Monitor User Activity

On the Aperture service, you can view user activity across all assets on Box, Microsoft Office 365 for OneDrive and SharePoint, Google Drive, and Salesforce, but it is more limited on Cisco Webex Teams. Because the Aperture service connects to each service using an API integration, it can retrieve the user activity logs and enable you to monitor and investigate the actions of your end users on your data and assets stored in these applications. You can track events, such as file and folder downloads and uploads as well as failed login attempts, or you can learn know how a user shared or collaborated on assets hosted in your SaaS applications.
  1. Select ExploreActivities to view a list of activity logs from application such as Box, Microsoft Office 365 for OneDrive and SharePoint, Google Drive, Salesforce, or Cisco Webex Teams.
    Salesforce requires the User Event Monitoring license to enable the retrieval of all event logs. Without this additional license, only log in and log out events are available to the Aperture service.
    Google Drive requires a Google Apps Unlimited or Google Apps for Education subscription to enable the retrieval of all event logs. Without this additional subscription, only login and logout events are available to the Aperture service.
  2. To filter the list and narrow the results to meet your audit needs, search or use the following facets:
    • Date—Time frame when the user activity occurred. For example: past day, past week, past month, or past year.
    • Action—Activity the user initiated. For example, download, preview, sync, share, delete, or copy a file or folder.
    • Cloud App—Lists the application on which the user activity occurred. For example, Box.
    • Target Type—Lists the location, user, or asset where an activity or change occurred. It allows you to learn about who did what, for example which user initiated an action on a file, space, or folder, or added a user, created a space, performed work on a report, or used the API.
    • Search—Find an item using part of the filename or find a user by the full email address. Because the user activity logs include information on the email address of the user who logged in, the source IP address and location of the user who performed the action, and the name of the item being modified or created, you can match on a phrase or email address.
  3. If Aperture is not monitoring user activity on Google Drive, remove the API client access from Google, then authenticate the Google app again to re-enable access.
    • Open a web browser and log in to
    • Navigate to Manage API client access (located in SecurityAdvanced Settings).
    • Scroll to find the list of Aperture clients.
    • Click Remove.
  4. Click the csv-export.png icon to download the first 100k logs returned as a comma-separated values (CSV) file. You can then open the CSV file in a spreadsheet application to review the activity logs offline.

Related Documentation