Where to find the various Orchestrator events in the database?

a.) All sessions established [ex: Successful Orchestrator login, Robot/Studio connection]

- [dbo].[Sessions] and [dbo].[UserLoginAttempts]. Historical successful Robot/Studio Connections are not recorded due to the amount of data that would generate, basically every time the connection is lost it would have events.

Current sessions are not tracked in the [dbo].[Sessions] table. [dbo].[UserLoginAttempts] tracks both successful and unsuccessful User logins.

b.) Invalid or unauthorized authentication attempts to access information resources. [ex: Failed Orchestrator login, failed Studio/ Robot connection]

- [dbo].[UserLoginAttempts] for Failed Logins and Orchestrator.BusinessExceptions, Failed Connections - Orchestrator.BusinessExceptions - Invalid Machine Key (Bad Machine Key, Good Machine Name), Machine does not exist (Good Machine Key, Bad Machine Name)

c.) Action of individuals with root or elevated privileges (e.g., system and database administrators).[ex:Any settings changed by Orchestrator admin or custom roles ]

- Some are tracked in [dbo].[AuditLogs], some can not when it comes to server side changes or DB write ops (this should be tracked internally through Audit of SQLServer operations and limiting permissions)

d.) Any attempt by the administrator to authorize any user to bypass the administrator-configured data integrity controls. [ex similar to #c]

- Anything done outside the application's code can't be tracked without Auditing the resources that were tampered with. Operations that go through Code are tracked in [dbo].[AuditLogs]

e.) Creation or changes in user or information resource security accounts, profiles, ACLs, privileges, and attributes. [Ex: changes in account settings similar to #C]

- [dbo].[AuditLogs]

f.) Use of privileged accounts. [ex: similar to #C]

- [dbo].[UserLoginAttempts]

g.) Creation, storage, or revocation of encryption/decryption keying material.[ex: security settings in Orchestrator]

- [dbo].[AuditLogs] for Security Settings in Orchestrator, for other changes like web.config changes or server side ones - FileSystemWatcher could do the trick.

h.) Shutdowns, restarts, and backups. [any Orchestrator activity specially shutdown, restarts]

- Orchestrator events in EventViewer (Look for events like Orchestrator is starting).

i.) Installation and updates of software.[ex table that tracks updates and patches]

- [dbo].[MigrationHistory] tracks migrations, but exact version to version history is not currently available.

j.) Access to audit logs. [audit log table]

- It is not tracked explicitly in Orchestrator, the access is done based on permissions to view Audit information.

k.) Changes to audit log configurations. [similar to #C]

- [dbo].[Auditlogs]

Refer https://schemaspy.readthedocs.io/en/latest/started.html to get a graphical representation of the schema.