Audit

Viewing User Operation Logs

You can view the operations performed by all users in the user center, including the time, name, username, operation type, and results.

1. Log in to the administrator portal.
2. On the top navigation bar, choose Audit > User Operations.
3. Click Details in the Operation column of the target operation.
4. Click Export in the upper right of the user operations page to export all logs.

To view logs generated two years ago, click Log Archives in the upper right of the User Operations page, and click Download in the Operation column of the target log file. Decompress the package and view the time, username, operation results, and operation type in each log.

Viewing Administrator Operation Logs

You can view the operations performed by all administrators in the administrator portal, including the time, operator, operation object, and operation type.

1. Log in to the administrator portal.
2. On the top navigation bar, choose Audit > Administrator Operations and view administrator operation logs.
3. Click Export in the upper right of the administrator operations page to export all logs.

To view logs generated two years ago, click Log Archives in the upper right of the Administrator Operations page, and click Download in the Operation column of the target log file. Decompress the package and view the time, operation object, operation type, and location in each log.

Risky Events

You can view the risky events triggered by all users and administrators, including the trigger time, risk type, login mode, name, and username.

1. Log in to the administrator portal.
2. On the top navigation bar, choose Audit > Risk Event.
3. You can filter risky events by start time, risk type, name, or username.
4. Click View in the Operation column of the target event to check its details.

Risk Dashboard

The risk dashboard displays all risk operations of an instance from a global perspective. It includes several modules. You can filter risks by time (today, last 7 days, last 30 days) or customizing a time range in the upper right part of the risk dashboard page.

1. Log in to the administrator portal.
2. On the top navigation bar, choose Audit > Risk Dashboard to check triggered risk behaviors.

   Table 1 Risk dashboard

   Module	Description
   Number of risks today	Number of risk events triggered on the current day. The selected time period does not affect this module's statistics.
   Total number of risk events	Total number of risk event logs within the selected time period.
   Total number of risky users	Number of users who trigger risk events within the selected time period.
   Number of risky users today	Number of users who trigger risk events on the current day. The selected time period does not affect this module's statistics.
   Triggered risk type	Number of risk events of various types within the selected time period.
   Risky user list	List of users who trigger recent risk events. Click More go to the risk event page.
   Risk event list	List of recent risk events. Click More go to the risk event page.
   Login risk times	Number of risk events in each time range within the selected time period. Risk events statistics are displayed based on different time periods. Today: Statistics are collected by hour. The horizontal coordinate displays time from 00:00 to 23:00. For example, the risk event at 00:15 is collected in 00:00, the risk event at 9:30 is collected in 09:00, and the risk event at 23:45 is collected in 23:00. Last 7 days: Statistics are collected by day. The horizontal coordinate displays the dates from 7 days ago to today. Last 30 days: Statistics are collected by day. The horizontal coordinate displays the dates from 30 days ago to today. For example, on December 28, the number of risk events from November 29 to December 28 is displayed. Customized time period: Statistics are collected by day. The horizontal coordinate displays the dates from the defined start date to end date.
   Recent 10 detected abnormal devices	Top 10 devices with the most risk events within the specified time period. Devices are classified by device type and browser.
   Top 10 detected abnormal IP addresses	Top 10 IP addresses with the most risk events within the specified time period.