Activity Stream User Guide

As the owner (user with Admin role) or an Org/Room Manager of your organization, use the Activity Stream feature to view all the activity that has taken place on or to your organization (including its Rooms) since its creation.

Note, that Room Managers can only see Room-related events for Rooms of which they are members.

Organization and Room activity is stored as events - known as the Activity Stream, which you can view as an event report, which is a filtered table or charts of these events.

This page answers the following questions:

It also provides a sample of the kinds of events you can expect to find in the Activity Stream.


What is an event?

Tehama stores all activity that takes place on or to your organization and Rooms as events.

For example:

  • Ask an individual to join your organization (e.g.: to become a member)? That is logged as an event.
  • Create a Room? That is also logged an event.
  • Invite another organization to join your Room? Also an event.
  • Log in to a Desktop in a Room? Yet another event.

You get the idea. See the list of possible events at the end of this page.

Event Types

At times, it is useful to restrict viewing of events to certain types of events - that is, to filter the events by type.

Tehama defines the following event-types:

  • Room Config - e.g.: create a Room, rename a Room, archive a Room
  • Room Access - e.g.: add user to Room, fetch secret from Room's secrets vault
  • Desktop Template - e.g.: create and configure Desktop templates
  • Desktop Access - e.g.: connect to Desktop instance
  • Desktop Logs - e.g.: push logs from Desktop instance to support
  • Team - e.g.: invite users to an organization, edit role of user in an organization, enable single-sign-on
  • Policies - e.g.: create, update, delete policies, assign policy to a Room, remove policy from a Room
  • Secrets - e.g.: create, fetch, delete secrets in a Room's secrets vault
  • File Vault - e.g.: upload, download, delete resource in a Room's file vault
  • App Vault - e.g.: upload, delete resource in a Room's app vault

What is an event report?

An event report is a filtered set of events viewed in one of a set of viewing formats.

You can filter events by any combination of:

  • event-type (one type at a time or all-events)
  • organization name(s)
  • Room name(s)
  • user name(s)
  • role(s)
  • date-range.

You can view the events in one of two formats:

  • Table format
  • Chart format

The table format is a list of the events, with one list entry per event.

Table format

The chart format displays the events in one of number of different chart-types with different measurement and sorting options.

The chart-type determines the purpose of the horizontal axis of the chart.

  • View by All

  • View by Organization

  • View by Room

  • View by User

  • View by Role

  • View by Date

The measurement option determines the purpose of the vertical axis of the chart. Options are:

  • Measurement by Number of Events (default): This option means that each increment on the vertical axis of the chart represents an event. (Currently this is the only measurement option available.)

The sorting option allows you to sort the bars on the chart (along the horizontal axis). Options are:

  • No Sorting: This option does not perform any sorting.
  • Sort Alphabetically (default): This option sorts the bars alphabetically by title. (The title is either role user name, organization name, depending on the chart type.)
  • Sort Ascending: This option sorts the bars in ascending order by number of events (or by whatever the measurement option is currently).
  • Sort Descending: This option sorts the bars in descending order by number of events (or by whatever the measurement option is currently).

You can select one of the preconfigured event reports, or create your own custom event report.


How can you access the Activity Stream?

Only the Admin user and Org/Room Managers of a Room's owner organization or a Room's connected organization (owner+connected, user+owner or connected-only) can see the Room's Activity Stream events. Note, that Room Managers can only see Room-related events for Rooms of which they are members.

Only the Admin user and Org/Room Managers of an organization can see organization-related Activity Stream events.

There are two ways to access the Activity Stream:

  • Organization Level Activity Stream Access:
    View event reports on all activity for your organization (including events for all owned and connected-to Rooms in the organization):
    1. Log in to the Tehama Web UI.
    2. Select the ACTIVITY STREAM tab in the navigation bar.

Activity Stream for Organization

  • Room Level Activity Stream Access:
    View event reports on all activity for just one Room in your organization (events only for that Room):
    1. Log in to the Tehama Web UI.
    2. Click on the ROOMS tab in the navigation bar.
    3. Click on the name of the Room you want to see events for. You will see the user interface for the Room.
    4. Click on the Room's AUDIT tab.
    5. Select the ACTIVITY STREAM sidebar item.

Activity Stream for Organization


How can you select a preconfigured event report?

Follow these steps:

  1. Access the Activity Stream (see section above).
  2. Select the desired preconfigured event report option.

Event reports dropdown

Your options are:

  • All Events (table format)
    Displays all events in the activity stream in table format. filters are set), in table format.
  • All Events (chart format)
    Displays all events in the activity stream in chart format with chart-type set to 'View by Organization'.
  • All Events by Room (chart format)
    (only available when viewing the Activity Stream from the organization level access)
    Displays all events in the activity stream in chart format with chart-type set to 'View by Room'.
  • All Events by User (chart format)
    Displays all events in the activity stream in chart format with chart-type set to 'View by User'.
  • All Events by Role (chart format)
    Displays all events in the activity stream in chart format with chart-type set to 'View by Role'.
  • All Events by Date (chart format)
    Displays all events in the activity stream in chart format with chart-type set to 'View by Date'.
  • Desktop Sessions (chart format)
    Displays all 'Desktop Access' events in the activity stream in chart format with chart-type 'View by Organization'.
  • Desktop Sessions by Room _(chart format)
    (only available when viewing the Activity Stream from the organization level access)
    Displays all 'Desktop Access' events in the activity stream in chart format with chart-type 'View by Room'.
  • Desktop Sessions by User (chart format)
    Displays all 'Desktop Access' events in the activity stream in chart format with chart-type 'View by User'.
  • Desktop Sessions by Role (chart format)
    Displays all 'Desktop Access' events in the activity stream in chart format with chart-type 'View by Role'.
  • Desktop Sessions by Date (chart format)
    Displays all 'Desktop Access' events in the activity stream in chart format with chart-type 'View by Date'.

The default date range in the event Date-range filter is two years prior to the date/time when the Activity Stream page was last loaded in your browser.

The filters and viewing-options pre-configured for your selection are applied, and the displayed event report updated, as soon as you select it.

The event filters and event report viewing options for your selection will appear in the Advanced settings.

Create a custom event report from your selected preconfigured event report.

You can if you want to 'tweak' the event report, create a custom event report. The Advanced settings for your custom event report will start off with the values set for your preconfigured event report selection and add in any extra filter/viewing selections you make. A common way to tweak a preconfigured event report is to set a custom date-time range.


How can you create a custom event report?

Follow these steps:

  1. Access the Activity Stream.
  2. Turn on the custom event report option (either directly, or indirectly by selecting a preconfigured report).
  3. Open up the advanced settings.
  4. Set the event filters.
  5. Set the event report viewing options.

1. Access the Activity Stream (see section above).

2. Turn on the custom event report option:

Either

Turn on the custom event report option directly.

Click on the customize icon customize icon found beside the event reports dropdown menu at the top right of the Activity Stream page.
event reports dropdown menu and customize icon
This will cause the event reports dropdown menu to display Custom as its current selection.

Or

Turn on the custom event report option indirectly, by selecting a preconfigured event report option.

Select the desired preconfigured event report option.
Event reports dropdown
This will cause the event reports dropdown menu to display your selection and the Advanced filter settings for your custom event report will start off with the values set for that selection.

3. Open up the advanced settings.

Click on the Advanced dropdown menu.
advanced dropdown menu open
This will show both the event filters event filters icon and the event report viewing options view options icon.

4. Set the event filters (at least one).

Click on a filter to see the options. The filters are applied, and the displayed event report updated, as soon as you select/update a new option. All filters are ANDed together.

Info: If a filter is not shown, it means that your organization or Room only has one option for that filter. For example, if viewing the Activity Stream from a Room, then only events for that Room will be shown and no Room filter will be offered. If viewing the Activity Stream from the organization point of view, and the organization only has one Room, then no Room filter will be offered.

There are six possible filters:


  1. Event-type filter

    Select any one of provided the event-types (there is an 'All' type).
    Your event report will be limited to events that fall into the selected event-type. The page default for this filter is 'All Events'.

  2. Organization filter

    Choose zero, one or more of the organizations listed. (Click the X on an organization to remove it.)
    Your event report will be limited to events that were initiated by the chosen organizations. If zero organizations are selected, then no organization-filter will be applied. The page default for this filter is no organization-filter.

  3. Room filter

    Choose zero, one or more of the Rooms listed. (Click the X on a Room to remove it.)
    Your event report will be limited to events that occurred in or to the chosen Rooms. If zero Rooms are selected, then no Room-filter will be applied. The page default for this filter is no Room-filter.

  4. Member filter

    Choose zero, one or more of the users listed. (Click the X on a user to remove the user.)
    Your event report will be limited to events that were initiated by the chosen users. If zero users are selected, then no user-filter will be applied. The page default for this filter is no user-filter.

  5. Role filter

    Choose zero, one or more of the roles listed. (Click the X on a role to remove the role.)
    Your event report will be limited to events that were initiated by the users who have the chosen roles. If zero roles are selected, then no role-filter will be applied. The page default for this filter is no role-filter.

  6. Event Date-range filter

    Click on this filter to open up the date-time selector. Select one of the date-time range options from the sidebar menu, or enter a custom range in the calendars then click Apply. The page default for this filter is a date range starting two years prior to the date/time when the Activity Stream page was last loaded in your browser and ending at the date/time the page was last loaded.


5. Set the event report viewing options.

To select the Table viewing format, click on Table under the event report viewing options

view options icon. Table viewing option selected

To select the Chart viewing format, click on Chart under the event report viewing options

view options icon. Chart viewing option selected

For charts you can:

  • select the chart type. This determines the horizontal axis of the chart. (The default chart type is "View by Organization".)
  • select the measurement option. This determines the vertical axis of the chart. (The default, and so far only, measurement option is "Measurement by Number of Events".)
  • select the sorting option. This determines the order of the bars of the chart. (The default sorting option is "Sort Alphabetically".)

Tip: If you want to revert your filter and viewing settings, just change them back manually. If you want to change them all back to the page default values, you can reload the page in your browser, which changes the settings to those for the preconfigured event report 'All Events' (table format).


How can you export a chart event report?

Follow these steps:

  1. Access the Activity Stream (see section above).
  2. Configure your chart event report (custom or pre=configured).
  3. From the top of the page select the export icon export icon.

Export icon dropdown

Click on the export option that you desire. For example, Export as SVG (Scalable Vector Graphics), or Export as PDF (Portable Document Format). (More options may become available in the future.)

Look for your event report in your downloads folder.


Events

These tables of events, broken down by event type, provide a reasonable idea of the events you can expect to see in the Activity Stream. It is not guaranteed to be complete nor accurate:

(The event text displayed in the Tehama Web UI may vary from what is provided in the tables below.)

 

Room Access Events:
Description Text
Add user(s) to Room
   (user proposed by another user, same message if approval automatic or explicit)
Approver has approved access for user(s) to room room
Add user to Room
   (user proposed by approver, approval always automatic)
Approver has added user to room room
Propose adding user to Room
   (user proposed by non-approver where explicit approval required)
User (non approver) has proposed user to room room
Remove user(s) from Room Approver has removed user(s) from room room
Reject proposed adding of user(s) to Room Approver has rejected access for user(s) to room room
Accept invitation to join Room (user) User has accepted the invitation to the room room
Decline invitation to join Room (user) User has declined to connect to the room 'room'.
Invite another organization to join Room User has invited organization to room room
Add organization to Room (in response to acceptance of invitation) The organization organization has been added to the room room
Decline invitation to join Room (organization) User for invited organization has declined to connect to your created room 'room'._
Remove Room access policy
User has removed access from the organization organization to the room room
Fetch secret from Room's secret vault User has fetched secret 'name' of type 'secret-type' (owner: 'owner')
Test connectivity to a target with the connectivity test tool User has run the connectivity test with 'ip' from 'origin'. The connectivity test id is 'id'
A connectivity test run with the connectivity test tool succeeds Connectivity test 'id' completed successfully.
A connectivity test run with the connectivity test tool fails Connectivity test 'id' failed

 

Room Config Events:
Description Text
Create Room User has created room room
Archive Room User has archived room room
Delete Room User has deleted room room
Delete Room session recordings User has deleted a session recording in room room
Change Room name Room 'old room name's' name has been changed to new room name
Create mount in secrets vault
e.g.: create secrets folder with name 'MYSQL ON EC2 IN US-EAST-1' of type 'mysql'
User has created mount 'name' of type 'type'
Configure mount connection in secrets vault User has configured the connection for mount 'name' of type 'type'
Configure mount lease in secrets vault User has configured the lease for mount with name 'name'
Change Room subscription plan User has changed the room plan to plan
Create a connectivity profile for a Room User has initiated room connectivity
Complete a connectivity profile for a Room
This generates the Room's access code.
User has completed room connectivity

 

Desktop Access Events:
Description Text
Connect to Desktop User has an active session on workspace
Desktop session completed User has connected to workspace for hours hours and minutes minutes

 

Desktop Template Events:
Description Text
Create a Desktop template User has assigned a desktop name
Request a Desktop template
request capability no longer available
User has requested a desktop template in the room room
Reject requested Desktop template
request capability no longer available
Approver has rejected the request for a new desktop template.
Approve requested Desktop template
request capability no longer available
Approver has approved your desktop request.

 

Desktop Log Events:
Description Text
Push logs from Desktop to support team User accepted to push logs to support from desktop desktop name. zip link

 

Team (primarily Organization-related) Events:
Description Text
Add user(s) to a team User has added user(s) to team team
Remove user(s) from a team User has removed user(s) from team team
Invite user to join organization as team member User has invited new user to their organization
Request MFA reset User has reset MFA access for email: email
Remove member(s) from an organization Org Manager 'manager' has removed the following members from the organization: 'members'.
Change the role of a member in an organization Org Manager has changed role of user to role
Change the support plan for an organization User has changed the support plan to plan
Deactivate organization The organization organization name has been deactivated
Reactivate organization The organization organization name has been reactivated.

 

Policy Events:
Description Text
Create a policy in the organization User has created policy name and version policy
Update a policy in the organization User has updated policy name and version policy
Publish a policy in the organization User has published policy name and version policy
Delete a policy in the organization User has deleted policy name policy
Assign a policy to a Room User has assigned policy name and version policy to room name
Remove (un-assign) a policy from a Room User has removed policy name and version policy from room name

 

Secrets Events:
Description Text
Fetch a secret User has fetched secret 'name' of type 'type' (owner: 'owner')
Fetch a generic secret through an API call API call from desktop desktop template name has fetched generic secret 'name' (owner: 'owner')
Fetch all generic secrets through an API call API call from desktop desktop template name has fetched all generic secrets
Delete a secret User has deleted secret 'name' of type 'type'
Create a secret User has created secret 'name' of type 'type'
Create a secret mount User has created mount 'name' of type 'type'

 

File Vault Events:
Description Text
Move file or folder User has moved the file/folder from old path to new path in the File Vault
Create folder User has created a folder name in the File Vault
Rename file or folder User has renamed file/folder old name to new name in the File Vault
Download file User has downloaded file name from the File Vault
Upload file User has uploaded file name from the File Vault
Delete file or folder User has deleted file/folder name from the File Vault
Malicious file found File Vault file name contained suspected malicious payload. Contents of the file have been replaced.

 

App Vault Events:
Description Text
Upload file User has uploaded file name into the App Vault
Delete file User has deleted file name from the App Vault
Malicious file found App Vault file name contained suspected malicious payload. Contents of the file have been replaced.