Name of Feature/Request: Asset Audit Log → Report Dataset
What financial, time savings, or quality of life improvements will occur from this: Add an Asset Audit Log dataset to the Report Builder, allowing users to generate reports on asset modifications, movements, and historical changes for better tracking, compliance, and accountability. | Frequency: Might not happen often but when it does happen, time savings and efficiency will be Importsant | If we are in need of tracking this information down, its a serious issue and is likely that there is either the suspicion that its an insider misusing access or extracting data by reveling the passwords and we have to match it up to potential unauthorized actions being taken within a customer’s environment.
IF the audit log for assets could be made into a dataset for which reports can be run, this process of matching the user to the exact asset under the exact customer could take minutes instead of hours and would allow our teams responding to the situation to gain the efficiency of time in response.
For reference, this situation came up on 1/6 when we found a terminated employee had emailed his personal email account a whole bunch of passwords and we lacked the easy ability to go trace back who could have been in scope for these and who wasnt to have changed them out of good measure.
This is also something that from a controls perspective, being able to find out when an employee is terminated, what they interacted with specifically in recent history warrants any type of scrutiny to update passwords that may have been known or exfiltrated without any trace since I can copy out of striven, screenshot it and/or write it down and nobody will ever know but the audit log will show if nothing else, it was me.
Attempted Solutions So Far: The results so far to derive this were performed manually, very manually exporting from a report and then matching up on a per customer per asset audit log to find the point of interest.
Effectively the goal is to take an employee whether active or terminated and find out what assets they may have interacted with so that we can respond better when a situation is the result of an insider threat.
This was discussed during a tabletop exercise and then as an exercise in practicality, we tried it and here’s what we did:
- I ran the report for Striven Page visits for an employee over a date range where the page contained “assets”
- I exported this report which for 30 days produced for 1 recently terminated employee, 108 page hits
- I was able to make a unique list of the customers from this export, split on the hyphen, remove the # from the customer ID and then create a formula to make links for the customer asset pages for each of these customers
- Once I went to one of the customer asset pages, there was a particular asset we were trying to track down for the purposes of the exercise but the average 1 :00 - 1:30 per asset access to match it up to the correct page visit because of the difference between the report indicating when the page was visited and the audit log indicating when the asset was accessed
By the extrapolated math, after doing this for 16 minutes, we were able to effectively time it to the 90 seconds per record validation from the asset’s audit log and if you were to extend this to the 108 total records (bearing in mind that some of them are not the specific asset type) this would range anywhere from 108 - 162 minutes or roughly 2 - 3 hours.
See the next section for why this is Importsant
Digging deep - Any additional Why behind this request / How was this accomplished before Striven in what system or software: Original Description: “Users need a way to generate reports on Asset Audit Logs to track asset modifications, historical changes, and user actions. Currently, there is no dataset available in Report Builder to accomplish this, requiring manual reviews within individual assets. Adding this dataset will improve transparency, efficiency, and compliance tracking.” | Previously accomplished: Very manually
StrivenID: 5113858