Bxp - Audit Logs

Security is a primary concern of bxp software (bxp). To that end there are a number of mechanisms in effect for logging and event management from an operational and security perspective that are employed.

The area is broken into two primary suites of audit-able log areas.

• Infrastructure
• Application

Infrastructure and operating system level logging is available to the All n One support departments of Security, Frameworks and Infrastructure. The detail and information of these logs is not generally available and is used in the performance monitoring and enhancement of the solution. For proper security logging and infrastructure management the logs can also be used to refine and tweak low level security parameters to reduce and eliminate threats.

Application level logging is available to end users of bxp with correct access permissions. This information is primarily available and managed through the System Access Management module however bxp maintains numerous logs for varying purposes throughout the framework.

2.1 Technical Operations Centre monitoring

Monitored and managed by AWS, the entire network and primary infrastructure is monitored 24/7 with varying alarms and audited change request mechanisms. At no point do these logs include customer data. All communications within the infrastructure are encrypted, including data at rest.

2.2 Event Viewer

The server solutions in the bxp framework are Microsoft based. To this end Event Viewer provides application, security and event logging, which are reviewed by period Security department operations.

2.3 IIS Logs

The primary web services are delivered using Microsoft Internet Information Server. The logs from the numerous IIS nTeir web solutions are collated and extracted for performance and reporting purposes managed by the Infrastructure department.

These logs are also used to help generate Black Lists of IP addresses seeking to affect the service.

2.4 MySQL Logs

Numerous audit-able logs are available from MySQL. The primary audit log is the slow-log, which is used to tweak and enhance the performance of the database service and provide actionable efforts to the Frameworks department to improve the service.

2.5 SFTP Logs

The SFTP server service provides access logs. These logs are used to refine Black Lists.

2.6 Hamsters

For trappable and actionable IIS error events, e.g. (500 internal server error or 404 page not found), a hamster error report is generated. These events are distributed to various departments to manage their resolution. For more information on the hamsters please review Meet_the_Hamsters The information stored in a Hamster log will include all browser transmitted information at the time of the error. A snapshot of the identifiable information is available from https://ww3.allnone.ie/public/client_debug.asp

Within the bxp platform there are numerous further actionable audit logs.

3.1 PageView

Every page that a user visits is logged in a client specific table called the PageLog. The information does not contain customer identifiable information. The primary information logged is:

• DateTime
• User
• Page
• Module
• Section

PageLogs are retained on a rolling six months basis and are only available to All n One support staff for security purposes to trouble shoot issues.

Main Menu > System Access Management > Security Reports > Security - System Page Log Full Audit Trail

3.2 SecurityLog

The SecurityLog provides audit-able event history specifically around login and logout events.

A number of key interaction pieces of information are maintained.

• Date Time
• Remote Address
• Remote Host
• Remote User
• Called Server
• Called URL
• System
• User Id
• User Name
• User Entered Values
• Event Type
• Result

Main Menu > System Access Management > Security Reports >

• Login Report - Last Login
• Login Report - All Logins
• Login Report - Failed Logins
• Login Report - Failed Logins - IP Restricted

SecurityLogs are retained on a rolling six month basis.

3.3 ArticleView

A second audit-able event log is maintained for key event recording. These events record key Ids for auditing purposes but customer identifiable information . The events currently recorded include:

• Accounts - Data File
• Accounts - Edit Transaction
• Campaign - Data Load
• Campaign - XML Load
• Create Archive - Complete
• Create Archive - Custom Output
• Create Campaign Archive - Complete
• FAQ - View
• InfoCentre - Local - View
• InfoCentre - Master - View
• SAM - Add User
• SAM - Edit User
• SAM - Group file user create
• SAM - Group User Field Update -
• SAM - Group User Security Reset
• SAM - User Profile
• Campaign [ & intCampaign_Id & "] - Document View
• Check mailbox - Campaign Management
• Check mailbox - Task Management
• Security - Password updated
• Update : Adding : & strTable_Name
• Update : Deleting : & strTable_Name

Logs of these events are available through reports in the System Access Management module

Main Menu > System Access Management > Security Reports > Security - System Events Audit Trail >

ArticleViews are retained on a rolling six month basis.

3.4 Logging and Reporting

There is extensive reporting available within each module on various aspects of content entered into the bxp instance. For all Wixi articles on reports available you can use as an initial reference point.

3.4.1 Form Management

Vast amounts of information are recorded with every interaction with a data record. For further information on what is stored with every interaction from an Inbound, Outbound, Blended, Case, Examination, Quality Assurance or Survey form, please refer to the reporting documentation for each area for what is possible. Training

3.4.2 eCourse Management

eLearning and eCourse interaction is recorded separately and extensively for eCourse and eCourse modification interactions. For more information on the reporting and data available please refer to the various training materials available for eLearning. Learning_and_Development_Training