Activity Stream User Guide
As the Org Admin user or an Org/Room Manager of your organization, use the Activity Stream feature to view all the activity that has taken place on or to your organization (including its Rooms) since its creation.
Check the description of your custom role, to see if you can access the activity stream.
Note: Room Managers can only see Room-related events for Rooms of which they are members.
Organization and Room activity is stored as events - known as the Activity Stream, which you can view as an event report, which is a filtered list, or table, of these events.
This page answers the following questions:
It also provides a sample of the kinds of events you can expect to find in the Activity Stream.
What is an event?
Tehama stores all activity that takes place on or to your organization and Rooms as events.
For example:
- Ask an individual to join your organization (e.g.: to become a member)? That is logged as an event.
- Create a Room? That is also logged an event.
- Invite another organization to join your Room? Also an event.
- Log in to a Desktop in a Room? Yet another event.
You get the idea. See the list of possible events at the end of this page.
Event Types
At times, it is useful to restrict viewing of events to certain types of events - that is, to filter the events by type.
Tehama defines the following event-types:
- Room Config - e.g.: create a Room, rename a Room, archive a Room
- Room Access - e.g.: add user to Room, fetch secret from Room's secrets vault
- Desktop Template - e.g.: create and configure Desktop templates
- Desktop Access - e.g.: connect to Desktop instance
- Desktop Logs - e.g.: push logs from Desktop instance to support
- Team - e.g.: invite users to an organization, edit role of user in an organization, enable single-sign-on
- Policies - e.g.: create, update, delete policies, assign policy to a Room, remove policy from a Room
- Secrets - e.g.: create, fetch, delete secrets in a Room's secrets vault
- File Vault - e.g.: upload, download, delete resource in a Room's file vault
- App Vault - e.g.: upload, delete resource in a Room's app vault
What is the event report?
The event report is a filtered set of events, viewed as a date/time-ordered list, with one list entry per event, that is displayed on the ACTIVITY STREAM page.
You can filter events with any combination of the following filter options:
- event-type (one type at a time or all-events)
- organization name(s)
- Room name(s)
- user name(s)
- role(s)
- date-range (By default, the Date-range filter is set to "Last 30 days", from when the page is loaded.)
How can you access the Activity Stream?
Only the Org Admin user and Org/Room Managers of a Room's owner organization or a Room's connected organization (owner+connected, user+owner or connected-only) can see the Room's Activity Stream events. Note, that Room Managers can only see Room-related events for Rooms of which they are members.
Only the Org Admin user and Org/Room Managers of an organization can see organization-related Activity Stream events.
Check the description of your custom role, to see if you can access the activity stream.
There are two ways to access the Activity Stream:
-
Organization Level Activity Stream Access:
View event reports on all activity for your organization (including events for all owned and connected-to Rooms in the organization):- Log in to the Tehama Web UI.
- Select the ACTIVITY STREAM tab in the navigation bar.
-
Room Level Activity Stream Access:
View event reports on all activity for just one Room in your organization (events only for that Room):- Log in to the Tehama Web UI.
- Click on the ROOMS tab in the navigation bar.
- Click on the name of the Room you want to see events for. You will see the user interface for the Room.
- Click on the Room's AUDIT tab.
- Select the ACTIVITY STREAM sidebar item.
How can you customize the event report with filters?
Apply filters to the event report, in order to customize its contents.
- Access the Activity Stream.
- Set any combination of the six event filters which are visible above the event report.
Briefly:- Click on a filter to see its options.
- Click on a filter option to select it.
- If only one selection is allowed, select another option to replace the current one.
- If multiple selections are allowed, click on the 'X' for a selection to deselect it.
All the filters are re-applied, and the displayed event report updated, as soon as you select/update a filter option.
All filters are AND-ed together.
Here is a description of each of the six available filters and how to set them:
- Event-type filter
Select any one of provided the event-types (there is an 'All' type).
Your event report will be limited to events that fall into the selected event-type. The page default for this filter is 'All Events'. - Organization filter
Choose zero, one or more of the organizations listed. (Click the X on an organization to remove it.)
Your event report will be limited to events that were initiated by the chosen organizations. If zero organizations are selected, then no organization-filter will be applied. The page default for this filter is no organization-filter. - Room filter
Choose zero, one or more of the Rooms listed. (Click the X on a Room to remove it.)
Your event report will be limited to events that occurred in or to the chosen Rooms. If zero Rooms are selected, then no Room-filter will be applied. The page default for this filter is no Room-filter. - Member filter
Choose zero, one or more of the users listed. (Click the X on a user to remove the user.)
Your event report will be limited to events that were initiated by the chosen users. If zero users are selected, then no user-filter will be applied. The page default for this filter is no user-filter. - Role filter
Choose zero, one or more of the roles listed. (Click the X on a role to remove the role.)
Your event report will be limited to events that were initiated by the users who have the chosen roles. If zero roles are selected, then no role-filter will be applied. The page default for this filter is no role-filter. - Event Date-range filter
Click on this filter to open up the date-time selector. Select one of the date-time range options from the sidebar menu, or enter a custom range in the calendars then click Apply. The page default for this filter is a date range encompassing the "Last 30 days", prior to the date/time when the Activity Stream page was last loaded in your browser.
Tip: If you want to revert just one or two of your filter settings, just change them back to the default manually. If you want to change all of your filter settings back to default values, simply reload the page in your browser.
Events
These tables of events, broken down by event type, provide a reasonable idea of the events you can expect to see in the Activity Stream. It is not guaranteed to be complete nor accurate:
- Room Access Events
- Room Config Events
- Desktop Access Events
- Desktop Template Events
- Desktop Log Events
- Team (primarily Organization-related) Events
- Policy Events
- Secrets Events
- File Vault Events
- App Vault Events
- Reports Events
- Custom Roles and Permissions Events
(The event text displayed in the Tehama Web UI may vary from what is provided in the tables below.)
Room Access Events: | |
---|---|
Description | Text |
Add user(s) to Room (user proposed by another user, same message if approval automatic or explicit) |
Approver has approved access for user(s) to room room |
Add user to Room (user proposed by approver, approval always automatic) |
Approver has added user to room room |
Propose adding user to Room (user proposed by non-approver where explicit approval required) |
User (non approver) has proposed user to room room |
Remove user(s) from Room | Approver has removed user(s) from room room |
Reject proposed adding of user(s) to Room | Approver has rejected access for user(s) to room room |
Accept invitation to join Room (user) | User has accepted the invitation to the room room |
Decline invitation to join Room (user) | User has declined to connect to the room 'room'. |
Invite another organization to join Room | User has invited organization to room room |
Add organization to Room (in response to acceptance of invitation) | The organization organization has been added to the room room |
Decline invitation to join Room (organization) | User for invited organization has declined to connect to your created room 'room'._ |
Remove Room access policy | User has removed access from the organization organization to the room room |
Fetch secret from Room's secret vault | User has fetched secret 'name' of type 'secret-type' (owner: 'owner') |
Test connectivity to a target with the connectivity test tool | User has run the connectivity test with 'ip' from 'origin'. The connectivity test id is 'id' |
A connectivity test run with the connectivity test tool succeeds | Connectivity test 'id' completed successfully. |
A connectivity test run with the connectivity test tool fails | Connectivity test 'id' failed |
Room Config Events: | |
---|---|
Description | Text |
Create Room | User has created room room |
Archive Room | User has archived room room |
Delete Room | User has deleted room room |
Delete Room session recordings | User has deleted a session recording in room room |
Change Room name | Room 'old room name's' name has been changed to new room name |
Create mount in secrets vault e.g.: create secrets folder with name 'MYSQL ON EC2 IN US-EAST-1' of type 'mysql' |
User has created mount 'name' of type 'type' |
Configure mount connection in secrets vault | User has configured the connection for mount 'name' of type 'type' |
Configure mount lease in secrets vault | User has configured the lease for mount with name 'name' |
Change Room subscription plan | User has changed the room plan to plan |
Create a connectivity profile for a Room | User has initiated room connectivity |
Complete a connectivity profile for a Room This generates the Room's access code. |
User has completed room connectivity |
Desktop Access Events: | |
---|---|
Description | Text |
Connect to Desktop | User has an active session on workspace |
Desktop session completed | User has connected to workspace for hours hours and minutes minutes |
Desktop Template Events: | |
---|---|
Description | Text |
Create a Desktop template | User has assigned a desktop name |
Request a Desktop template request capability no longer available |
User has requested a desktop template in the room room |
Reject requested Desktop template request capability no longer available |
Approver has rejected the request for a new desktop template. |
Approve requested Desktop template request capability no longer available |
Approver has approved your desktop request. |
Desktop Log Events: | |
---|---|
Description | Text |
Push logs from Desktop to support team | User accepted to push logs to support from desktop desktop name. zip link |
Team (primarily Organization-related) Events: | |
---|---|
Description | Text |
Add user(s) to a team | User has added user(s) to team team |
Remove user(s) from a team | User has removed user(s) from team team |
Invite user to join organization as team member | User has invited new user to their organization |
Request MFA reset | User has reset MFA access for email: email |
Remove member(s) from an organization | Org Manager 'manager' has removed the following members from the organization: 'members'. |
Change the role of a member in an organization | Org Manager has changed role of user to role |
Change the support plan for an organization | User has changed the support plan to plan |
Deactivate organization | The organization organization name has been deactivated |
Reactivate organization | The organization organization name has been reactivated. |
Policy Events: | |
---|---|
Description | Text |
Create a policy in the organization | User has created policy name and version policy |
Update a policy in the organization | User has updated policy name and version policy |
Publish a policy in the organization | User has published policy name and version policy |
Delete a policy in the organization | User has deleted policy name policy |
Assign a policy to a Room | User has assigned policy name and version policy to room name |
Remove (un-assign) a policy from a Room | User has removed policy name and version policy from room name |
Secrets Events: | |
---|---|
Description | Text |
Fetch a secret | User has fetched secret 'name' of type 'type' (owner: 'owner') |
Fetch a generic secret through an API call | API call from desktop desktop template name has fetched generic secret 'name' (owner: 'owner') |
Fetch all generic secrets through an API call | API call from desktop desktop template name has fetched all generic secrets |
Delete a secret | User has deleted secret 'name' of type 'type' |
Create a secret | User has created secret 'name' of type 'type' |
Create a secret mount | User has created mount 'name' of type 'type' |
File Vault Events: | |
---|---|
Description | Text |
Move file or folder | User has moved the file/folder from 'old path' to 'new path' in the File Vault |
Create folder | User has created a folder 'name' in the File Vault |
Rename file or folder | User has renamed file/folder 'old name' to 'new name' in the File Vault |
Download file | User has downloaded file 'name' from the File Vault |
Upload file | User has uploaded file 'name' from the File Vault |
Delete file or folder | User has deleted file/folder 'name' from the File Vault |
Malicious file found | File Vault file 'name' contained suspected malicious payload. Contents of the file have been replaced. |
App Vault Events: | |
---|---|
Description | Text |
Upload file | User has uploaded file 'name' into the App Vault |
Delete file | User has deleted file 'name' from the App Vault |
Malicious file found | App Vault file 'name' contained suspected malicious payload. Contents of the file have been replaced. |
Reports Events: | |
---|---|
Description | Text |
Download report | User has downloaded a report on 'name' |
Custom Roles and Permissions Events: | |
---|---|
Description | Text |
Create a custom role | User has created custom role 'name' |
Edit a custom role | User has edited custom role 'name' |
Delete a custom role | User has deleted custom role 'name' |