BMC Helix Audit Dashboard

As an administrator, use the BMC Helix Audit Dashboard to monitor the details of various activities performed in BMC Helix services. For example, you can monitor and audit activities of BMC Helix Portal, BMC Helix Operations Management, and so on. By using this dashboard, you can audit activities such as updates to the user roles, user groups, alarm policies, and so on. For more information about audit activities, see Viewing audit records in BMC Helix Dashboards. By using this dashboard, track the following events for BMC Helix Dashboards:

Create data source event
Update data source event
Delete data source event
Update Organization preference
Create, update, and delete dashboards
Create, update, delete, enable, disable, and run report schedules
Update dashboard and folder permissions

The dashboard uses the BMC Helix data source, and the Audit query type. For more information, see Audit-query.

The dashboard retains the audit records for 7 days for all tenants.

To view the BMC Helix Audit Dashboard

From the navigation menu, click Dashboards.
Select Helix Common Services > BMC Helix Audit Dashboard.

Tip

To quickly open the dashboard from the home page, mark it as a favorite by using the star icon. Additionally, after you open a dashboard, it is available under Recently viewed dashboards on the home page.

Panels in the BMC Helix Audit Dashboard

The dashboard shows the audit records of activities performed in BMC Helix Portal, BMC Helix Dashboards, BMC Helix Intelligent Automation, and BMC Helix Operations Management. You can use filters to view specific audit activities that you want to analyze. For example, select Authentication in the Resource Type filter to view and analyze the audit activities related to authentication.

Panel	Description
Dashboard filters	Use the following filters to view specific records. You can select one or more options from the following filters: Actor — The name of the user who performed the activity. Operation — The type of activity performed on the resource. The following operations are tracked: Operation details AGENT_ACTION_EXECUTE - Indicates that an action was run remotely on a PATROL Agent from the Device Details page in BMC Helix Operations Management. ALARM_POLICY_UPDATE - Indicates that an alarm policy was updated in BMC Helix Operations Management. EVENT_CLASS_UPDATE - Indicates that an event class was updated in BMC Helix Operations Management. EVENT_POLICY_CREATE - Indicates that an event policy was created in BMC Helix Operations Management. EVENT_POLICY_DELETE - Indicates that an event policy was deleted in BMC Helix Operations Management. EVENT_POLICY_DISABLE - Indicates that an event policy was disabled in BMC Helix Operations Management. EVENT_POLICY_ENABLE - Indicates that an event policy was enabled in BMC Helix Operations Management. EVENT_POLICY_UPDATE - Indicates that an event policy was updated in BMC Helix Operations Management. JWT_CREATION_FOR_SERVICE_ACCOUNT - Indicates that a JWT access token was created for a service account in BMC Helix Portal. JWT_CREATION_USING_ACCESS_KEY - Indicates that a JWT access token was created by using the access key. JWT_CREATION_USING_REFRESH_TOKEN - Indicates that a JWT access token was created by using the refresh token. JWT_CREATION_USING_RSSO_CREDENTIALS - Indicates that a JWT access token for authentication was created by using BMC Helix Single Sign-On credentials. JWT_TOKEN_REFRESH - Indicates that the JWT refresh token was generated. ROLE_UPDATED - Indicates that a user role was updated in BMC Helix Portal. USER_CREATED - Indicates that a new user was created in BMC Helix Portal. USER_DELETED - Indicates that a user was deleted in BMC Helix Portal. USER_LEVEL::GS_DATA_COLLECTION_FOR_OUTREACH_CONSENT_DISABLED - Indicates that you did not approve outreach data collection by using Gainsight. USER_LEVEL::GS_DATA_COLLECTION_FOR_QUALITY_CONSENT_DISABLED - Indicates that you did not approve telemetry data collection by using Gainsight. CREATE - Indicates that a dashboard or a report schedule is created. UPDATE - Indicates that a dashboard or a report schedule is updated. DELETE - Indicates that a dashboard or a report schedule is deleted. PERMISSION_UPDATE - Indicates that a dashboard or folder permissions are updated. ENABLE - Indicates that a report scheduler is enabled. DISABLE - Indicates that a report scheduler is disabled. RUN_NOW - Indicates that a report scheduler is run. Resource Type — The object type on which the activity is performed. The following resource types are available: Resource type details AQT Command - Select to view the audit trail of Agent Query Tool (AQT) commands that are used to perform specific actions on the PATROL Agents, such as start or stop the Agents. Access Key - Select to view and analyze the activities related to access key generation. AGENT ACTION - Select to view the action that was remotely run on a PATROL Agent from the Device Details page in BMC Helix Operations Management. Alarm Policy - Select to view the audit trail of alarm policy operations in BMC Helix Operations Management. Authentication - Select to view and analyze the activities related to authentication. Event Class - Select to view the audit trail of activities related to event classes in BMC Helix Operations Management. Group - Select to view and analyze the activities related to managing groups in BMC Helix Operations Management. Monitor Policy - Select to view and analyze the activities about managing monitor policies in BMC Helix Operations Management. Role - Select to view and analyze activities related to defining and managing roles in BMC Helix Portal. User - Select to view and analyze user management activities in BMC Helix Portal. pdf - Select to view and analyze the activities related to the PDF output of a report schedule. csv - Select to view and analyze the activities related to the CSV output of a report schedule. html - Select to view and analyze the activities related to the HTML output of a report schedule. xlsx - Select to view and analyze the activities related to the XLSX output of a report schedule. Resource Name — The name of the user on whom the activity was performed. Application — The application where the audit activity was performed, such as identity management service.
Audit Records	View the details of the audit activities performed in BMC Helix Portal and BMC Helix Operations Management. Time (UTC) — The time of the activity performed. Category — The category of the activity. The following categories are available: AUTHORIZATION - Includes activities related to user access and authentication. EVENT_CLASS - Includes activities related to event classes in BMC Helix Operations Management. DASHBOARD - Includes activities related to the creation, update, and deletion of dashboards. REPORT SCHEDULER - Includes activities related to the creation, update, activation, and deletion of report schedules. CONSENT - Includes activities related to enabling or disabling data collection in Gainsight. Actor — The user who performed the activity. Resource Type — The type of the object on which the activity is performed. Resource Name — The name of the object on which the activity is performed. Operation — The type of the activity. Click the entries in this column to view the details of the audit activity in the BMC Helix Audit Dashboard - Details drill-through dashboard. By using the drill-through dashboard, you can compare the previous and the new values of the audit activity. Status — The status of the activity. Changes — The type of changes performed on the object. Click Inspect value to view the details of the changes. Application — The application on which the activity is performed. Details — The details of the activity. Click Inspect value to view the details of the audit activity. Resource category — The category of the object on which the activity is performed. Source — The IP address of the system where the activity is performed.

Panel

Description

Dashboard filters

Use the following filters to view specific records. You can select one or more options from the following filters:

Actor — The name of the user who performed the activity.
Operation — The type of activity performed on the resource. The following operations are tracked:
Operation details
- AGENT_ACTION_EXECUTE - Indicates that an action was run remotely on a PATROL Agent from the Device Details page in BMC Helix Operations Management.
- ALARM_POLICY_UPDATE - Indicates that an alarm policy was updated in BMC Helix Operations Management.
- EVENT_CLASS_UPDATE - Indicates that an event class was updated in BMC Helix Operations Management.
- EVENT_POLICY_CREATE - Indicates that an event policy was created in BMC Helix Operations Management.
- EVENT_POLICY_DELETE - Indicates that an event policy was deleted in BMC Helix Operations Management.
- EVENT_POLICY_DISABLE - Indicates that an event policy was disabled in BMC Helix Operations Management.
- EVENT_POLICY_ENABLE - Indicates that an event policy was enabled in BMC Helix Operations Management.
- EVENT_POLICY_UPDATE - Indicates that an event policy was updated in BMC Helix Operations Management.
- JWT_CREATION_FOR_SERVICE_ACCOUNT - Indicates that a JWT access token was created for a service account in BMC Helix Portal.
- JWT_CREATION_USING_ACCESS_KEY - Indicates that a JWT access token was created by using the access key.
- JWT_CREATION_USING_REFRESH_TOKEN - Indicates that a JWT access token was created by using the refresh token.
- JWT_CREATION_USING_RSSO_CREDENTIALS - Indicates that a JWT access token for authentication was created by using BMC Helix Single Sign-On credentials.
- JWT_TOKEN_REFRESH - Indicates that the JWT refresh token was generated.
- ROLE_UPDATED - Indicates that a user role was updated in BMC Helix Portal.
- USER_CREATED - Indicates that a new user was created in BMC Helix Portal.
- USER_DELETED - Indicates that a user was deleted in BMC Helix Portal.
- USER_LEVEL::GS_DATA_COLLECTION_FOR_OUTREACH_CONSENT_DISABLED - Indicates that you did not approve outreach data collection by using Gainsight.
- USER_LEVEL::GS_DATA_COLLECTION_FOR_QUALITY_CONSENT_DISABLED - Indicates that you did not approve telemetry data collection by using Gainsight.
- CREATE - Indicates that a dashboard or a report schedule is created.
- UPDATE - Indicates that a dashboard or a report schedule is updated.
- DELETE - Indicates that a dashboard or a report schedule is deleted.
- PERMISSION_UPDATE - Indicates that a dashboard or folder permissions are updated.
- ENABLE - Indicates that a report scheduler is enabled.
- DISABLE - Indicates that a report scheduler is disabled.
- RUN_NOW - Indicates that a report scheduler is run.
Resource Type — The object type on which the activity is performed. The following resource types are available:
Resource type details
- AQT Command - Select to view the audit trail of Agent Query Tool (AQT) commands that are used to perform specific actions on the PATROL Agents, such as start or stop the Agents.
- Access Key - Select to view and analyze the activities related to access key generation.
- AGENT ACTION - Select to view the action that was remotely run on a PATROL Agent from the Device Details page in BMC Helix Operations Management.
- Alarm Policy - Select to view the audit trail of alarm policy operations in BMC Helix Operations Management.
- Authentication - Select to view and analyze the activities related to authentication.
- Event Class - Select to view the audit trail of activities related to event classes in BMC Helix Operations Management.
- Group - Select to view and analyze the activities related to managing groups in BMC Helix Operations Management.
- Monitor Policy - Select to view and analyze the activities about managing monitor policies in BMC Helix Operations Management.
- Role - Select to view and analyze activities related to defining and managing roles in BMC Helix Portal.
- User - Select to view and analyze user management activities in BMC Helix Portal.
- pdf - Select to view and analyze the activities related to the PDF output of a report schedule.
- csv - Select to view and analyze the activities related to the CSV output of a report schedule.
- html - Select to view and analyze the activities related to the HTML output of a report schedule.
- xlsx - Select to view and analyze the activities related to the XLSX output of a report schedule.
Resource Name — The name of the user on whom the activity was performed.
Application — The application where the audit activity was performed, such as identity management service.

Audit Records

View the details of the audit activities performed in BMC Helix Portal and BMC Helix Operations Management.

Time (UTC) — The time of the activity performed.
Category — The category of the activity. The following categories are available:
- AUTHORIZATION - Includes activities related to user access and authentication.
- EVENT_CLASS - Includes activities related to event classes in BMC Helix Operations Management.
- DASHBOARD - Includes activities related to the creation, update, and deletion of dashboards.
- REPORT SCHEDULER - Includes activities related to the creation, update, activation, and deletion of report schedules.
- CONSENT - Includes activities related to enabling or disabling data collection in Gainsight.
Actor — The user who performed the activity.
Resource Type — The type of the object on which the activity is performed.
Resource Name — The name of the object on which the activity is performed.
Operation — The type of the activity.
Click the entries in this column to view the details of the audit activity in the BMC Helix Audit Dashboard - Details drill-through dashboard. By using the drill-through dashboard, you can compare the previous and the new values of the audit activity.
Status — The status of the activity.
Changes — The type of changes performed on the object.
Click Inspect value to view the details of the changes.
Application — The application on which the activity is performed.
Details — The details of the activity.
Click Inspect value to view the details of the audit activity.
Resource category — The category of the object on which the activity is performed.
Source — The IP address of the system where the activity is performed.

BMC Helix Audit Dashboard

To view the BMC Helix Audit Dashboard

Panels in the BMC Helix Audit Dashboard

BMC Helix Dashboards 25.3

On this page