.svg)
Enpass organizes event logs into six categories covering activity across the Enpass app, Enpass Hub, and the Admin Console. Use this reference to understand what is tracked in each category.
Users
Events related to user accounts, authentication, and device management.
|
Event |
Description |
|---|---|
|
New Device Registered |
A new device has been added to the user's account |
|
MFA Changes |
Enabling, updating, or resetting two-factor authentication (2FA) |
|
Admin Password Changes |
Adding, changing, or resetting the admin password |
|
Admin Permissions Updated |
Changes to a user's access scopes or permissions |
|
Public Key Changes |
Detection, resolution, or addition of a public key in the Hub |
|
Master Password Changed |
The master password has been updated |
|
Authentication Methods Added |
PIN or biometric authentication configured |
|
Device Deprovisioned |
A previously registered device has been removed |
|
Business Admin Console Login Events |
Successful logins, failed attempts, MFA failures, or blocked logins |
|
Application Login Events |
Successful logins, failed attempts, or multiple unlock failures indicating unusual activity |
Vaults
Events related to vault creation, security, data handling, and synchronization.
|
Event |
Description |
|---|---|
|
Vault Management |
A vault was created, removed, or renamed |
|
Vault Data Handling |
Data was exported, printed, or imported from a vault backup or file |
|
Vault Security |
The vault password was changed, revealed, or a locked vault was removed |
|
Vault Synchronization & Backup |
Sync failed, a Keyfile was exported, or the vault was backed up |
Sharing
Events related to sharing items and vaults with other users.
|
Event |
Description |
|---|---|
|
Item Sharing |
An item was shared via email or clipboard, or a shared item was successfully added |
|
Vault Sharing |
A vault was shared with one or more users |
|
Shared Vault Management |
A new shared vault was created and added to the system |
|
Shared Vault Permissions |
Permissions for a shared vault were updated |
|
Shared Vault Access Control |
Access to a shared vault was revoked |
Recovery
Events related to account and master password recovery.
|
Event |
Description |
|---|---|
|
Account Recovery Management |
Initiation, expiration, approval, or decline of a recovery request; recovery link expiration or revocation |
|
Master Password Recovery |
Successful recovery of a user's account via master password |
|
Recovery Request Issues |
Failure to create a recovery request due to system or user-related issues |
Organization
Events related to user management, group management, policies, and authentication configuration.
|
Event |
Description |
|---|---|
|
User Management |
A user account was created, removed, activated, deactivated, or had its email updated |
|
Group Management |
A group was created, deleted, or modified; users were added or removed from a group |
|
Administrator & Policy Management |
Admin assignment, removal, or permission changes; updates to organization policies and branding |
|
Authentication & Security |
SSO was configured, enabled, disabled, or enforced; a SCIM token was generated |
|
Hub & Recovery Management |
Hub integration, SSL settings, or recovery administration was set up, removed, or modified |
|
Password Policies |
Password rules or policies were created or modified |
App
Events related to the Enpass application, device settings, and data management.
|
Event |
Description |
|---|---|
|
Browser & Security Configurations |
A new browser was linked to the account, or an SSL certificate validation failed |
|
Application Settings & Proxy |
Application settings or proxy configuration were modified |
|
Data & Backup Management |
Storage location or backup settings were changed; local log files were deleted |
|
Account & Vault Updates |
A personal vault was added in the application |
|
System & Device Changes |
Incorrect system time was detected, or all data was erased from the device |
Related Pages
-
Event Logs & SIEM Integration — How to enable and manage event log collection
-
Integrate with SIEM Tools — Forward logs to your SIEM for extended retention and alerting