Login Activity, Security Monitoring, and Audit Trail

Monitoring Login Activity in InnoSynth-Forjinn is essential for keeping your deployment secure, auditing user behavior, maintaining compliance, and quickly responding to security incidents. This guide explains how to use the login/activity logs, what information they provide, and best practices for security teams.

Accessing Login Activity Logs

1. Go to Settings → Security → Login Activity (or Admin → Audit Logs depending on deployment).
2. You will see a time-sorted list/table of:
   • Username/Email
   • Action (login, logout, password change, failed login)
   • Timestamp (UTC/local)
   • IP address & device/browser (if available)
   • Success/failure reason (failure message, lockout event, SSO provider, etc)
   • Workspace/organization, if multi-tenant

Features

• Filtering: Filter logs by user, workspace, time period, action type, or result.
• Review per-user history: Click a user for a timeline of authentications and related security actions.
• Download Logs: Export filtered logs for security review or compliance work (CSV, JSON).
• Retention Policy: Most systems keep at least 90 days’ activity; see platform or admin for your instance’s policy.

Security Best Practices

• Regularly review failed login attempts. Multiple failures may indicate a brute-force attack.
• Set up notifications or webhook triggers for suspicious activity:

  • 10 failures in an hour

  • New device or geo detected
  • Admin privilege assignment/removal
• Only platform or workspace admins can access the full audit trail.
• Logs cannot be directly edited or deleted except by authorized root/admins (preserve audit trail integrity).

Advanced: Geo, Device, SSO Monitoring

• For SSO-enabled orgs, logs record both SSO provider logic (Google, Okta, etc) and user profile.
• Some deployments integrate with external SIEM/log management.

Example: Reviewing an Incident

If an account is suspected to be compromised or misused:

1. Filter login activity for the affected user.
2. Examine IP/location. Look for unknown patterns/times/devices.
3. Combine with Action Logs (flows/agents run, API usage) to trace impact.
4. Use "Export Logs" for compliance, root-cause analysis, or regulatory reporting.

Regular security log review is critical for proactive defense and satisfying industry regulations (GDPR, SOC2, HIPAA, etc). Always keep logs secure and preserve retention periods.