Enterprise Recon 2.3

Operation Log

The Operation Log captures all remedial and access control actions taken on a given Target.

Operation Log displaying the details for remediation and access control actions taken on MY-DEBIAN-MACHINE.

There are several ways to view the Operation Logs for a Target.

Targets

  1. Log into the ER2 Web Console.
  2. Go to the Targets page.

  3. Expand the group your Target resides in.

  4. Hover over the Target and click on the gear Enterprise Recon 2.1 options gear icon. icon.

  5. Select View Operation Log from the drop-down menu.

Investigate

  1. Log into the ER2 Web Console.
  2. Go to the Investigate page.

  3. Hover over the Target and click on the gear Enterprise Recon 2.1 options gear icon. icon.

  4. Select Operation Log from the drop-down menu.

Target Details

  1. Log into the ER2 Web Console.
  2. Go to the Target Details page.
  3. Click the Operation Log button.

Each operation log entry contains the following information:

Property Description
Location Location of file where the remediation or access control action was taken.
User User that performed the remediation or access control action.
Operation Status of the most recent remediation or access control action for the location.
Match Count The number of matches in the file. Only applicable for remediation actions.
Timestamp Month, day, year, and time of the remediation or access control event.
Sign-off Text entered into the Sign-off field when the remediation or access control action was taken.
ER2 uses two properties to log the source of remedial action: the Sign-off, and the name of the user account used. The name of the user account used for remediation is not displayed in the Remediation Logs, but is still recorded and searchable in the Filter by… panel.

You can modify or download the displayed list of operation logs using the following features:

Feature Description
Filter By... > Date Set a range of dates to only display logs from that period.
Filter By... > User Display only remediation and access control events from a particular user account. Use the following format for
  • Manually added users: <username>
  • Users imported using the Active Directory Manager: <domain>\<username>
Reverse order By default, the logs display the newest remediation or access control event first; uncheck this option to display the oldest event first.
↺ Reset Filters Click this to reset filters applied to the logs.
Export Log Saves the filtered results of the operation log to a CSV file.