realm Settings option to track user data effectively in reports.”