UCI   Office of Information Technology

UCI Information Security
  1. Home
    2.  » 
  2. Information Security Services
    3.  » My Account Activity

My Account Activity

This self-service application allows you to view your recent UCInetID account activity for common OIT services, verify all the activity is legitimately you, and report to OIT Security any suspicious activity that might be someone else accessing your account.

 

How To

  1. Login to the application at https://applications.oit.uci.edu/MyAccountActivity/
  2. Choose time range
      • Select the time range for how far back to search for recent activity. The longer the range, the longer the search will take to complete. The default is the past week.
  3. View activity
      • Click the Submit button and a table containing information about recent activity associated with your UCInetID will be displayed with separate events within your specified time range as rows.
      • Explanation of the different fields:
        • Date Range – The date and time the activity occurred, or range if multiple events. Times are relative to Pacific Time Zone.
        • Count – The number of similar events within the date range.
        • Service – The service or application where the activity occurred.
        • Action – The type of activity that occurred.
        • Result – The result of the action that occurred.
        • IP Address – The IP address of the device that was used to perform the activity.
        • Host Name – The name of the device in DNS that was used to perform the activity (if registered).
        • Internet Provider – The name of the Internet Service Provider (ISP) associated with the IP address of the device used to perform the activity.
        • Location – The estimated geographical location of the device that was used to perform the activity. Note: this is based upon the IP address and not always 100% accurate, but generally a pretty good approximation.
        • Additional Information – Optional extra information specific to the service that might be helpful in remembering what the activity was about.
  4. What to look for
    1. Highlighted suspicious behavior
        • Currently, out-of-state (non-California) activity is highlighted orange, and out-of-country (non-U.S.) activity is highlighted red. Since most people are accessing UCI services within California, you’ll want to review any highlighted activity first as it may be more suspicious. However, since geographical location accuracy isn’t 100%, or you may have legitimately been out of the country/state, or a compromise could have occurred within the state, you’ll still want to review all of the non-highlighted activity too.
    2. Suspicious Host Name and IP Address
        • Verify that you recognize all of the host names and IP addresses as computers or devices you likely have used.
    3. Suspicious Date Range of Events
        • Verify that the time of day when each activity occurred were times that you would have likely used the service.
  5. What to do if something looks suspicious and you believe your account may have been compromised
    1. Change your UCI password(s) at http://www.oit.uci.edu/password/ to prevent an attacker from continuing to use your password.
    2. Contact OIT Security describing the activity you suspect is a compromise. Mention specifically if your account has access to high risk data.

 

Frequently Asked Questions

  • What are the currently supported UCI event types?
    • Successful WebAuth login, VPN login, Office 365 login, Google login, Webmail/IMAP/Sendmail login, DEFT bank update, KSAMS login, UCInetID/Microsoft AD/SBS password change.
  • How often should I check my activity?
    • It is a good habit to check periodically, whether that is daily, weekly or monthly. If you don’t change your password periodically using a uniquely long and hard to guess phrase, don’t use multi-factor authentication, or login from untrusted computers, you’ll want to check your account activity more frequently than not.
  • What is “WebAuth”?
    • WebAuth is a Web Single Sign-On (SSO) service that enables you to use a variety of different online services at UCI without having to login multiple times. Activity involving WebAuth can mean access to many different web applications at UCI. More information can be found at: http://www.oit.uci.edu/idm/webauth/
  • How up-to-date is the data?
    • Most data is “almost real-time”, with the exception of 3rd party cloud data (i.e. Office 365 and Google) which is delayed a few hours.
  • Will activity from other services be added?
    • Yes, in future revisions we will look to add log activity from more UCI services that are helpful and relevant to the broader community.  If you have suggestions, please contact us.