User activity you can investigate in Security Center - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

To investigate user activity in Security Center using the Activity trails report, familiarize yourself with the activity definitions.

General user activity

You can investigate the following general user activity:

Alarm acknowledged
Who acknowledged an active alarm.
Alarm context edited
Who edited the context of an alarm.
Alarm forcibly acknowledged
Who forcibly acknowledged an active alarm.
Alarm forwarded
Who forwarded an active alarm.
Alarm snoozed
Who snoozed an active alarm.
Alarm triggered (manually)
Who manually triggered an alarm.
All alarms forcibly acknowledged
Who forcibly acknowledged all active alarms.
Connected to remote Security Desk
Who connected to a remote Security Desk workstation.
Disconnected from remote Security Desk
Who disconnected from a remote Security Desk workstation.
Email a report
Who sent a report, based on a saved reporting task, as an email attachment.
NOTE: The Activity trails report cannot indicate whether or not the recipient has received the email.
Email a snapshot
Who sent a series of snapshots of a video feed as an email attachment.
NOTE: The Activity trails report cannot indicate whether or not the recipient has received the email.
Executed record fusion search
Who performed a search for records registered with the Record Fusion Service.
Health event dismissed
Who dismissed a health event.
Image exported
Who exported a cardholder or visitor picture, or an image from a custom field.
Intrusion alarm acknowledged
Who acknowledged an intrusion alarm.
Intrusion alarm silenced
Who silenced an intrusion alarm.
Intrusion alarm triggered
Who manually triggered an intrusion alarm.
Intrusion detection area disarmed
Who disarmed an intrusion detection area.
Intrusion detection area input bypass activated/deactivated
Who activated or deactivated a sensor bypass in an intrusion detection area.
Intrusion detection area master armed
Who master armed an intrusion detection area.
Intrusion detection area perimeter armed
Who perimeter armed an intrusion detection area.
Macro started/aborted
Who started or stopped a macro.
Output triggered (manually)
Who triggered an output pin (for example, using a hot action).
Record modified in cache
Who modified a record in the record cache.
Report exported/generated/printed
Who exported, generated, or printed a report.
IMPORTANT: To comply with State laws, if the Report generated option is used for an Activity trails report that contains ALPR data, the reason for the ALPR search is included in the Description field.
Send an email
Who sent an email to users, cardholders, or specified email addresses.
NOTE: The Activity trails report cannot indicate whether or not the recipient has received the email.
Threat level set/cleared
Who set or cleared a threat level, and on which area or system.
Unit certificate changed
Who changed the unit certificate.
Unit password changed
Who changed the unit password and whether the password was manually entered or system generated.
Unit password history consulted
Who viewed the password history of a unit.
Unit password recovered
Who recovered the password of a unit.
Unit passwords exported
Who exported the Hardware inventory report with unit passwords.
User logged on/off
Who logged on or off of which Security Center client application.
User logon failed
Who failed to log on to a Security Center client application, and why.

User activity related to access control

You can investigate the following user activity related to access control:

Access control unit rebooted (manually)
Who manually rebooted an access control unit.
Access control unit support logs enabled/disabled
Who enabled or disabled support logs for an access control unit.
Access control unit synchronization started (manually)
Who manually started an access control unit synchronization.
Antipassback violation forgiven
Who forgave an antipassback violation.
Archived visitors deleted
Who manually deleted an archived visitor from the Visitor management task and when an automatic cleanup of archived visitors was run.
Badge printed
Who printed a credential badge.
Card encoded with a DESFire configuration
Who encoded a card with a MIFARE DESFire configuration from the MIFARE DESFire configuration task.
Card encoding tested with a DESFire configuration
Who tested a card encoded with a MIFARE DESFire configuration from the MIFARE DESFire configuration task.
Credential request canceled/completed
Who completed or canceled a credential badge print request.
Credential requested
Who requested a credential badge to be printed, and why.
Device shunted
Who shunted (disabled) an access control device.
Door maintenance mode canceled
Who canceled the maintenance mode on a door.
Door set in maintenance mode
Who unlocked a door by setting it in maintenance mode.
Door unlock schedule overridden (lock/unlock)
Who overrode the lock or unlocking schedule of a door.
Door unlock schedule override canceled
Who canceled the unlocking schedule override of a door.
Door unlocked (explicitly)
Who unlocked a door from Security Desk using a hot action or alarm event-to-action.
Door unlocked (manually)
Who manually unlocked a door from the Security Desk Door widget.
Elevator floor access schedule override canceled
Who canceled an elevator schedule override.
Elevator floor access schedule overridden (free access)
Who overrode a free access elevator schedule.
Elevator floor access schedule overridden (restricted access)
Who overrode a controlled access elevator schedule.
Exported DESFire configuration to file
Who exported MIFARE DESFire configurations to a file from the MIFARE DESFire configuration task.
Exported DESFire configuration to unit
Who exported MIFARE DESFire configurations to an access control unit from the MIFARE DESFire configuration task.
Exported DESFire cryptographic keys to unit
Who exported MIFARE DESFire cryptographic keys to an access control unit from the MIFARE DESFire configuration task.
Firmware upgrade for access control unit scheduled with interface module upgrade
Who scheduled a firmware upgrade for an access control unit and its associated interface modules.
Firmware upgrade for access control unit scheduled without interface module upgrade
Who scheduled a firmware upgrade for an access control unit.
Firmware upgrade for interface module scheduled
Who scheduled a firmware upgrade for an interface module.
Imported DESFire configurations
Who imported MIFARE DESFire configurations from the MIFARE DESFire configuration task.
Inputs shunted
Who unshunted (disabled) an input.
Inputs unshunted
Who shunted (disabled) an input.
Minimum security clearance modified
Who changed the minimum security clearance for an entity, and what the minimum security clearance was set to.
People count reset
Who reset the people count of an area to zero.
Person added to area
Who added a cardholder to an area, using the SDK.
Person removed from area
Who removed a cardholder from an area in the People counting task.
Platform upgrade for access control unit scheduled without interface module upgrade
Who scheduled a platform upgrade for an access control unit.
Scheduled upgrade for access control unit canceled
Who canceled an access control unit's scheduled firmware or platform upgrade.
Set reader mode
Who changed the reader mode for accessing doors between Card and PIN and Card or PIN.
Trusted certificate reset
Who reset the trusted certificate of a Synergis™ Cloud Link unit.
Unlock area perimeter doors
Who unlocked an area perimeter door.
Zone armed/disarmed
Who armed or disarmed a zone.

User activity related to ALPR

You can investigate the following user activity related to ALPR:

Application updated
Who updated a Genetec Patroller™ or a Sharp unit.
Enforce in-lot violation triggered
Who enforced an in-lot violation in a parking zone.
Hit deleted
Who deleted a hit.
Hotlist or permit list edited
Who loaded a hotlist or permit list, or added, modified, or deleted license plates in the list.
Past read matching triggered
Who performed past read matching in Patroller.
Photo evidence report printed (Hits/Reads)
Who printed a hits/reads evidence report.
Plate filtering enabled
Which ALPR Manager role has plate filtering enabled.
Read edited/triggered
Who edited/triggered a license plate read.
Read/hit protected
Who protected a license plate read or hit.
Read/hit unprotected
Who unprotected a license plate read or hit.
Reset parking zone inventory
Who reset the inventory of a parking zone.
Set parking zone occupancy
Who modified the occupancy of a parking zone.

User activity related to video

You can investigate the following user activity related to video:

Archive backup started/stopped (manually)
Who manually started or stopped video from being backed up from an Archiver.
Archiver consolidation started/stopped (manually)
Who started or stopped video from being consolidated from a secondary Archiver to the primary Archiver.
Archive duplication started/stopped (manually)
Who started or stopped video from being duplicated from one Archiver to another.
Archive restore started/stopped (manually)
Who started or stopped video archive from being restored to an Archiver.
Archive retrieval from units started/stopped (manually)
Who started or stopped transferring video from video units to an Archiver.
Bandwidth limit exceeded
Who requested a video stream that was unable to connect because the bandwidth limit for redirected video was reached. Or, who lost a redirected video stream connection because the bandwidth limit was reached and a user with a higher user level requested a stream.
Bookmark added
Who added a bookmark.
Bookmark deleted
Who deleted a bookmark.
Bookmark modified
Who modified a bookmark.
Camera blocked/unblocked
Who blocked or unblocked a camera.
Confidential video requested
Who requested to view a confidential video stream.
Connected to analog monitor
Who connected to an analog monitor.
Disconnected from analog monitor
Who disconnected from an analog monitor.
Key stream removed
Who removed a key stream.
Live/Playback streaming requested from Federation™
Which Federation host requested streaming and from which camera.
NOTE: The name given to the Federation user should be descriptive of the Federation host. For example, instead of using federation_1, use PoliceDepartment or CompanyHeadquarters.
Live streaming started/stopped
Which camera was displayed or removed.
Playback streaming
Which recording was played.
PTZ activated
Who moved an idle PTZ.
PTZ command sent
Which PTZ command the user sent. It can include presets that are set or cleared, patterns that are started, run, or cleared, and so on.
PTZ locked
Who locked PTZ on which camera.
PTZ zoom started/stopped
Who started or stopped PTZ zoom on which camera.
Recording started/stopped (manually)
Who started or stopped recording video manually.
Sequence paused/resumed
Who paused or resumed a video sequence.
Snapshot printed/saved
Who printed or saved a snapshot.
Video exported
What did the user export and where did they save it.
NOTE: If the user lacks the Single user export privilege, both usernames are reported. In a federated system, only the federated username is reported.
Video file deleted (manually)
Who deleted a video file from the system.
Video file protected/unprotected
Who started or stopped protection on a video file.
Video stream not delivered
Who had their video request canceled without having a single frame being rendered.
Video unit identified/rebooted/reconnected
Who identified/rebooted/reconnected a video unit.
Video unit replaced
  • Who replaced a video unit using the Unit replacement tool.
  • Which video unit was replaced.
Visual tracking enabled/disabled
Who enabled or disabled visual tracking in a tile.