UserLock reports allow you to leverage the user session activity and multi-factor authentication data stored in the database.
You can access this section by clicking on the icon in the application menu.
The sub-menu allows you to navigate between the different reports available.
List of reports
- Event Timeline: list of all events in chronological order
- Session History: list of all user session events from protected machines of your network.
- Concurrent Session History: list of all users who have opened sessions concurrently on the same day.
- Single Sign-On events: list of all login/logout events associated with SaaS sessions.
- Wi-Fi session history: list of all events associated with Wi-Fi sessions with duration and amount of data sent and received.
- VPN Session History: list of all events associated with VPN sessions with the duration and amount of data sent and received.
- IIS Session History: list of all events associated with sessions on web applications hosted on an IIS server protected by UserLock.
- MFA event reports: list of failed MFAs, cancelled MFAs, help requests made, etc.
- Denied Connections: list of connections denied by Active Directory and UserLock, based on configured access rules
- Working hours reports: daily, weekly or monthly logging of your network users' connection hours, and per-user logging of connection hours outside of authorized working hours.
- User status changes: lists status changes related to the configuration made in the server properties of the desktop console.
Administrator Action Report
When a UserLock administrator initiates an action on a session or machine, a record of that activity is kept in the database. The new UserLock web application is now enriched with new reports allowing you to view all these activities to better control the activity of your administrators.
For each action triggered, you will be able to see :
- The date, time and duration of the execution
- The type of action triggered
- The targets targeted by the action (machines or sessions)
- The administrator who triggered the action
- The results of the action
In a future version of UserLock, we plan to enrich this report with additional filters specifically to show all administrator actions, including:
- Actions on users
- Modifications of server properties
- Modifications of server properties
This will allow you to have a clear history of all your administrators' activities on UserLock.
Composition of a report
Most of the reports in the UserLock web application consist of statistics, graphs, and a table of data. Each report can be filtered on a specific time period and on all the columns that compose it.
The time period can be easily changed using the control at the top of the reports:
By clicking on it, a sub-menu appears, allowing you to select the dates and times of the period you want. You can also use the predefined periods on the left of the submenu.
By clicking on the "Apply" button, you can refresh the report with the new filter.
To obtain more accurate data, you can apply filters to all the columns that make up a report.
To open the filters panel, click on the following button:
Once the filters panel is open, select the field you want to filter, the type of search you want, and enter or select the value.
To apply more than one, click on the button
To delete a filter, click on the button
You can also choose whether at least one or all conditions should be applied:
By clicking on the "Apply" button, the report is refreshed.
Table columns can be displayed/hidden using the column selector, available by clicking on the "Columns" button at the top right of the table.
You can also group data using the drop-down list next to the same button.
The UserLock web console (v12 or higher) allows you to export all reports in PDF, Excel and CSV format.
To export a report, click on the Export button then select the desired format from the drop-down list that appears.
A window will open, allowing you to choose whether to export all the records in the report, or only those displayed on the page.
After selecting the desired option and clicking the OK button, a notification will appear in the top right-hand corner to indicate that the export is in progress. Once the export is complete, a "Download" button will appear in this notification allowing you to retrieve the file:
The files are generated in the %programData%\UserLock\Exports directory of the UserLock server and are deleted once the user clicks the Download button.
Reports are not yet schedulable from the web application. This feature will be available in the next release.
Default report configuration
When a report is opened, it is automatically generated for the configured default period (7 days). Depending on the number and type of events in your database, the loading time when a report is opened may be long.
If you notice this, we advise you to configure the settings in the "Report settings" section of the UserLock options, accessible from the general menu icon.
- Default period: 7 days by default. Setting a smaller number of days will effectively reduce loading time.
- Exclude session types: Depending on your environment, some session types may generate a high number of events, such as IIS sessions. If you feel that these session types are not important in your reports, you can automatically exclude them for each report. However, you can display them at any time by changing the report filter if you need them from time to time.