...
Allows you to view your recent UCInetID account activity for a subset of OIT services, verify all the activity is legitimately you, and report to OIT Security any suspicious activity that might be someone else compromising your account.
Instructions
- Login to the application at https://applications.oit.uci.edu/MyAccountActivity/
- Choose time range
- Select the time range for how far back to search for recent activity. The default is the past day. The longer the range, the longer the search will take to complete.
- View activity
- Click the Submit button and a table containing information about recent activity associated with your UCInetID will be displayed with separate events within your specified time range as rows.
- Explanation of the different fields:
- Date Range - The date and time the activity occurred, or range if multiple events. Times are relative to Pacific Time Zone.
- Count - The number of similar events within the date range.
- Service - The service or application where the activity occurred.
- Action - The type of activity that occurred.
- Result - The result of the action that occurred.
- IP Address - The IP address of the device that was used to perform the activity.
- Domain Name - The name of the device in DNS that was used to perform the activity (if registered).
- Location - The estimated geographical location of the device that was used to perform the activity. Note: this is based upon the IP address and not always 100% accurate, but generally a pretty good approximation.
- Additional Information - Optional extra information specific to the service that might be helpful in remembering what the activity was about.
- What to look for
- Highlighted suspicious behavior
- Currently, out-of-California state activity is highlighted orange, and out-of-U.S.country activity is highlighted red. Since most people are accessing UCI services within California, you'll want to review any highlighted activity first as it may be more suspicious. However, since geographical location accuracy isn't 100%, or you may have legitimately been out of the country/state, or a compromise could have occurred within the state, you'll still want to review all of the non-highlighted activity too.
- Suspicious Domain Name and IP Address
- Verify that you recognize all of the domain names and IP addresses as computers or devices you likely have used.
- Suspicious Date Range for Services
- Verify that the time of day when each activity occurred were times that you would have likely used the service.
- Highlighted suspicious behavior
- What to do if something looks suspicious and you believe your account may have been compromised
- Change your UCI password(s) at http://www.oit.uci.edu/password/ to prevent an attacker from continuing to use your password.
- Contact OIT Security at http://security.uci.edu/incident.html describing the activity you suspect is a compromise. Mention specifically if your account has access to high risk data.
...