Tracking the status of security actions
Administrators can track the status of security actions taken on devices and logical groups within an organization.
Security actions are implemented to restrict risky users and devices from gaining unauthorized access to corporate resources. The security actions include remediation actions, such as upgrading applications, uninstalling applications, notifying devices. These actions are taken on vulnerable apps installed on devices.
Follow these steps to track the status of security actions.
- From the IBM® MaaS360® Portal Home page, select .
- Click Actions Log icon displayed at the top right
corner.
The Actions page is displayed. The page displays the administrator action log data for the past 6 months.
The Actions page displays the following details.
- Action name: The list of all security actions taken by administrators for the past 6 months.
- Performed on: The target entities on which security actions are performed, such as devices and
logical groups. Logical groups are formed in some scenarios. For example, when the latest version
available for app X is 9.0, and devices in an organization have previous versions (8.1, 8.5, and
8.9) installed. Among these versions, 8.1 and 8.5 have high CVE scores and are highly vulnerable.
The administrator takes remediation action to update these versions to the latest one. In this case,
apps with versions 8.1 and 8.5 are grouped to form a logical group.
This column also indicates whether the action is performed on a single device or multiple devices.
- Status: The status of the security actions performed on the target entities.
- Performed by: Specifies the administrator who performed the action.
- Performed date: Specifies the date and time when the action was performed.
- Filter: You can filter the security actions based on the following criteria:
- Action
- Performed on
- Status
- Performed date
- Search: You can search based on criteria such as performed on or performed by.
- Expand the accordion or twistie next to an action name to view the status trail for that
security action.
The status trail displays the intermediate stages of a security action. For example, when an administrator applies the Upgrade Application action to an app, the status trail for that action includes the following stages: Initiate® Action, Upgrade Application, and Complete.
The applied action progresses incrementally from one stage to the next in the status trail, and all stages must be successfully completed to apply a security action to the target entity. Administrators can use this view to track the current status of the action and also identify the stage at which the action failed.
- If the security action impacts a single entity, you can view the status trail on the Actions page by expanding the accordion or twistie next to the action name.
- If the security action impacts multiple entities, the overall status of the action depends on the status of the actions taken on individual target entities. For example, if administrator applies the Upgrade Application action on a certain version of an app, the action is applied to all devices that have installed that version of the app. Click the action name link to track the status of the security actions at the entity level. For more information, see Tracking the status of security actions at the device level.
Tracking the status of security actions at the device level
Follow these steps to track the status of security actions at the device level.
- Navigate to the Actions page.
- Click the Action name link to view all the devices that are impacted by a
security
action.
The Actions Log page is displayed for the security action.
The page displays the following details.
- The header displays details of the target entity on which the action is performed, such as the
app name or device name, the date and time of the action, and information about the administrator
who performed the action.
Additionally, if the action is performed on an app, the header displays the app's version. If the action is applied to multiple versions, a view all versions link is shown. Clicking the link opens a slide-over window that lists all the impacted versions of the app.
- Quick navigation links display the number of devices in each status. Click the required link to display the corresponding devices in the grid.
- The grid displays the list of devices on which the action is performed, corresponding action status for each device, and the date and time of the last status update.
- The header displays details of the target entity on which the action is performed, such as the
app name or device name, the date and time of the action, and information about the administrator
who performed the action.
- Expand the accordion or twistie next to a device name to view the status trail for the security
action at the device
level.
The status trail displays the intermediate stages of the security action. For example, when an administrator applies the Notify device action to an app, the status trail for that action includes the following stages: Initiate Action, Send notification, and Complete.
The applied action progresses incrementally from one stage to the next in the status trail, and all stages must be successfully completed to apply a security action to the device. Administrators can use this view to track the current status of the action on individual devices and also identify the stage at which the action failed.