Page Comparison

...

• Login to the application at https://applications.oit.uci.edu/MyAccountActivity/
• Choose time range
  • Select the time range for how far back to search for recent activity.  The longer the range, the longer the search will take to complete.
• View activity
  • Click the Submit button and a table containing information about recent activity associated with your UCInetID will be displayed with separate events within your specified time range as rows.
  • Explanation of the different fields:
    
    • Date Range - The date and time the activity occurred, or range if multiple events.  Times are relative to Pacific Time Zone.
    • Count - The number of similar events within the date range.
    • Service - The service or application where the activity occurred.
    • Action - The type of activity that occurred.
    • Result - The result of the action that occurred.
    • IP Address - The IP address of the device that was used to perform the activity.
    • Domain Name - The name of the device in DNS that was used to perform the activity (if registered).
    • Location - The estimated geographical location of the device that was used to perform the activity.  Note: this is based upon the IP address and not always 100% accurate, but generally a pretty good approximation.
    • Additional Information - Optional extra information specific to the service that might be helpful in remembering what the activity was about.
• What to look for
  • Highlighted suspicious behavior
    • Currently, out of country state activity is highlighted redorange, and out of state country activity is highlighted orangered.  Since most people are accessing UCI services within California, you'll want to review if any highlighted activity occurred first as it may be more suspicious.  However, since geographical location accuracy isn't 100%, or you may have legitimately been legitimately be out of the country/state, or a compromise could have occurred in a nearby location, you'll still want to review all of the non-highlighted activity too.
  • Suspicious Domain Name and IP Address
    • Verify that you recognize all of the domain names and IP addresses as computers or devices you likely have used.
  • Suspicious Date Range for Services
    • Verify that the time of day when each activity occurred were times that you likely would have likely used the service.
• What to do if something looks suspicious and you believe your account may have been compromised
  • Change your UCI password(s) at http://www.oit.uci.edu/password/ to prevent an attacker from continuing to use your password.
  • Contact OIT at http://www.oit.uci.edu/help/ describing the activity you suspect is a compromise. Mention specifically if your account has access to high risk data.

...