Audit Trail
The Audit Trail can be configured from more than one location in Control Center:
- In Standard Mode: Integrations under the Audit Trail tab for the integration
- In Standard Mode: Control Center Settings under the Audit Trail tab
- In Standard Mode: HYPR Affirm under the Audit Trail tab
- In Advanced Mode: App Properties for the Application selected under Choose an App
In all cases the experience is the same; clicking the Event entry will reveal additional information about the Event.
The calls to create, search for, and Export Audit Trail Events can be found here in the HYPR Passwordless API collection.
The Audit Trail is designed to help administrators discover if and when issues occur during registration, authentication, or transaction. HYPR captures this user activity data and provides access to it in a simple, easy-to-use interface which lowers troubleshooting time and personnel resources so the issue can be identified and remedied at speed.
Related Articles:
What Is the Audit Trail
The Audit Trail is a collection of user activity Events generated by the components in the HYPR ecosystem. These captured Events span the entirety of the flow of operations, whether it's registration, authentication, deregistration, or a transaction. At every step of each HYPR request or response, an Event is generated and collected with its corresponding information.
How It Works
Event data is stored in a separate schema away from the critical HYPR FIDO databases. This allows registration, authentication, and deregistration flows to continue functioning without being affected. The connection information to this schema can be found in the Vault; a HYPR representative can help you find it. The settings for the Audit Trail schema will be automatically set up for you during installation.
We anticipate there could be potentially millions of records in this database. We have included a means to roll over the data. This mechanism will be described in detail at the bottom of this guide.
Events
Each single captured Event is a result of a successful or failed attempt.
Audit Trail Events
A full list of all Events and common parameters can be found in the Event Descriptions article. Not every Event is listed in the CC Audit Trail; some only appear in API responses.
Mobile Device
Events triggered from a mobile device (including security keys and smart-cards) will display the Device OS, OS Version, Device Model, Device ID, and SDK Version. See parameter details here.
Workstation
Events triggered from a workstation will display Extended Message, OS Version, Model, OS, Offline Access Enabled, Offline Token Length, Offline Token Count, Offline Access Days, Tokens Available, and Tokens Remaining. See parameter details here.
Server
Events triggered from the server will display the Node ID and Control Center Version. See parameter details here.
Web
Events triggered from web operations will display the Extended Message and Machine Name. See parameter details here.
Getting There
The Audit Trail feature is Application-specific and does not encompass a global scope. You can locate it in the left navigation panel of the Control Center under App Properties.
Searching Events
When you first click on the Audit Trail option, the last 10 minutes of Events will be displayed by default.
A single activity can sometimes generate several events. In this case, the value in the Trace ID column will be the same, letting you see which events come from the same activity.
To copy a single piece of data from the Audit Trail, hover the mouse over the piece of data you want and then click the copy icon to place it in your clipboard.
Search by Time Frame
To expand the searchable timeframe, click the calendar icon.
Quick Filters
| Parameter | Description |
|---|---|
| Last Hour | Gets the last 24 hours of Events. |
| Today | Gets the Events from midnight to current time. |
| Yesterday | Gets the Events from yesterday. |
| Last 7 days | Gets the Events from the last 7 days. |
| Last 30 Days | Gets the Events from the last 30 days. |
User Interface
You can also select a specific timeframe by clicking the Start Date and End Date in the calendar. For a more precise timeframe search, you also can enter in a time (HH:MM:SS format).
Search by Username, Machine ID, Session ID, or Device ID
The Audit Trail allows searching by Username, Machine ID, Session ID or Device ID. Searching on one of these identifiers allows the administrator to narrow down the action and get a resolution to the issue without having to dig through the server logs. By quickly identifying a failed event and cross-referencing it with one of the above identifiers, you can further glean the root cause of the issue.
Export
To export rows of the Audit Trail, select the checkbox next to the row you want to export and click Export Selected in the upper right. This will provide you with a .CSV file including all selected rows.
Examples
You have found a failed Event that is a timeout. By searching for the Machine ID, you see that this particular user has many timeouts and errors which say, "Did not receive anything from device." This could be a device issue. Check connectivity and try again.
Database Rollover
We keep the last 30 days of Event data.
Every hour we archive the data that is older than 30 days into a backup table.
The backup retains data indefinitely.
Troubleshooting
Contact Support
Mobile users may be asked to use the Support email function in HYPR Mobile App's Device Manager. When opened, it generates an email including relevant debug information.
HYPR Mobile App Support email settings are configured in Control Center Advanced Config Menu: UI Management.
Administrative Troubleshooting
-
Check the diagnostic email from the user.
-
Copy the FIDO ID (Identifer) and paste it into the Audit Trail search.
-
Locate the final error Code: ####### entry and note the value.
-
Check the lists of HYPR Error Codes for error details and resolution steps.
API Access
Integrate Audit Trail APIs into your application to leverage advanced search capabilities or improve integration with the existing system.
Learn more about API Access.