Dashboard Data in DirX Audit Manager Classic

Facts are always represented as a column of number value in the DirX Audit Database. The following facts are available:

Facts on Audit Events:

Facts on History Entries:

Dimensions can be represented either as a column of character string value or as a reference to a table representing an enumerated type in the DirX Audit Database. There are following dimensions available for audit events, history entries and risk data:

Date and time (DIM_DATETIME) – date corresponding to the audit event’s Identification – When field.

Date and time (DIM_HST_DATETIME) – date corresponding to a history entry’s validity.

Date and time (DIM_HST_GEN_DATETIME) – manually created date using migration scripts. Values are generated as a view of 10,000 days from the current day into the past.

Month (DIM_HST_MONTH) – only for fact tables on history entries. Contains the same content as DIM_HST_DATETIME but is filled only for the last day in a month or for the current day if the month is not yet finished.

Month (DIM_HST_GEN_MONTH) – derived from DIM_HST_GEN_DATETIME only for the last day in a month or for the current day, if the month is not yet finished.

Operation (DIM_OPERATION) – corresponds to the audit event’s Identification – Operation field.

Application (DIM_APPLICATION) – digested value representing application, also called target system or connected system in DirX Identity.

Where From – Application (DIM_WHEREFROM_APP) – corresponds to the audit event’s Where From – Application field and denotes the application (for example, WebCenter or Manager) with which the action was performed.

Where From – Address (DIM_WHEREFROM_ADDRESS) – corresponds to the audit event’s Where From – Address field.

Who – Organizational unit (DIM_WHO_OU) – digested value representing organizational unit of the audit event’s initiator (Who).

Who – Organization (DIM_WHO_O) – digested value representing organization of the audit event’s initiator (Who).

Who – Country (DIM_WHO_C) – digested value representing country of the audit event’s initiator (Who).

Who – Name (DIM_WHO_NAME) – digested value representing name of the audit event’s initiator (Who).

What – Organizational unit (DIM_WHAT_OU) – digested value representing organizational unit of the audit event’s object (What).

What – Type (DIM_WHAT_TYPE) – corresponds to the audit event’s What – Type field denoting the type of the changed object (What). Note that the object can also be an assignment (for example, User-to-Role).

Assignment mode (DIM_ASSIGNMENT_MODE) – digested value representing the assignment mode.

Workflow (DIM_WORKFLOW) – digested value representing the name of an approval workflow related to the audit event.

Activity (DIM_ACTIVITY) – digested value representing the name of an approval activity related to the audit event.

Detail type (DIM_DETAIL_TYPE) – corresponds to the audit event’s What – Detail field denoting the detail of the changed object (What).

Password self-serviced or assisted (DIM_PWD_SELF_ASSISTED) – digested value indicating whether the password change was self-serviced or assisted by the helpdesk.

Authentication type (DIM_AUTHENTICATION_TYPE) – corresponds to the Identification – Type field of authentication audit events.

Authentication method (DIM_AUTHN_METHOD) – digested value representing the authentication method.

Authentication method type (DIM_AUTHN_METHOD_TYPE) – digested value representing the authentication method type.

Identification – Source (DIM_SOURCE) – corresponds to the audit event’s Identification – Source field.

Identification – Resource (DIM_RESOURCE) – corresponds to the resource name of authorization requests.

Identification – Category (DIM_CATEGORY) – corresponds to the Identification – Category field.

DirX Access audit event code (DIM_DXA_CODE) – digested value representing DirX Access audit event’s code.

Policy (DIM_POLICY) – digested value representing policy name.

History entry type (DIM_HST_ENTRY_TYPES) – corresponds to the history entry’s entry type.

State (DIM_HST_DXRSTATE) – corresponds to the state of the history entry.

Certification campaign type (DIM_HST_DXRTYPE) – corresponds to the history entry’s attribute-based type.

Revoke privilege type (DIM_HST_DXRREVOKEPRIVTYPE) – certification campaign settings for the privilege revocation.

User certification campaign result (DIM_HST_CERRESULT) – user certification campaigns results.

Certification campaign lifecycle state (DIM_HST_CAM_LIFECYCLE_STATE) – all, both user and privilege, certification campaigns states.

Orphaned account (DIM_HST_DXTORPHANED) – an indicator of orphaned history accounts.

Target system (DIM_HST_TS) – target systems of history entries.

Target system link (DIM_HST_TSLINK) – corresponds to the application – also called target system or connected system in DirX Identity – of the history entry.

Workflow status (DIM_HST_RESULT) – history workflow result.

Workflow escalation level (DIM_HST_ESC_LEVEL) – history workflow escalation level indicator.

Certification result (DIM_HST_PARTLY_REJECTED) – certification’s assignments result.

Organizational Unit (DIM_HST_OU) – corresponds to the organizational unit of the history entry.

Organization (DIM_HST_O) – corresponds to the organization of the history entry.

Location (DIM_HST_L) – corresponds to the location of the history entry.

Risk level (DIM_HST_DXRRSKLEVEL) – corresponds to the risk level of the history entry.

Application (DIM_HST_APPLICATION) – application of the history entry.

Day (DIM_DATE_DAY) – virtual dimension value that is derived from DIM_DATETIME and representing a day.

Month (DIM_DATE_MONTH) – virtual dimension value that is derived from DIM_DATETIME and representing a month.

Year (DIM_DATE_YEAR) – virtual dimension value that is derived from DIM_DATETIME and representing a year.

User organizational unit (DIM_HST_USR_OU) – organizational unit of user in approval workflow entry.

Subject organizational unit (DIM_HST_SUB_OU) – organizational unit of subject in approval workflow entry.

Path (DIM_HST_PATH) – approval workflow entry path.

A fact table consists of one or more facts and one or more dimensions. Typically for audit events, there are three facts, for example, total, succeeded and failed or total, accepted and rejected, and several dimensions representing time and other data properties. The fact tables contain aggregated data on audit events or history entries.

DirX Audit is delivered with a set of preconfigured Dashboard components for audit events, history entries and risk data. You can use them directly or as templates, for example in a case when you need to modify a target / connected system name in the dimension filter.

The set of predefined dashboard components for audit events contains a long list of components for DirX Identity and DirX Access audit events. You can also find a generic dashboard component aggregating audit events by the audit source.

The set of predefined dashboard components for history entries contains components for all major DirX Identity entry types including one component that can show aggregated data for all existing entry types in a stacked bar.

The set of predefined dashboard components for risk data contains components for overall user risk.

The dashboard component file name matches the following convention:

{evn|hst|rsk}__source__facttable__fact1[_fact2]__dimension1[_dimension2][__filterdimension_filtervalue].xml

where

evn – indicates that audit events are used as the component’s data source.

hst – indicates that history entries are used as the component’s data source.

rsk – indicates that user risk levels are used as the component’s data source.

source – identifies the audited system; dxa – DirX Access, dxi – DirX Identity, any – any data source.

facttable – specifies the fact table’s name.

fact – specifies the fact’s name.

dimension – specifies the dimension’s name.

filterdimension – specifies the name of the dimension to be used for filtering, or more precisely, slicing.

filtervalue – specifies the value to be used for filtering, or more precisely, slicing.