Skip to main content
Buy on CodeCanyon
ESC

Searching...

Quick Links

Documentation Home Getting Started

Type to search • Press to navigate • Enter to select

Keep typing to search...

No results found

No documentation matches ""

Documentation
Back to Home Buy on CodeCanyon

Security Monitoring

Using activity logs to detect suspicious behavior and protect the platform

Dec 5, 2025

Activity logs are your first line of defense against security threats. Monitor authentication events, detect suspicious patterns, and respond to potential attacks.

Why Security Monitoring Matters

Your platform contains sensitive business data and customer information. Activity logs help you:

  • Detect brute-force attacks — Multiple failed login attempts
  • Identify compromised accounts — Unusual activity patterns
  • Track unauthorized access attempts — Failed logins from unknown locations
  • Monitor suspicious behavior — Unusual deletion or modification patterns
  • Meet compliance requirements — Maintain security audit trails

Monitoring Failed Login Attempts

Failed logins are often the first sign of a security threat.

Viewing Failed Login Statistics

  1. Navigate to Activity Logs > Analytics
  2. Scroll to the Authentication Statistics section
  3. Review the Failed Logins count

What to look for:

  • Sudden spikes — Sharp increases in failed attempts
  • Consistently high numbers — Ongoing attack attempts
  • Patterns — Regular failed attempts at specific times

Investigating Failed Logins

When you notice suspicious failed login activity:

  1. Click View All Logs from the analytics dashboard
  2. Set Event filter to "Login Failed"
  3. Review the results table

For each failed login, check:

  • Date/Time — When did it happen?
  • User — Which account was targeted?
  • IP Address — Where did the attempt come from?

Identifying Attack Patterns

Click on individual failed login records to see details:

Brute-Force Attack Signs:

  • Multiple failed attempts from the same IP address
  • Attempts targeting the same user account
  • Rapid succession of attempts (minutes apart)
  • Attempts from unusual geographic locations

Credential Stuffing Signs:

  • Failed attempts across multiple user accounts
  • Attempts from the same IP address
  • Different usernames but similar patterns

Taking Action

If you identify a security threat:

  1. Block the IP address at your server/firewall level
  2. Contact affected users if their accounts were targeted
  3. Require password resets for compromised accounts
  4. Enable two-factor authentication for admin accounts
  5. Monitor ongoing to ensure the threat has stopped

Monitoring Successful Logins

Track successful authentications to spot compromised accounts.

Unusual Login Patterns

  1. Navigate to Activity Logs > View All Logs
  2. Set Event filter to "Login"
  3. Review recent successful logins

Red flags:

  • Logins from unexpected locations (check IP address)
  • Logins at unusual times (middle of the night)
  • Multiple logins in rapid succession
  • Logins from different locations within minutes

Investigating Suspicious Logins

Click on a login record to view:

  • IP Address — Does it match the user's normal location?
  • User Agent — Is the device/browser familiar?
  • Time — Is this a normal time for this user?

If a login looks suspicious:

  1. Contact the user to verify it was them
  2. If unauthorized, reset their password immediately
  3. Review their recent activity for unauthorized changes

Monitoring Deletion Activity

Unusual deletion patterns can indicate malicious behavior or compromised accounts.

Tracking Deletions

  1. Navigate to Activity Logs > View All Logs
  2. Set Event filter to "Deleted"
  3. Review what's being deleted

Warning signs:

  • Mass deletions — Many records deleted in a short time
  • Critical data — Important cards, rewards, or members deleted
  • Unusual users — Deletions by accounts that don't normally delete
  • After-hours activity — Deletions at odd times

Setting Up Regular Security Checks

Create a routine security monitoring schedule:

Daily Checks (5 minutes)

  1. Open Activity Logs > Analytics
  2. Review Authentication Statistics
  3. Check for spikes in failed logins
  4. Review Recent Activity for anything unusual

Weekly Checks (15 minutes)

  1. Review Failed Logins for the past 7 days
  2. Check Most Active Users for unexpected accounts
  3. Filter deletions and review critical records
  4. Export logs for compliance records

Monthly Checks (30 minutes)

  1. Analyze Activity Timeline for unusual patterns
  2. Review User Types Breakdown for anomalies
  3. Check all failed logins from the past month
  4. Generate security report for stakeholders

Best Practices

Practice Description
Enable IP Logging Ensure accurate IP capture for identifying attack sources
Monitor Admin Accounts Admin accounts have the most power—watch closely
Set Up Alerts Use external monitoring for threshold-based alerts
Regular Exports Export logs monthly for long-term analysis
Educate Users Train on strong passwords and phishing recognition
Two-Factor Authentication Require 2FA for all admin accounts

Related Topics