Password Events
Overview
Password events are security-related events connected to password changes, resets, or password-related access activity where supported.
What this feature does
They help administrators review sensitive account changes that may affect user access.
Why it is useful
- It helps detect unauthorized password changes.
- It supports account recovery investigations.
- It gives security teams visibility into access-related changes.
Who should read this?
RISE Admin, Security Officer, Support Manager.
Where to find it
Auth Log or Activity Log, depending on how the password-related action is recorded.
How to use it
- Open Auth Log or Activity Log.
- Search or filter for password-related events.
- Review the user, timestamp, and IP context.
- Compare with failed login events or suspicious activity if needed.
Example workflow
A staff member claims their account was accessed by someone else. The admin checks whether a password reset occurred before the suspicious login.
Screenshot
Screenshot required
Capture from: Rise Audit Pro → Auth Log or Activity Log → Password-related events
Capture from: Rise Audit Pro → Auth Log or Activity Log → Password-related events
Common mistakes
- Ignoring password events during account compromise investigations.
- Sharing password-related logs outside the security or admin team.
- Assuming password event details should include the password itself. Passwords should never appear in logs.
Related articles
- Failed Login Events
- Login Success Events
- Sensitive Data and Privacy Notes
