Security Event Log

Query the database to retrieve security event log:

  1. Connect to the Database.

  2. Run the following optional queries:

    • Aerobase Database Queries

      • Return data on administrative actions

      • Return data on clients authentication

    • Nintex RPA Database Queries

      • Return data on changes in wizards

        • Example of unsuccessful login attempts to the Nintex RPA system

        • Example of successful and unsuccessful change of Nintex RPA/Nintex Process Discovery user privileges in Aerobase

        • Example of successful and unsuccessful changes of Nintex Process Discovery user attributes in Aerobase

Aerobase Database Queries

Return data on administrative actions

select usr.USERNAME, concat(usr.FIRST_NAME,' ', usr.LAST_NAME) as Name, adm_evnt.ADMIN_EVENT_TIME, adm_evnt.OPERATION_TYPE, adm_evnt.IP_ADDRESS, adm_evnt.RESOURCE_PATH, adm_evnt.REPRESENTATION, adm_evnt.ERROR
from ADMIN_EVENT_ENTITY adm_evnt, USER_ENTITY usr
where adm_evnt.AUTH_USER_ID= usr.ID;
USERNAME – login of user
Name – First and Last name of user
ADMIN_EVENT_TIME – Date and time of event (in unixtime format)
OPERATION_TYPE – Type of executed action
IP_ADDRESS – IP address from which user has been logged in
RESOURCE_PATH – URL that has been called (contains information about object which has been modified)
REPRESENTATION – Contains detailed information about action (requires initialization on server side first)
ERROR – NULL in case of success or error

Return data on clients authentication

The field CLIENT_ID points to CLIENT OIDC in Aerobase.

select usr.USERNAME, concat(usr.FIRST_NAME,' ', usr.LAST_NAME) as Name, evnt.CLIENT_ID, evnt.DETAILS_JSON, evnt.ERROR, evnt.IP_ADDRESS, evnt.EVENT_TIME, evnt.TYPE
from EVENT_ENTITY evnt, USER_ENTITY usr
where evnt.USER_ID = usr.ID;
Username – login of user
Name – First and Last name of user
Client_ID – which Aerobase client has been used (robot/studio/etc)
DETAILS_JSON – event details (in JSON format)
ERROR – NULL in case of success or error
IP_ADDRESS – IP address of user
EVENT_TIME – Date and time of event (unixtime)
TYPE – Type of executed action (see reference)

Nintex RPA Database Queries

Return data on changes in wizards

See the fields UpdateDate and UpdateUser:

select * from LeoScripts
UpdateDate – Time when wizard has been changed
UpdateUser – user login
ScriptID – ID of wizard

  • This table doesn't contain information about unsuccessful attempts to access wizards.

  • Information about source of event can be correlated with information from Aerobase.

Example of Unsuccessful login attempts to the system

select usr.USERNAME, concat(usr.FIRST_NAME,' ', usr.LAST_NAME) as Name, evnt.CLIENT_ID, evnt.DETAILS_JSON, evnt.ERROR, evnt.IP_ADDRESS, evnt.EVENT_TIME, evnt.TYPE
from EVENT_ENTITY evnt, USER_ENTITY usr
where evnt.USER_ID = usr.ID and evnt.TYPE='LOGIN_ERROR' order by evnt.EVENT_TIME desc;

Example of successful and unsuccessful changes of PD user attributes in Aerobase

select usr.USERNAME, concat(usr.FIRST_NAME,' ', usr.LAST_NAME) as Name, adm_evnt.ADMIN_EVENT_TIME, adm_evnt.OPERATION_TYPE, adm_evnt.IP_ADDRESS, adm_evnt.RESOURCE_PATH, adm_evnt.REPRESENTATION, adm_evnt.ERROR
from ADMIN_EVENT_ENTITY adm_evnt, USER_ENTITY usr
where adm_evnt.AUTH_USER_ID= usr.ID and adm_evnt.RESOURCE_TYPE='USER';

Example of successful and unsuccessful change of Nintex RPA/Nintex Process Discovery user privileges in Aerobase

select usr.USERNAME, concat(usr.FIRST_NAME,' ', usr.LAST_NAME) as Name, adm_evnt.ADMIN_EVENT_TIME, adm_evnt.OPERATION_TYPE, adm_evnt.IP_ADDRESS, adm_evnt.RESOURCE_PATH, adm_evnt.REPRESENTATION, adm_evnt.ERROR
from ADMIN_EVENT_ENTITY adm_evnt, USER_ENTITY usr
where adm_evnt.AUTH_USER_ID= usr.ID and adm_evnt.RESOURCE_TYPE='REALM_ROLE_MAPPING';