Raw Data Extract
The raw data extract feature allows you to export the audit log files from your IdP in an easy to use CSV format, it also allows you to select the information that you want to be included in your CSV export and apply filter so that you’re only getting the data you want.
Firstly you can filter by a date range, this allows us to set a date range that we want to obtain log file data between. Clicking on the date range will display a modal window that will allow you to set a start and end date for your date range, or you can choose from a number of handy preset date ranges such as “This year” / “Last year” / “This month”. By default the Dashboard will use the last 7 days.
Once a date range has been set you can then click the “Download CSV” button to obtain your CSV export of all audit log data between the date range you’ve selected. Opening up this CSV file you will see that all data from the range you selected is included under the default columns of:-
- Date/Time – The date/time the authentication happened
- Service Provider – The entity ID of the service provider the user visited
- Username – The username of the user who accessed the service provider
- Attributes – What attributes were released from the IdP to that service provider.
Now that we’ve exported the audit log files in their entirety, lets now look at what filters we can apply to the raw data extract report.
- Filter by service provider – This allows us to see who has authentication to a specific list of service providers. You can set these by clicking in the “Filter by service providers” input box and then either choosing a service provider / resource from the drop down list. Or by typing the name of the service provider in the input box and then clicking on it when it appears in the drop down list. You can add as many service providers to this list as you like. To delete a service provider from the list simply click on it and press the backspace key on your keyboard. You will either see the entity ID of the service provider in this list, or if you’ve set friendly names for resources at https://www.overtsoftware.com/dashboard-docs/statistics-settings/ the friendly name will be displayed instead.
- Filter by auth types – Allows you to see who has accessed by which authentication type. If you make use of our ‘true’ Kerberos single sign on features then you would have the option to select “Kerberos” from this list for users who are performing single sign on via their workstations. This effectively allows you to see who has logged into a resource from within your institutional campus or who has logged in offsite.
- Filter by attributes sent – Here we can run reports to see what attributes have been passed over to service providers. So in theory we could set the “Filter by service providers” input box to blank and then set “Filter by attributes sent” to ’email’ for example to see what service providers we have sent the email attribute to. This is particularly important for GDPR purposes as we can perform reporting on who we are sending personal identifiable information to. You can select as many attributes as you wish using the drop down list, or by simply typing to search for a particular attribute. You can remove attributes from the list by clicking on the one you wish to remove using your mouse, and then pressing the backspace button.
- Filter by profiles – Allows you to see what authentications are happening over SAML1 and SAML2. This is useful for auditing purposes as it allows you to see what service providers are using the deprecated SAML1 authentication as opposed to SAML2
- Filter by groups – Allows you to filter the audit logs users which are in Active Directory/LDAP groups. Before you can see these groups you must ensure the group attribute has been set correctly in https://www.overtsoftware.com/dashboard-docs/statistics-settings/. You can then add multiple groups to the filter by selecting from the drop down list or by typing the name of a group into the input box. Groups can be deleted from the filter by clicking on the group name with your mouse and pressing the backspace key on your keyboard.
- Filter by users – This allows you to enter a specific user’s username and see all the IdP audit events for that user. You can also enter multiple usernames into this filter by comma separating each username
- Filter columns to extract – Finally you have the ability to include or exclude certain data from the CSV export. By default “Date/time” / “Service provider” / “Username” / “Attributes sent” are all included in the report. If you click on the filter input box you can then scroll a list of additional columns you can also add to the export. For example you may want to see the IP address the user is authenticating from, you can do this by clicking on “IP Address” in the drop down list. You can also remove columns from the export by clicking on the column name you wish to remove and then pressing the backspace key on your keyboard
Once you’ve set all your filters you can then click “Download CSV” to download your export of data created within the parameters you’ve set using the filters. You can then open this CSV using your favourite editor such as Microsoft Excel / Libre Office / Notepad.