Monitoring Cloud Pak for Data user activity

An IBM Cloud Pak® for Data administrator can check whether a user is online or offline and see information about the user's current session and previous session. You can use this information to identify suspicious activity and block the user from accessing the web client while the activity is investigated.

Best practice: In addition to monitoring user activity, you should also forward audit logs to an external security information and event management (SIEM) solution. For details, see Exporting Cloud Pak for Data audit records to a security information and event management solution.
Who needs to complete this task?
To monitor user activity, you must have one of the following permissions:
  • Administer platform
  • Manage users
When do you need to complete this task?
Complete this task as necessary to maintain the security of your Cloud Pak for Data environment.

Procedure

To monitor user activity:

  1. Log in to the web client as an administrator.
  2. From the menu, select Administration > Access control.
  3. Open the Users tab.
  4. Select the user for whom you want to see their activity.
  5. Open the Activity tab.
    From the Activity tab you can see:
    • Whether the user is currently online or offline.
    • If the user is online, you can see the user's current sessions and the duration of their current sessions.
    • The user's previous session and the duration of the previous session.

    Use this information to identify suspicious activity. For example, the user is misusing their access or the user's account has been compromised.

  6. Optional: You can prevent the user from logging in to Cloud Pak for Data while you investigate the activity. To prevent the user from logging in, click Block. Then, confirm that you want to block the user.
    If you determine that the activity was justified or if the user's password is updated to prevent unauthorized log in, you can unblock the user from the Activity tab.