Regularly reviewing suspicious login activity helps to detect account compromise or brute force attacks early.
Before You Begin
Ensure you have OSM platform administrative privileges.
Agree with your security team on criteria for identifying suspicious logins (e.g., outside working hours, unusual IP locations, multiple failures in a short time, etc.).
If you want users to view their own login records, encourage them to go to Account Settings > Login Records to check activity in the past 30 days.
It is recommended to use 2FA and mobile device binding settings to further enhance security.
Steps to Follow
Log in to OSM. Navigate to Platform Logs > Usage Logs > User Usage Logs.
Set filter criteria to events related to "login".
Export the CSV report and use spreadsheet tools to filter for the following characteristics:
Multiple login failures for the same account within a short time.
Unexpected IP sources or geographic locations.
Login activity outside of working hours.
For suspicious accounts, refer to the article "How to Handle Account Security Incidents" for subsequent actions.