Activity information

  • 2 minute(s) read
Prev Next

The Activity section of the Control Panel displays four types of activity information:

  • Connections
  • Actions
  • Failed logins
  • Download Protection

Here, you can easily monitor which gateways and devices your organization members access. Additionally, it offers a complete record of all Control Panel actions performed by you or designated administrators.

By closely monitoring activity, administrators can swiftly respond to potential security threats within the organization. This data is also invaluable for maintaining security compliance.

Note
  • Reports are accessible for the past 60 days, regardless of your subscription plan. For large datasets, you can download a CSV file directly from the Control Panel.
  • Please note that due to occasional high infrastructure loads, there may be a delay of up to 24 hours in data appearing in the activity log. It doesn't provide real-time information.

Connections

The Activity → Connections section displays user activity sessions, which can be filtered by date and status (ongoing or ended). The list shows connection/disconnection times, devices, and servers used.

You can sort and search the list by member name, device, or source IP address.

The Control Panel does not track website visits or detailed user actions within the NordLayer client.

Admins can only access user/device names, IP addresses, connection timestamps, and server information used during the service transaction.

Actions

The Activity → Actions section shows all admin actions, such as adding members, resetting passwords, or making other Control Panel changes.

You can filter, sort, and search the activity log by action, date, member name, or IP source address.

User administration logs (e.g., creating/deleting teams, adding/suspending members, changing roles) do not contain sensitive or private information regarding users and their activity.

Failed logins

02-Insights-Failed-logins-page-Browser-Extension.png

The Activity → Failed logins section provides a record of unsuccessful login attempts. This includes instances of invalid credentials or blocked access due to security policies.

You can filter and search the failed login log by date, member name, or IP address. The list specifies the timestamp, attempted login source IP address, and the reason for failure (e.g., incorrect password, or failed multi-factor authentication).

Download Protection

The Activity → Download Protection section logs security events related to file download protection. This includes detections of potential threats, such as attempts to download malicious or unauthorized files.

Admins can view a list of flagged events, which can be filtered by date, member name, file status, and source device. The log shows pertinent information such as timestamps, file names, member/device names, and IP addresses associated with the event.

Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.