All log views require a staff-level account with the appropriate API permission. If a section is missing for your account, contact your PropOps administrator to check your assigned permissions.
Activity Log
The Activity Log is the primary audit trail. It shows every event recorded inuser_activity_log — login events, page views, admin actions, guard page outcomes, and more.
Required permission: api.admin.activity_log.view
Open the admin panel
Navigate to your PropOps admin panel. The URL is typically
/admin relative to your installation root.Choose a time range
Use the Time range filter at the top of the page to narrow results. The available options are:
- Last 24 hours (default)
- Last 7 days
- Last 30 days
- Last 90 days
- All time
Filter by activity type
Use the Activity type dropdown to focus on a specific event category. Useful filters include:
failed_login— see all failed authentication attemptsguard_ip_pin_verified— see all successful IP location verificationsstaff_user_status_change— see all account status changes made by staff403_access_denied— see all unauthorised access attempts
Search
The search box matches against decrypted name, email address, IP address, and the
activity_details JSON content. Use it to look up a specific user or IP address.Reading the activity log
Each row in the log shows:| Column | What it means |
|---|---|
| User | The name and avatar of the account that triggered the event |
| Activity type | Machine-readable event category (see Audit Log Reference) |
| IP address | Decrypted source IP — stored encrypted in the database |
| Details | Parsed JSON context for the event (names, URLs, action outcomes, etc.) |
| Time | UTC timestamp of the event |
Security Dashboard
The Security Dashboard gives a high-level overview of your installation’s security posture, including login anomalies, breach detections, file integrity status, and API usage trends. Required permission:api.admin.security_report.manage
Go to the Security Dashboard
In the admin navigation, select Security. The dashboard is typically the default view within the security section.
What the Security Dashboard shows
Failed login attempts
Failed login attempts
A total count for the selected period, plus a breakdown of:
- Suspicious IPs — addresses with 5 or more failed attempts in the last hour
- Targeted accounts — individual accounts with more than 5 failed attempts in 24 hours
- Multi-account spray attacks — IPs that have attempted 3 or more different accounts in 24 hours
login_attempts table and do not require decryption.File integrity alerts
File integrity alerts
A count of unresolved file integrity violations from the
system_security_alerts table. All file integrity violations are treated as critical.Each violation shows:- The affected file path
- When the change was detected
- Whether the alert has been resolved
security_alert_resolved entry to the activity log with your identity and timestamp.Password breach monitoring
Password breach monitoring
A count of accounts where a password breach was detected in the last 7 days. PropOps checks passwords against the HaveIBeenPwned database using a privacy-preserving k-anonymity method.When a breach is detected, the affected account’s sessions are immediately invalidated and a password-reset email is sent. You can also view affected accounts in Admin → Security → Password Breaches.
API usage
API usage
This week vs last week comparison for total API requests. A significant increase can indicate automated abuse, a misconfigured integration, or a spike in legitimate usage.The panel also shows the top endpoints by request volume so you can identify which parts of the platform are being used most heavily.
Active sessions
Active sessions
A total count of currently valid sessions across all users. Cross-reference this with the time of day and expected user population to spot anomalies.
Password Breach Monitoring
A dedicated view of all accounts where a password breach has been detected. Required permission:api.admin.security_report.manage (same as Security Dashboard)
Per-user login history
You can view the login history and recent activity for any individual user directly from their account record.Session management
Administrators can view and revoke active sessions for any user.Open session management
Within the user record, find the Sessions section. This lists all currently active sessions with device type, last-seen time, and approximate location.
Revoke a session
Click Revoke next to any session to immediately invalidate it. The user will be signed out on that device. The revocation is logged to
user_activity_log with your identity as the acting staff member.Find Active Sessions
Locate the Active Sessions or Sessions panel in your profile security settings.
File integrity monitoring log
The file integrity monitor runs automatically every hour and records any unexpected application file changes.Open the Security Dashboard
Navigate to Admin → Security. Unresolved file integrity alerts are shown prominently on the dashboard.
Review violations
Each violation entry shows the affected file, the detected change, and when the check ran. Review the file in question to determine whether the change was an authorised deployment or unauthorised modification.
API Usage Statistics
Detailed API usage logs are available separately from the security dashboard and are useful for tracking integration health or investigating unusual traffic patterns. Required permission: Staff access to the admin panel.Related pages
Audit Log Reference
Complete reference of every event type, log table, and encrypted field.
GDPR & Data Privacy
How PropOps supports UK GDPR compliance, including data retention and subject access requests.
Authentication
Guard pages, session management, and re-authentication flows.
Security Overview
Platform-wide security controls including encryption, headers, and monitoring.