FUJ00158710 - Fujitsu - Audit Extraction Client User Manual - Document Reference:DEV/GEN/MAN/0015 - Release:17.58 - Version 9.0
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Document Title: Audit Extraction Client User Manual
Document Reference: DEV/GEN/MAN/0015
Document Type: User Manual
Release: 17.58
Abstract: User manual for the HNG-X Audit Extraction client application
Document Status: APPROVED
Author & Dept: Gerald Barnes
External Distribution: None
Security Risk YES
Assessment Confirmed
Approval Authorities:
Name Role Signature ate
Jason Muir Operational Security Manager See Dimensions for record
Prosecution Support Service
See HNG-X Reviewers/Approvers Matrix (PGM/DCM/ION/0001) for guidance on who should approve.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version’ 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 1 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual .
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN E&
CONFIDENCE)
0
Document Control
0.1 Table of Contents
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
6.1.1 Marking Files...
6.1.2
6.1.3 Audit Data Check Seal
6.1.4
8.1
8.2
8.2.1 Pin to Start..
8.2.2 Pin to startbar.
8.3
8.4
DOCUMENT CONTROL...
Table of Contents.
Table of Figures.
Document History.
Glossary....
Changes Expecte
Accuracy...
SCOPE.....cscssssssssesesessessssssssssssssescesseerscssesenssceeessnsssecasasecscsecesanecseesensesenecassnnesesasees 9
TERMINOLOGY. ......scscsssssssssesescessrsrsnessererscessssesssssessnsesseesenenececeensesenessnseneneseseners 9
AUDIT DATA INTEGRITY.
RETRIEVAL SCHEMATIC..
OVERVIEW 12
Audit Record Query.
Audit File Retriever.
13
Audit Extractor Client 13
LOGGING ON TO THE AUDIT WORKSTATION .........:sscssssesesesssssesetsesssesseeceeee 13
USING THE AUDIT EXTRACTION CLIENT APPLICATION.........cscssssseseseseeee 14
About the Application.
Starting the Applicatio
Validating the envi
The Main Form.
8.4.1 Menus... 16
8.4.2 — Toolbar.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 2 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.4.3 Data Centres Panel
8.5 ‘Slow’ ARQ Form:
8.5.1 Creating a New
8.5.2 I Opening an Existing AR
8.5.3 Specifying Selection Criteria for Retrieval.
8.5.4 Maintain ARQ....
8.6 ‘Fast ARQ’ Form..
8.7. Closing an ARQ.
8.7.1 Closing Policy.
Appendix 1 FLOWR Query Languag:
Appendix 2 Example ARQ Audit Log.
Appendix 3 PGP Zip Configuration.
0.2 Table of Figures
Figure 1 — Audit File Retrieval......
Figure 2 - Audit Extractor Client Splash Screen.
Figure 3 - Audit Extractor Client Main Multiple Document Interface form.
Figure 4 - Audit Extractor Client Main form showing File menu.
Figure 5 - Audit Extractor Client Main form showing Tools Menu...............:c:::ceeeseeeeeeee
Figure 6 - PAN Management Dialogue.
Figure 7 - Audit Extractor Client Main form showing Window menu.
Figure 8 - Audit Extractor Client Main form showing Help menu
Figure 9 — About message box.
Figure 10 - New ARQ form.
Figure 11 - Open ARQ form..........
Figure 12 — Details of Current Query form.....
Figure 13 - Specify Selection Criteria form....
Figure 14 — Discard Selection dialogue...
Figure 15 - Update Audit Points or FAD Code..
Figure 16 — Add Events Audit Points message box.
Figure 17 - Select PAN form.....
Figure 18 - Maintain ARQ form - ARQ Details tab.............
Figure 19- Maintain ARQ form - Retrieval Criteria tab...
Figure 20 - Maintain ARQ form — Audit Tracks tab.
Figure 21 - Maintain ARQ form — Filtering tab (Message based)...
Figure 22 - Maintain ARQ form — Showing View Abstraction Errors button.
Figure 23 — Abstraction Errors form...
Figure 24 - Maintain ARQ form — Filtering tab (Text based).....
Figure 25 - Maintain ARQ - Text Based filtering - PAN Dialogue.
© Copyright Fujitsu Services FUJITSU RESTRICTE! (COMMER' TAL IN Ref. DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 3 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Figure 27 — Maintain ARQ form — Validation and Query — Gaps and Duplicates found.... 43
Figure 28 — Maintain ARQ form — Validation and Query — No messages found..... 44
Figure 29 - Maintain ARQ form - Validation and Query tab - Select Query...
Figure 30 - Maintain ARQ form - Validation and Query tab - Select Query - Available Queries...
Figure 31 - Maintain ARQ form - Validation and Query tab - Select Query (Populated)..............:0:ccce
Figure 32 - Maintain ARQ form - Validation and Query tab - Execute Query...
Figure 33 - Maintain ARQ form — Presentation tab.
Figure 34 - Fast ARQ form.
Figure 35 — Continue confirmation message box..
Figure 36 — Exit Fast ARQ confirmation message bo;
Figure 37 - Close ARQ form.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 4 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
0.3 Document History
VersionNo. Date Summary of Changes and Reason for Issue Associated Change -
CP/PEAK/PPRR
Reference
4 24/01/09 For informal review
02 07/05/2009 Incorporates comments from Group Review
05 08/10/2009 Incorporates amendments arising from Testing
06 09/10/2009 For Review
1.0 26/10/2009 Approved version incorporating comments from review
14 05/05/2010 Draft incorporating changes for Audit Strengthening CP0336
2.0 14/06/2010 Approved version. CP0336
24 12/01/2011 Draft incorporating changes for reporting duplicate message PC0205806, PC0206531
sequences and formatting event data.
3.0 08/02/2011 Approved version incorporating comments from review
34 30/06/2015 Change Centera to Eternus. cP0847
40 27/07/2015 ‘The approved version having taken into account all comments I CP0847
received
44 15/06/2016 Changes for HDCR. cP1564
42 1107/2016 Changes as a result of a review by Andy Dunks. cP1564
5.0 21/07/2016 The approved version cP 1564
5A 22/08/2016 Introduce the new query PC0252826
Hx_IOPMailServiceSDAddressWithExtraAddresses.xql.
52 24/01/2017 ‘Add new section detailing the configuration of the PGP Desktop I PC0255637
functionality.
53 20/02/2017 Incorporation of review comments
54 20/02/2017 Document some new audit queries. PC0256298
55 27/02/2017 ‘Some changes to the new queries documented in version 5.4 0257379
56 07/03/2017 Some minor updates about the new Hx_JSN query. PC0257379
87 10/03/2017 Document new and amended queries to output the poid CP 1913
elemenvattribute
58 03/04/2017 Document two new queries which output additionally the method I PC0258294
of payment. Hx_ IOPPANBarcodesWithPaymentCode.xql is
based on Hx_IOPPANBarcodes.xql
Hz_IOPPANBarcodesWithPaymentCode.xql is based on
Hz_IOPPANBarcodes.xq]
59 13/04/2017 Put this document out for review again with the changes of the I PC0258294
draft 5.8 in,
60 10/05/2017 The approved version. PC0252826
PC0255637
PC0256298
PC0257379
CP 1913
PC0258294
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 5 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
64 24/10/2017 Itwas requested during the 2017 PCI audit that ARQs be closed I CP6619
regularly (ref “PCI SNO 18"). Section 8.7.1 "Closing Policy” has
been added to satisfy this request.
7.0 08/11/2017 The approved version CP6619
7A 14/11/2017 Document the Hx_Pouches.xql query. Pc0264249
80 1112/2017 The approved version Pc0264249
a4 23/02/2018 ‘Add some extra fields to the Hx_IOPMailServiceSDAddress PC0267150
query.
82 23/03/2018 Apply comments from the SSC. PC0267150
83 23/03/2018 ‘Add a new field to the Hx_IOPPANBarcodes.xql query PC0267766
84 04/05/2018 Document the new Hx_BranchTradingStatement.xql and PC0269657
Hx_BFwdandCFwd.xql queries. pc0269668
90 21/05/2018 The approved version PC0269657
PC0269658
0.4 Review Details
See HNG-X Reviewers/Approvers Matrix (PGM/DCM/ION/0001) for guidance on completing the lists below. You
may include additional reviewers if necessary, but you should generally not exclude any of the mandatory
reviewers shown in the matrix for the document type you are authoring.
Review Comments by
Review Comments to Gerald Barnes & RMGADocumentManagement( ~~
Mandatory Review
Role Name
Ssc Steve Parker (*)
Customer Services (Prosecution Support Analyst) SecOps (cspoa.securit
Role Name
Test Dave Bower
Issued for Information lease restrict this
distribution list to a minimum
Position/Role Name
(*) = Reviewers that returned comments
0.5 Associated Documents (Internal & External)
Reference Version Date Title Source
PGM/DCM/TEM/0001 POA HNG-X Generic Document Dimensions
(D0 NOT REMOVE) Template
ARC/SEC/ARC/0003 HNG-X Technical Security Dimensions
Architecture
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 6 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
DES/APP/HLD/0029 Audit Data Retrieval High Level Dimensions
Design
DEV/APP/LLD/0071 Audit Data Retrieval Low Level Dimensions
Design
DEV/APP/SPG/0016 Audit Extraction Client Support Guide I Dimensions
DEV/INF/ION/0001 Archive Server Configuration Dimensions
SVM/SDM/SD/0017 Security Management Service — Dimensions
Service Description
SVM/SEC/PRO/0017 Management of the Prosecution Dimensions
Support Service for Audit Record
Queries
DES/APP/HLD/0123 HNG-X HLD - Settlement Functions Dimensions
Unless a specific version is referred to above, reference should be made to the current approved
versions of the documents.
0.6 Abbreviations
Abbreviation Definitior
AE Audit Extractor
APOP Automated Payments Out-Pay
ARQ Audit Record Query
AUWv2 Audit Workstation Version 2
BRDB Branch Database
cs Customer Services
DR Disaster recovery
FAD Financial Accounts Department
HNG-X Horizon Next Generation — Plan X
IKey USB security token used for two-factor authentication
IRE11 The active data centre in Ireland that replaces the Bootle data centre
IRE19 The DR failover data centre in Ireland that replaces the Wigan data centre
MSAD Microsoft Active Directory
NBX Network Banking Transaction.
PAN Personal Account Number. The number associated with a credit or debit
card.
PIN Personal Identification Number
Peak Problem Management System operated by Fujitsu Services
PO Post Office
POLIA Post Office Limited, Internal Audit
PSS Prosecution Support Section
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIALIN Ref. DEV/GEN/MAN/0015—
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 7 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
SSC Software support centre
TMS Transaction Management System
0.7 Glossary
Term Definition
Gatherer The module responsible for collecting the audit files from the hosts, agents,
correspondence servers and interface mechanisms. This module is also
responsible for the application of the audit file naming policy.
Sealer The module responsible for calculating the checksum seal of each audit
data file before it is written to the audit archive. This value is recalculated
after data is extracted by the Retriever and compared to the original value
when first sealed. Used to ensure data integrity during storage on audit
archive.
Retriever The module responsible for moving audit data from the buffers where it is
placed when retrieved by Eternus.
Extractor The Client/Server system responsible for retrieving data from Eternus and
managing Audit Data Extractions.
Eternus Online mass disk storage unit selected by the Royal Mail Group Account to store
and manage audit data
Sec Ops The team that runs ARQs and sends the results to the Post Office.
0.8 Changes Expected
ie
0.9 Accuracy
Fujitsu Services endeavours to ensure that the information contained in this document is correct but, whilst every
effort is made to ensure the accuracy of such information, it accepts no liability for any loss (however caused)
sustained as a result of any error or omission in the same.
0.10 Security Risk Assessment
There are no security risks relating specifically to this document.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 8 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
1 Introduction
In addition to the historic data collected under Horizon, the HNG-X system generates significant amounts
of data that is of interest to Post Office Ltd Internal Audit (POLIA) and other groups.
This document describes the Audit Extraction Client application that is run on the Audit Workstations
(AUWv2s). The AE client provides functionality to manage Audit Record Queries (ARQs) and to retrieve
and process audit data from the audit archive.
2 Scope
This document describes the functionality provided by the Audit Extraction Client for the retrieval,
filtering and querying of audit data and the managing of Audit Record Queries (ARQs).
It does not provide any details of the processes involved in handling requests for audit data. For process
information see document SVM/SEC/PRO/0017 — Management of the Prosecution Support Service for
Audit Record Queries.
3 Terminology
Within this document certain terms are used which have specific meaning within the audit solution. They
are:
Filtering : Filtering is the process of searching the retrieved audit files for specified FAD codes
or strings in order to select a subset of data for further processing. The user has the
option of selecting the whole file in which a match is found or of just selecting the
matching messages or records.
Query: A specification using the XQuery language for the selection of messages and
message attributes from retrieved audit data. A number of standard queries are
provided as part of the audit system.
Querying : Querying allows the selection of the message attributes to be included in the final
output and also allows for a finer granularity of message selection to be applied.
4 Audit Data Integrity
The Audit Extraction Client is compatible with the HNG-X Security Architecture (see
ARC/SEC/ARC/0003 — HNG-X Technical Security Architecture).
The integrity of audit data must be guaranteed at all times and controls have been established to provide
assurances to Post Office Internal Audit that this integrity is maintained.
During audit data extractions the following controls apply:
1. Extractions can only be made through dedicated Audit Workstations (AUWv2s) which exist at
Bracknell and Lewes. The AUWv2s are subject to rigorous physical security controls: they are
located in secure rooms subject to proximity pass access within a secured Fujitsu Services site.
2. Logical access to the AUWv2s and their functionality is controlled by two-factor authentication
using dedicated logins, password control and a second authentication factor.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 9 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
3.
5
Checksum seals are calculated for audit data files when they are written to the audit archive and
re-calculated when the files are retrieved.
Retrieval Schematic
The diagram below details the process of retrieving Audit Files from the Audit system.
In brief the process comprises:
1.
Define the Audit Files to be retrieved.
2. Retrieve list of matching files from the Sealer database.
3. Submit the list for retrieval from the Audit Eternus.
4. Seal check the retrieved Audit Files, comparing the generated seal with the value held for the
Audit File at the Sealer database.
5. Optionally, filter or query the retrieved data.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 10 of 72
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Re)
FUJITSU
FUJ00158710
FUJ00158710
‘Audit
Extraction
System
RMGA Prosecution
‘Support Service
Audit Server udit Workstation
Sealer sig Assurance
Database: Zs
TMS and lie
hiciont
here: yaa Heoinabe
: ns
=I Audit File Copy Notepad /
ae patover Cm emer II
‘ J orem
5 ex, = pee
email eon
Foie! tans
Audit
Record
Query
Figure 1 — Audit File Retrieval
© Copyright Fujitsu Services
Limited 2009-2017
FUJITSU RESTRICTED (COMMERCIAL IN Ref.
CONFIDENCE) Version:
UNCONTROLLED IF PRINTED Date:
Page No
DEV/GEN/MAN/0015
9.0
21 May 2018
11 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Fe)
FUJITSU
6 Overview
The audit extraction process assumes that audit data has been gathered, sealed and written to the audit
archive. The main types of files that are gathered are:
a. TMS Journals from the Correspondence Servers (Horizon)
b. Branch Database Journal Messages (HNG-X)
c. Output from database tables
d. Transaction files to and from PO systems (via gateways)
e. Tivoli Event files
f. NBX
g. Output from APOP database tables
All file types are referenced in DEV/INF/ION/0001.
The following table lists the different groups that can request audit data and shows how these map to the
Requester value that is selected on the New ARQ or Fast ARQ forms:
Group requesting audit data Requester value
Post Office Limited, Internal Audit POCL IA
Post Office Limited, Security POCL Security
Post Office Limited, Other POCL Other
Fujitsu Pathway, Internal Audit Pathway IA
Fujitsu Pathway, System Support Centre
Pathway SSC
Fujitsu Pathway, Other
Pathway Other
Other 3 Parties (e.g. police)
Other 3” Party
6.1 Audit Record Query
The following paragraphs present an overview of each step in the extraction process and are ordered to
reflect the actual processing of an ARQ.
All POLIA requests for audit data are made via the standard Audit Record Query form, generally sent via
e-mail. Details of outlet, Branch Code and timeframes are required in order to fulfil the request. In
addition to this, specific requirements may be requested.
Contractual limits and turnaround times for the provision of Audit Record Queries are detailed in the
document SVM/SDM/SD/0017.
Internal requests for data extraction will be in the form of a Peak on the CS Security stack.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 12 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
6.1.1 Marking Files
The audit data files required to satisfy the audit data request are marked for retrieval.
6.1.2 Audit File Retriever
Retriever copies the requested files from the Eternus buffers and makes them available to the Sealer for
seal verification.
6.1.3 Audit Data Check Seal
To assure the integrity of the audit data while on the audit archive, the checksum seal for the file is re-
calculated by the audit file sealer and compared to the value calculated when the file was originally
written to the audit archive. The result is maintained in a check seal table.
6.1.4 Audit Extractor Client (AEClient)
This is a facility that uses various tools to extract or reform the retrieved audit data in accordance with
the ARQ for despatch to the ARQ originator.
7 Logging on to the Audit Workstation
There are Audit Workstations located at both the Bracknell and Lewes Fujitsu offices. These machines
are not connected to the Fujitsu network but have direct lines to the IRE11 and IRE19 Audit Servers.
The Audit workstation implements the HDCR Windows 10 Secure Workstation build. Restricted access
to workstation functionality will be implemented based upon the MSAD group to which the user belongs.
Two groups exist for Audit Workstation access:
1. Audit Users
The standard user account. Members of this group will be able to perform extraction and
analysis of data held on the Audit system.
2. Audit Admin
Grants access, from the Audit workstation, to the operational area of the Audit servers to allow
investigative and maintenance tasks to be performed.
Access to the Audit workstation is via two-factor authentication: the user requires an IKey security token
and a PIN number. The user inserts their [Key token into a USB port on the audit workstation and is then
presented with a screen on which to enter their PIN number.
8 Using the Audit Extraction Client application
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 13 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.1 About the Application
The Audit Extraction Client application implements a multiple document interface allowing access to
multiple ARQs across all servers simultaneously.
The concept of WIGAN and BOOTLE servers has been retained. The IRE11 data centre is equivalent to
BOOTLE and the IRE19 data centre is equivalent to WIGAN.
8.2 Starting the Application
Initially the application can be accessed by double clicking on the file C:\Program Files
(x86)\AuditExtractorClient\AEClient.exe.
However it is recommended, to speed access in the future, the user right clicks on the file and selects
either “Pin to Start” or “Pin to startbar’.
8.2.1 Pinto Start
To start the client in future click the “Start Button” (or press the Windows Key), scroll down and select the
Audit Client —
AEClient
8.2.2 Pin to startbar
8.3. Validating the environment
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 14 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Audit Extraction Client Application.
Version 14.16 (revision 4) I
RV SIGStING COMFIQUISN ON. enn
General Temp Files - D:\ClientueryT emp
Validation successful
Checking session details.
Initialising server access.
--Checking Server IRE11
~-~RFI DB not connected
I
I
I
I
I
I
I
I
4
Figure 2 - Audit Extractor Client Splash Screen
Once started the application performs a number of checks to ensure that the environment has a valid
configuration, and that at least one Audit server is accessible.
During the check the Audit Extraction Client splash screen (Figure 2) is displayed.
In the event of a configuration error being detected, or no Audit servers being accessible, an appropriate
message is displayed to the user and execution terminated. If this occurs, Audit support should be
contacted.
Upon successful completion of the validation, the splash screen will briefly show a list of connected Audit
servers before displaying the main Audit Extraction Client form.
8.4 The Main Form
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 15 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
1 OTHsI38
THs
Mm ovHssa8
% i [tine Gres” [Ole BAO]
Figure 3 - Audit Extractor Client Main Multiple Document Interface form
The main form (figure 3) allows access to all of the Audit Extraction Client features, encapsulating ARQ
management, data retrieval and data extraction.
The form is a multiple document interface which allows multiple ARQs to be open simultaneously.
8.4.1 Menus
8.4.1.1 File
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 16 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
ser: GBanes
Figure 4 - Audit Extractor Client Main form showing File menu
The File menu has five sub-menu items:
Fast ARQ
Displays the Fast ARQ form. When selecting this option the user will be required to supply the
data centre at which the ARQ should be created.
New ARQ
Displays the New ARQ form. When selecting this option the user will be required to supply the
data centre at which the ARQ should be created.
Open ARQ
Displays the Open ARQ form. When selecting this option the user will be required to supply the
data centre at which the ARQ to be opened was created.
Close ARQ
Displays the Close ARQ form. When selecting this option the user will be required to supply the
data centre at which the ARQ to be closed was created.
Exit
Closes the application.
8.4.1.2 Tools
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 17 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
ff DataCenter
MB RET!) -Comected
Figure 5 - Audit Extractor Client Main form showing Tools menu
The Tools menu has one sub-menu item called PAN Manipulation that displays the PAN Management
dialogue.
si PAN Management
EnterPAN —[ : :
Enty Type [Clear ea (peepee I
PAN ]
: Exit {
Figure 6 - PAN Management Dialogue
The PAN Management dialogue allows the user to enter a PAN in clear, encrypted or hashed form and
generate other forms of the PAN value.
The output generated for each entry type is shown in the table below:
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 18 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Clear Clear and Hashed
Hashed Hashed
Encrypted Clear and Hashed
It should be noted that for Audit purposes there is no requirement to encrypt clear PANs.
Actions performed via this dialogue are recorded for internal audit purposes (see DEV/APP/SPG/0016 —
Audit Extraction Client Support Guide for details).
8.4.1.3 Window
“i
[5 ® Data Cortes
‘8 MD IRETT 6) -Corewcted
ier Goanes (Cate dereron1g
Figure 7 - Audit Extractor Client Main form showing Window menu
The Window menu has one sub-menu item:
Cascade
Allows open forms within the MDI form to be arranged as cascaded windows.
8.4.1.4 Help
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 19 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
[ss GBanes [Dave 08/06/2010
Figure 8 - Audit Extractor Client Main form showing Help menu
The Help menu has one sub-menu item called About that displays a message box showing the version
number of the AE client application.
Version 20.0.3
The Audit Extraction Client provides functionality to
fetrieve and process data from the audit archive and to
manage Audit Record Queries.
icc I
=
Figure 9 - About message box
8.4.2 Toolbar
The toolbar provides buttons for the following operations:
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version:
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 20 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
* Create a new ‘fast’ ARQ
« Create a new ‘slow’ ARQ
e Open an ARQ
* Close an ARQ
8.4.3 Data Centres Panel
The Data Centres panel (see Figure 3) is tied to the left side of the screen and consists of two parts:
1. The Data Centres section in the top part of the panel displays the status of all configured data
centres and lists active ARQs under the data centre at which they were created.
2. The Available Forms section in the lower part of the panel displays icons representing any open
forms that have been minimised.
The relative sizes of the two sections can be changed by clicking on the top edge of the Available Forms
‘title bar’ and dragging it with the mouse.
The Data Centres section provides access to a number of functions, as well as providing a graphical
indication of system and ARQ status.
Clicking on an icon in the Available Forms section restores the form to its original size.
8.4.3.1 System Status
The Audit Extractor Client periodically checks whether a connection can be made to each of the
configured data centres. The results are indicated by the icon displayed to the left of the data centre
name and by descriptive text following the name.
A data centre is considered to be connected if both the RFISQL and SEALERSQL databases can be
accessed.
Icon_I Status Meaning
[J Connected The data centre is accessible and useable
[-] Not Connected One or both of the RFISQL and SEALERSQL databases are inaccessible. No ARQ
actions are possible.
8.4.3.2 ARQ Status
The ARQ Status, as indicated by the icon to the left of the ARQ, has one of the following values:
Icon_I Status Meaning
oO Normal The ARQ is available.
o Open The ARQ is open in the current user session
DB I locked The ARQ is locked by another user or at a different work station. The ARQ cannot be
opened by the current user while in this state
® I Attention The ARQ has been opened by the current user, at the current work station but under a
different session. The ARQ must be reset using the AEAdmin tool.
8.4.3.3. Functional Access From Data Centres Window
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 21 of 72
fee)
FUJITSU
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Quick access to the Fast, New, Open and Close ARQ forms is gained by right clicking on the required
data centre. When these forms are accessed via this route the target data centre is automatically
completed and does not show on the forms.
Where active ARQs are displayed, right clicking on the ARQ will display a drop down menu with the
following options:
Open -
Status -
Close -
For a ‘slow’ ARQ, opens the selected ARQ at the current stage.
For a ‘fast’ ARQ, opens the selected ARQ in the Fast ARQ form.
Displays the ARQ Status form.
Displays the Close ARQ form populated with the selected ARQ details.
Double clicking on an active ARQ will open a ‘slow’ ARQ at the current stage or a ‘fast’ ARQ in the Fast
ARQ form.
When a ‘fast’ ARQ is re-opened, all the fields of the Fast ARQ form are read only. No further updates
can be made to the ARQ.
8.5 ‘Slow’ ARQ Forms
8.5.1 Creating a New ARQ
New ARQ
{
I Data Cente [ ind
. Query
Requester [ $] Date Received §= [26/01/2009
Catalogue Entry [~~ __ Date Required [26/01/2008
Receipt Reference
Access Reason
Specity ¢ Save Request
This option is used to setup an audit trail for a request and to specify the search criteria identified from
Figure 10 - New ARQ form
the ARQ form.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 22 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
The New ARQ form can be displayed in three ways:
1. Select ‘New ARQ’ from the File menu.
When opened from the File menu, the New ARQ form will be displayed as in Figure 10. The
Data Centre frame at the top of the form allows the selection of the data centre in which the new
ARQ is to be created.
2. Click the ‘New ARQ’ button in the toolbar.
When opened from the toolbar, the New ARQ form will be displayed as in Figure 10. The Data
Centre frame at the top of the form allows the selection of the data centre in which the new ARQ
is to be created.
3. Right click on the required data centre and select ‘New ARQ’ from the drop down menu.
When opened by right clicking a data centre, the Data Centre frame is not shown in the form as
the data centre will automatically be set to the one which was clicked. The title bar of the form
shows the name of the selected data centre.
Field i I Input Value : : I Mandatory?
“Data Centre (if displayed) The data centre at which the ARQ is to be created. I Mandatory
Requester Select From: Mandatory
Other 3” party
Pathway IA
Pathway Other
Pathway SSC
POCLIA
POCL Other
POCL Security
Date Received The date the request was received. Mandatory
Date Required The date the request is to be returned. Mandatory
Catalogue Entry Is left blank. Not used
Receipt Reference ARQ Number, taken from the ARQ form. Mandatory
Access Reason Reason for request. Optional
Once the mandatory data has been entered one of the following actions may be performed:
Specify Selection Criteria
Saves the ARQ details to the RFI database, creates the ARQ directory structure in F:\UserArea
on the selected Audit Server and displays the Specify Selection Criteria form (see section 8.5.3).
Save Request
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 23 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Saves the ARQ details to the RFI database and creates the ARQ directory structure in
F:\UserArea on the selected Audit Server.
(F:\UserArea is a folder of the Audit Server that contains a sub-directory for each ARQ.)
The newly created ARQ will be displayed underneath the appropriate data centre in the Data Centres
window.
8.5.2 Opening an Existing ARQ
Bini
Open ARQ
I Data Centre I ied]
Query Reference =] Show Query Details
Access Reason
Figure 11 - Open ARQ form
An active ARQ may be opened in five ways:
1. Select ‘Open ARQ’ from the File menu.
When opened from the File menu, the Open ARQ form will be displayed as in Figure 11. The
Data Centre frame at the top of the form allows the selection of the data centre from which the
AR@Q is to be opened.
2. Click the ‘Open ARQ’ button in the toolbar.
When opened from the toolbar, the Open ARQ form will be displayed as in Figure 11. The Data
Centre frame at the top of the form allows the selection of the data centre from which the ARQ is
to be opened.
3. Right click on the required data centre and select ‘Open ARQ’ from the drop down menu.
When opened by right clicking a data centre, the Data Centre frame is not shown in the form as
the data centre will automatically be set to the one which was clicked.
4. Right click on a specific ARQ in the Data Centres window and select Open from the drop down
menu.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 24 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Right clicking on a specific ARQ will result in either the Specify Selection Criteria or Maintain
AR@ forms being displayed, depending on the status of the selected ARQ.
5. Double click on the ARQ in the Data Centres window.
Double clicking on a specific ARQ will result in either the Specify Selection Criteria or Maintain
ARQ forms being displayed, depending on the status of the selected ARQ.
rede iputwalosse
Data Centre (if displayed) The data centre at which the ARQ is to be ‘opened -
selected from drop down list.
Query Reference The ARQ to be opened - selected from drop down
list of query references.
Access Reason Access reason as entered when ARQ was created.
This is a read-only field.
Once the data centre and query reference have been selected, one of the following actions may be
performed:
Show Query Details
Displays a form showing details of the selected query (see section 8.5.2.1).
Open Query
Opens the ARQ at its current stage.
Clicking the Close button will close the Open ARQ form.
8.5.2.1 Showing Query Details
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 25 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
2 audit Extractor - Details of Current Query ae sli x!
(Selection Criteria for ARQ Reference OTH32338
I» Dates Required
FromDate {21 October 2009 cal To Date lar October 2009 x]
; Audit Point and FAD Details
Audit Point _[ Audit Sub Point__[ FAD Code _[ FAD Hash _[
- PAN Details - Required Templates ae — is
Horizon Template i
HNG Template [
y Request Details for ARQ Reference 0TH32338
Requester [other 3rd Party x] Date Received 21/10/2003 x]
Catalogue Entry i Date Required 21/10/2003 =I
Receipt Reference [ayg1——S~S
Access Reason
qwegeqeqeq
Figure 12 — Details of Current Query form
This form is displayed when the ‘Show Query Details’ button is clicked on the Open ARQ or Close ARQ
forms.
It shows details of the selected request. Some of the fields may be empty, depending on the current
stage of the request.
All of the fields are read-only.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 26 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.3 Specifying Selection Criteria for Retrieval
Specify Selection ia for Query - OTH3235B on IREi1
i oe
© Selection Criteria for ARG Reference OTH3235B
~Dates Required —
FromDate [E October 2009 +] ToDate [08 October 2009 ©
‘Audit Point and FAD Details $$$
Audit Point _[ Audit Sub Point _[ FAD Code _[ FAD Hash __[
I PAN Details - Required Templates
Horizon Template I
HNGX Template —
Select PAN Search fo
Figure 13 - Specify Selection Criteria form
This form provides the central point for specifying the Audit Files for retrieval.
The form may be closed (without closing the ARQ) by selecting the Close button. Provided no audit
points or templates have been selected, the form is closed and the ARQ remains at its current stage. If
any audit points or templates have been selected, a dialogue box is displayed asking the user to confirm
that the selections are to be discarded (see figure 14).
Figure 14 - Discard Selection dialogue
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 27 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
If the user clicks ‘OK’, the dialogue box and Specify Selection Criteria for Query form will be closed and
the ARQ remains at its current stage. Upon re-opening, the ARQ will resume with the Specify Selection
Criteria for Query form.
If the user clicks ‘Cancel’, the dialogue box is closed but the Specify Selection Criteria for Query form
remains open.
All retrievals must include the ‘From Date’ and ‘To Date’ and either an Audit Point or a template or both.
From Date - The earliest date for which Audit Files are to be retrieved
To Date - The last date for which Audit Files are to be retrieved
Audit Point - Audit Point to which the selected Audit Sub Point belongs
Audit Sub Point - Audit Sub Point from which Audit Files should be retrieved
Horizon Template - Template for matching Horizon Audit File names
HNG-X Template - Template for matching HNG-X Audit File names
From and To Dates are selected by clicking on drop-down arrows adjacent to the date fields and
selecting the required date.
When extracting HNG-X transaction data, the ‘From Date’ should be set to at least the day before the
date for which the extract is required. This is because it is necessary to capture the logon messages for
the counter session of interest in the retrieved Audit Files. The logon messages contain cryptographic
keys that are used to digitally sign the counter messages and failure to capture these logon messages in
the extract may result in cryptographic errors during filtering.
Since a counter session can span more than one day, setting the ‘From Date’ to a date earlier than the
first date for which the extract is required improves the chances of the session logon messages being
included in the retrieved files.
The ‘To Date’ is usually set to two days after the last date specified on the ARQ. An Audit File may not
be gathered until one or two days after it was created so adding extra days to the ‘To Date’ helps to
ensure that all the required Audit Files are retrieved.
Audit Points and Audit Sub Points or FAD codes are selected by clicking on the ‘<Select’ button which
will display the Update Audit Points form (see section 8.5.3.1)
NBX Query details and template formats may be specified by clicking on the Select PAN button (see
section 8.5.3.2). If template formats are specified, only those Audit Files whose filenames match the
specified templates will be retrieved. That is, if both Horizon and HNG-X templates have been specified,
Audit Files whose names match either of those templates will be retrieved.
Once all of the required extraction criteria have been specified, the user can click the “Search for Files”
button to produce a list of Audit Files that match the selection criteria. The Maintain ARQ form will then
be displayed (see section 8.5.4.1) showing the list of selected files.
8.5.3.1 Selecting the Audit Point/Audit Sub Point
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 28 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
&)! Audit Extractor - Update Audit Points or FAD Code . 215) xd
To add selection criteria: Select Audit Point and Sub Point or input Post Office FAD Code, then click ‘Add’.
To remove selection criteria: Select criteria in list, then click ‘Delete’
List of selected Audit Point Selection Criteria
7 New Values
‘Audit Point Add> Audit Point [Audit Sub Point _[ FAD Code _[ FAD Hash _I
eT -I
if < Delete
I Sub Point oe)
I Or
I Post Office FAD Code
OK
J 4
Figure 15 - Update Audit Points or FAD Code
This form allows for the selection of Audit Point and Audit Sub Point pairs, or for the identification of the
required Audit Point and Sub Point based upon the Post Office FAD Code.
To select an Audit Point/Sub Point directly:
Select the required Audit Point from the Audit Point drop down list.
Optionally, select the required Audit Sub Point from the Sub Point drop down list.
Click on the ‘Add’ button.
If no Audit Sub Points are explicitly selected, all Audit Sub Points for the selected Audit Point will be
added.
To select an Audit Point/Audit Sub Point based upon the Post Office FAD Code:
Enter the FAD Code in the Post Office FAD Code box.
Click on the ‘Add’ button.
The extract date range will be used to identify all active transaction data Sub Points for the specified
FAD Code.
If the ‘Include Events’ checkbox is checked, a dialogue is shown advising the user that Event Audit
Points and Sub Points will be added to the list of selected audit points (see figure 16).
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 29 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
_:) Audit Extractor - Update Audit Points oF FAD Code Agee Patel 53)
To add selection criteria: Select Audit Point and Sub Point or input Post Office FAD Code, then click ‘Add’.
To remove selection criteria: Select criteria in list, then click ‘Delete’.
List of selected Audit Point Selection Criteria
oe I add> —_I [audi Poin [Audi Sob Point [FAD Code [FAD Hash
I TMS Cluster1B
I [ts a <Delete I
I Sub Point Add Events Audit Points : ‘ iad
‘Cluster1B
A A Event message Audit Points and Sub Points willbe added to the lst,
I
‘
I. “Post Gifice FAD Code
Bees [eee ee
I
I
I
OK I
I y)
Figure 16 - Add Events Audit Points message box
If the user clicks ‘OK’ the list of Audit Points/Sub Points will be updated with the Events Audit Points/Sub
Points applicable to the selected TMS or BRDB audit points.
Audit Points/Sub Points can be removed from the list of selected audit points by highlighting the entries
in the list and clicking the ‘Delete’ button. The Events Audit Points/Sub Points can be removed by
unchecking the ‘Include Events’ checkbox.
Once all of the required Audit Point/Audit Sub Points have been selected, the user can click on the ‘OK’
button to return to the Specify Selection Criteria form.
8.5.3.2 Select PAN
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 30 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
ae Audit Extractor elect PAN
'"Snput- PAN and Type——
Enter PAN I
Enty Type T Clear [~ Hashed I
(Tick as Required)
~ Display - PAN Details
PAN ‘1
Hashed PAN. I
isplay/Input -
{ Horizon Template I
HNG-X Template I
Figure 17 - Select PAN form
This form allows the specification of Audit File selection criteria in the form of two templates which will
be applied to Horizon and HNG-X Audit File names respectively.
The user:
1. Enters either a clear or hashed PAN in the ‘Enter PAN’ box.
2. Selects the type of PAN entered using the ‘Entry Type’ checkboxes.
3. Clicks the ‘Generate’ button.
If a clear PAN was entered, the ‘PAN’, ‘Hashed PAN’, ‘Horizon Template’ and ‘HNG-X Template’ fields
will be populated.
If a hashed PAN was entered, only the ‘Hashed PAN’ and ‘HNG-X Template’ fields will be populated.
The user then clicks the ‘OK’ button to accept and use the generated templates.
Actions performed via this dialogue are recorded for internal audit purposes (see DEV/APP/SPG/0016 —
Audit Extraction Client Support Guide for details).
8.5.4 Maintain ARQ
This form allows the management of an ARQ once the initial extract details have been specified.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 31 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
The form provides the following views:
ARQ Details
Overview of actions performed on the ARQ.
Retrieval Criteria
Retrieval Criteria applied for Audit File extraction.
Audit Files
Audit Files currently selected for extraction and extraction status.
Filtering
Specifies filtering of Audit File contents.
Validation and Query
Results of filtered data validation and application of query.
Presentation
Export results to Excel files.
It should be noted that the available views will depend upon the type of data being extracted and the
current stage of the analysis. Initially only the ARQ Details, Retrieval Criteria and Audit Files tabs will be
available.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 32 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.4.1 ARQ Details
&) Maintain ARQ: OTH3235B on IRE11 =/5) x}
Rettieval Criteria Audit Tracks I Filtering I Validation and Quew I PresentetionI
ARQ Reference JOTH32358 Requestor [Other 3d Party
Requested Date 08/10/2009 Requestor Ref. [w
Extract Status New:CriteriaOnly
Abstraction Status [
- ARQ Actions =
Start date [End date [Command [instance [ State I
08/10/2003 06:11:52 08/10/2009 0612... Create directory structure 0 ProcessOK
«I J +
View Actions I
Riehiesh View I Close I
Figure 18 - Maintain ARQ form - ARQ Details tab
This view is for information only.
It displays the actions that have been performed on the ARQ to date.
Clicking on the ‘View Actions’ button displays the list in a separate form.
The ‘Extract Status’ and ‘Abstraction Status’ values are described in DEV/APP/LLD/0071 — Audit Data
Retrieval Low Level Design.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 33 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.4.2 Retrieval Criteria
slSlx
ARQ Details I
~ Selection Criteria for AR Reference OTH32358 : New:CriteriaOnly —
Dates Requited —— Se
FromDate [08 October 2003 I ToDate [08 October 2009
[- Audit Point and FAD Details ———-—— =
Audit Point [Audit Sub Point__[ FAD Code I FAD Hash _[
BRDB AUD
; PAN Details - Required Templates
Horizon Template [
HNGX Template [
The selection criteria will return TMS and BRDB audit tracks. AMEND Criteria I
Reftesh View I Close I
Figure 19- Maintain ARQ form - Retrieval Criteria tab
This tab provides a view of the currently applied Audit File selection criteria, and a description of any
limitations the selection will place upon additional filtering.
The ‘Select’ button is greyed out as this is a read-only view. In order to amend the selection criteria, the
user must click the ‘AMEND Criteria’ button which will cause the ‘Specify Selection Criteria for Query’
form to be displayed (see section 8.5.3). Note that the Date range selection criteria can not be amended
if a Post Office FAD code was used in the original selection criteria.
A short description of the data which will be retrieved is shown to the left of the Amend Criteria button.
This indicates the type of filtering (and subsequent analysis) that will be available using the current
retrieval criteria.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 34 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.4.3 Audit Files
I Files associated with query OTH32358 : Stat ={5) xj
ARO Details I Retieval Citeria Audit Tracks I Fitering I Validation and Guew I Presentation]
Files Names for ARG Reference OTH3235B _ ~
Filename I Size I Status I
FNO1_BRDB_AUD_B AUDIT 20090079039001 20090720 05351. 90406 Requested
FNO1_BRDB_AUD_B_AUDIT20030319039001_20090512 08530. 90406 Requested
FNO1_BRDB_AUD_8_AUDIT20030319017001_20090720_05352. 88464 Requested
FNO1_BRDB_AUD_8_AUDIT20030319017001_20090512_08530. 88464 Requested
Files Found 4 Select Al
No of Files Selected 4
Size of SelectedFiles: 349.36 Kb
I Selected File List Contol —
I RESTORE Files I REPLACE Fies I ConfimSealStatus I DELETEFies I
t
Riefesh View I Close I
Figure 20 - Maintain ARQ form — Audit Tracks tab
This view displays the currently selected list of Audit Files and their statuses.
The user can select some or all of the Audit Files in the file list and then perform the following actions:
Restore Files
This action restores all of the currently highlighted Audit Files from the Eternus to the Audit
server.
Replace Files
This action updates the file list, retaining only the highlighted files.
Confirm Seal Status
This action performs a seal check for the highlighted Audit Files. It should be noted that seal
checking is performed automatically when Audit Files are retrieved.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 35 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Delete Files
This action removes the highlighted files from the file list.
All Audit Files remaining in the list must be successfully retrieved and seal checked in order to progress
the ARQ through to filtering and to ensure that the final report on the ARQ contains only those Audit
Files that were used in the analysis.
8.5.4.4 Filtering
The Filtering tab is enabled once all the selected Audit Files have been retrieved.
Filtering can be applied to all Audit data irrespective of the source. For example, if an ARQ results in
both Horizon and HNG-xX data being returned, applying the filter will result in both data sets being
filtered.
Two types of filtering are available:
1. By date and FAD code.
This type of filtering is applied when the retrieved Audit Files contain exclusively message-based
data. This can be either Horizon (TMS) or HNG-X (BRDB) data.
If any of the Audit Files to be filtered contain non-message data, this type of filtering is not
available.
2. By free-format string.
This type of filtering is applied when the retrieved Audit Files contain non-message data or a
mixture of message and non-message data.
If the Audit Files contain exclusively message-based data, this type of filtering is not available.
The type of filtering that is available will depend upon the sources of the Audit File data. As the Audit
File data type is related to the Audit Sub Point under which the data was gathered, an indication of which
filtering type will be used is displayed on the Retrieval Criteria tab when the Audit Point selection criteria
are specified.
When applying a free-format string filter, the output type can be specified as ‘FILE’ or ‘ABSTRACT’.
Filtering with an output type of ‘FILE’ will result in the complete file (including non-matching items) being
included in the output if the file contains any item matching the specified filter.
When ‘ABSTRACT is specified as the output type, only those items matching the filter criteria will be
included in the output.
Message data filtered by date and FAD code will always be abstracted.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 36 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.4.4.1 Filtering of Message-based Data
Maintain ARQ: OTH3233B on IRE11 (B) : [ “aioix
ARQ Details I Retieval Criteria) Audit Tracks I Fiteting I] Vsidation and Quew I Presentation)
‘Output Type [ABSTRACT - Only those rows that match the selectior ea
ee =
I Start Date 22/10/2009 += I —_—EndDate 22/10/2009 ]
I Post Difice FAD Code
FAD List
I
I
I
1
SaveFiter I Apply Fiter I
Rieesh View I Close I
Figure 21 - Maintain ARQ form — Filtering tab (Message based)
This type of filtering is applied to exclusively message-based data (either TMS or BRDB) and is only
available when all Audit Sub Points selected on the Retrieval Criteria tab contain only message data.
Filtering based upon message date and FAD code is possible.
The FAD code to be included in the filter must be added to the FAD list using the ‘Add’ Button. Only one
FAD code can be added at this release.
Once the date range and FAD list have been completed the filter can be saved and applied.
Note that if Post Office FAD codes were specified in the original selection criteria, the FAD List is
populated with these values and they can not be removed. In this situation there is no point in adding
further FAD codes as it is unlikely that the relevant data would have been retrieved.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 37 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
II Maintain ARQ: OTH3233B on IRE11 (B) ce iol xt
ARO Details I Retiieval CteriaI Audit Tracks —Fitering I Validation and Quey I Presentation]
tion o
T - Only those tows that match the:
Output Type I
Start Date 22/10/2003 >I End Date Jean 0/2003 ped
Post Office FAD Code I
FAD List 3641
Add
Delete
[Filtering completed with errors
SaveFiter I ApplyFiter I
View Abstiaction Evers I RiefeshView I Close I
Figure 22 - Maintain ARQ form — Showing View Abstraction Errors button
If any errors occur during the application of the filter an appropriate message will be displayed in the
status bar of the Filtering tab and the ‘View Abstraction Errors’ button will appear (see figure 22).
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 38 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
is. OTH32338 - Abstraction errors ‘ > .icixt
Figure 23 - Abstraction Errors form
If the ‘View Abstraction Errors’ button is clicked, the Abstraction Errors form (figure 23) will be displayed
showing details of the errors.
8.5.4.4.2 Filtering of Text-based Data
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 39 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Maintain ARQ: OTH3236B on IRE11 [5/2
ARO Details I Retrieval Criteria] Audit Tracks Fitering
{FILE - Complete fle (including non-matching rows) containing matching data
ABSTRACT - Only thase rows that match the selection criteria I
Free format String Add I Add PAN I
Delete
SaveFiter I Apply Fiter I
Reliesh View I Close I
ee. mee ana ms
Figure 24 - Maintain ARQ form - Filtering tab (Text based)
Text data filtering will be used where the Audit Sub Points specified on the Retrieval Criteria tab contain
either non-message data or a mixture of message and non-message data.
Free format text strings are added to the filter list using the ‘Add’ button, and may be removed by
highlighting the required item and clicking on the ‘Delete’ button.
PAN values in clear, encrypted and hashed form may be derived from the PAN Generation dialogue
(see section 8.5.4.4.3) which is accessed via the ‘Add PAN’ button.
Once all the filter criteria have been specified, the filter can be saved by clicking on the ‘Save Filter’
button and applied by clicking on the ‘Apply Filter’ button.
When more than one string or PAN has been specified, a match is found if an item contains any one of
the specified string or PAN values i.e. the values are ‘OR’ed together for the search.
NOTE: String searches are case sensitive.
8.5.4.4.3 PAN Generation Dialogue
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version:
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 40 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
val CriteriaI Audit Tracks — Fitenng
dation and Query I Pr
Free for I Enter PAN I
Entty Type I eee I
Clear PAN J
I Hashed PAN I
Close
I Apply Fitter —_I
jc com I
Figure 25 - Maintain ARQ - Text Based filtering - PAN Dialogue
The PAN Generation Dialogue allows for the generation of the following PAN combinations:
PAN Input Type Output PAN Type
Clear Hashed
Encrypted Clear and Hashed
If the only PAN type available is hashed, no conversion is possible.
It is not possible to generate an encrypted PAN.
Actions performed via this dialogue are recorded for internal audit purposes (see DEV/APP/SPG/0016 —
Audit Extraction Client Support Guide for details).
8.5.4.5 Validation and Query
This tab will only be available if the following conditions have been met:
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 41 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
oo
FUJITSU
1. The retrieved data consists exclusively of TMS and/or BRDB messages.
2. Filtering has been performed.
Horizon and HNG-X transaction data have different formats. In addition, message sequences across the
transition from Horizon to HNG-X will be non-contiguous. For these reasons, the validation, querying and
presentation steps must be applied separately for the two data sources.
The data source is selected on the Validation and Query tab and, once selected, activates the Sequence
Validation, Select Query and Execute Query sub-tabs.
Selecting the data source will also cause the message sequence and sequence gap information to be
displayed on the Sequence Validation sub-tab.
8.5.4.5.1 Sequence Validation
II Files associated with query OTH3479B : Status of query is = 15) x}
ih
ARG Details I Retieval Citeria] Audit Tracks I Fitering Validation and Query I
~] Status
jationI
I Data Source [Concatenation completed
Sequence Validation I Select Query] Execute Query I
ode [Lowest Message [Highest GAPS-NONE I
342432::1 2708185 2708400 i
342432::2 1186095, 1186102 I
342432::3 5134232 5134441 i
342432:4 4938959 4940012 DUPLICATES - NONE
342492:5 470108 4771443 I
342432::6 3937287 3938447 I
342432::32 398506 398540 II
342432::52 274266 274300
342492:53 225003 225035
I
I
I
Refresh View I
Figure 26 - Maintain ARQ form - Validation and Query tab - Sequence Validation
TMS and BRDB messages are numbered in sequence for each node. During filtering any retrieved audit
message data is analyzed to determine what message sequences are present in the data and whether
there are any gaps or duplicates in those sequences. A gap in a message sequence may indicate that a
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 42 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
message is missing from the audit data. Duplicates may indicate that an audit file has been gathered
twice.
The Sequence Validation sub-tab displays details of the message sequences and highlights any gaps or
duplicates found during filtering.
Sequences and sequence gaps are organised on a FAD::Node basis.
When no gaps or duplicates are found, the form will be similar to that shown in Figure 26 with the text
“GAPS — NONE’ and ‘DUPLICATES — NONE’ displayed.
= (5) xi
ARQ Details I Retieval CiteriaI Audit Tracks I Fitering Validation and Query I Presentation)
DataSource (EMMI =] Status [Sort completed I
Sequence Validation I Select Query] Execute Query I
Ley : Ber Ske aes GAPS FOUND
3424321 2708246 2708400 I _—_‘{showninted)
3424321 2708341 2708341
342432::1 2708342 2708343 BURT HEC HELD
342432::1 2708342 2708342 3
3428321 2708353 2708358 Geen eel
342432:1 2708366 2708368
342432::2 1186101 1186102
342432::3 5134436 5134441
342432::4 4939158. 4939720 SEEK feitilees
3424324 4839600 4939632 Gi ae
342432::5 4770713 4771138
3424324, A77N712. 4771138,
Figure 27 — Maintain ARQ form — Validation and Query — Gaps and Duplicates found
When gaps are found, the gaps are shown in red in the message sequence list and the text ‘GAPS
FOUND is displayed, together with the text ‘SEEK ASSISTANCE FROM AUDIT SUPPORT’.
When duplicates are found, the duplicates are shown in blue in the message sequence list and the text
‘DUPLICATES FOUND is displayed, together with the text ‘SEEK ASSISTANCE FROM AUDIT
SUPPORT’.
Figure 27 shows the form when both gaps and duplicates are found.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 43 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
&)) Maintain ARQ: OTH3469B on IRE11 (B) 5; .
ARG Details I Retrieval Criteria] Audit Tracks I Fitering Validation and Query I Pie-entation]
DataSource (ERAN =] Status [Concatenation completed
Sequence Validation I Select Quer] Execute Query I
GAPS - NONE
DUPLICATES - NONE
RetieshView I Chose I
Figure 28 — Maintain ARQ form — Validation and Query — No messages found
In the event that no messages are identified during filtering the only output displayed will be “GAPS -
NONE” and “DUPLICATES — NONE” as shown in Figure 28.
8.5.4.5.2 Select Query
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 44 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
les associated with query OTH32356 : Status of query Is a eos
ARQ Details I Retieval CiteriaI Audit Tracks I Firing Validation and Query I PiecentationI
I
DataSource — [HNG-X (Z] Status —_[Concatenation completed I
I
Sequence Validation [ Execute Query I
Select Required Query
Quey I
Retiieve Open I Save SaveAs
Retiesh View I Close I
Figure 29 - Maintain ARQ form - Validation and Query tab - Select Query
The Select Query sub-tab enables the selection of the query to be applied to the selected data source.
If both Horizon and HNG-xX data sources exist within the ARQ, each data source will require a query to
be selected and progressed independently.
The first time the Select Query sub-tab is accessed for an ARQ data source, no query will be shown.
Subsequent returns to this tab will show the selected query. (The selected query will have been saved in
the sub-directory for the ARQ within the F:\USERAREA directory on the archive server. By saving the
queries in the ARQ directory we allow for amendments to be made to standard queries which will only
affect the current ARQ.)
Standard queries may be retrieved by clicking on the Retrieve button and displaying the Available
Queries dialogue.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 45 of 72
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
fee)
FUJITSU
FUJ00158710
FUJ00158710
les associated with query OTH3235B
ARG Detail
Retrie
ia Audit Tracks I Fitering’ Validation and @
Data Source JHNGx (Z] Status [Coneatenation completed
Sequence Val &
IRE1 vailable Queries
“Select Rea) selected
[Hx JOP. xl
Query I - Available Queties
Hx_AuthCds.xql
Hx_BQIOPPANBarcodes.xql
Hyx_Bureauxql
Hy Events. xql
Hx_IOPDVLA, xa]
Hx_IOPMLabel xql
Hx_IOPPANBarcodes. xql
Hx_MailService.xql
Hx_MailServiceSDAddress.xql
Hx_MissingDay.xql
Hx_RemittancePouches. xq
Hy_SecurtyE vents. xql
>
Select I
Cancel
est View
F ae
Figure 30 - Maintain ARQ form - Validation and Query tab - Select Query - Available Queries
The Available Queries dialogue (see figure 30) lists all of the queries available at the Audit server to
which the ARQ has been directed.
A Query can be selected by clicking on the query in the Available Queries list and, once it is shown as
selected, clicking on the Select button.
The Available Queries dialogue will be removed, and the selected queries details used to populate the
Query box on the Select Query tab.
At this point, the query has been selected, but has not been assigned to the ARQ data source. This
doesn’t happen until the Query is executed.
The Open button must be clicked to load the query into the query text box.
If amendments to the standard query are required, double clicking on the query text box will display an
editable query dialogue.
Amendments may be saved to the original standard query in the CommonQueries server directory, or to
anew Common query by clicking on Save or Save As respectively.
It is important to remember that these two buttons act upon the Common Queries and have no impact
upon the AR@Q itself.
© Copyright Fujitsu Services
Limited 2009-2017
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
UNCONTROLLED IF PRINTED
Ref:
Version:
Date:
Page No:
DEV/GEN/MAN/0015
9.0
21 May 2018
46 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
<)I Files associated with query OTH3235B : Status of query is New: List =/5 x}
ARO Details I Retrieval CiteriaI Audit Tracks I Fitering Validation and Query I Pre-station]
DataSource [HNGX (J Status [Concatenstion completed
Sequence Validation Select Query I Execute Query I
y Select Required Query
Query [Hx 1OP.xql
Retiieve save I Saveds
equery version "1.0";
declare function local: ServiceSplit{$Serviceldentifier as xs:string) as xs:string+
t retum{1] - Service name
retum{2] - Service version
retur{3] - URL version
}
let $ret := tokenize(replace($Serviceldentifier, "“[+7)Lvi\de)](/delta/{\de]}26", "617083095",
soy
fetum (fretl1 I (Sretl21 cast as xs intenerl cast as xx string. {$ret(3] cast as xs interne! cast as
Refresh View I Close I
Figure 31 - Maintain ARQ form - Validation and Query tab - Select Query (Populated)
The contents of the Query Text box must now be applied to the ARQ data source.
This occurs every time the query is executed, and ensures that the query displayed on screen at the time
of query execution matches what is actually applied.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 47 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
©) Files associated with query OTH3235B : Status of query is NewsFil ‘ {51 x}
ARO Details I Retiieval Cteria] Audit Tracks I Fitering Validation and Query I Pieseniaton]
Data Source JHNex >I Status IConcatenation completed
Sequence Validation I Select Query
j Execute Query
Execute
06:30:09 Created
06:47:10 New
06:47:50 File copy started
06:48:00 Concatenation completed
[Skea Rh See Noe nea ere veri ael
Figure 32 - Maintain ARQ form - Validation and Query tab - Execute Query
Before submitting the query for execution a check is performed against the size of the data file to be
queried.
If the file exceeds 200Mb a warning that the file may be too large to query will be displayed. The user.
may choose to proceed, or cancel the action.
If the option to proceed is selected, and the file subsequently proves too large for querying, it will be
necessary to close the ARQ, produce a number of ARQs using smaller date ranges to satisfy the request
and separately filter each of the new ARQs.
Progress of query execution at the server is displayed in the Execute Query action list.
If the query results in an output file, the presentation tab will be activated.
(Note there is no check to prevent the user selecting the Execute Query sub-tab and attempting to
execute a query before a query has been selected. In this case, a message box is displayed with the
message ‘Unable to validate as no Query loaded’.)
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 48 of 72
2
FUJITSU
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.4.5.3 Predefined Queries
A set of predefined queries will be maintained on both Audit servers. These queries implement the
queries that were available under Horizon in the FLOWR query language.
There are two versions of each query file: one for Horizon and one for HNG-X. The file name for the
Horizon query begins with the letters ‘Hz’ and that for the HNG-X query begins with ‘Hx’.
H[xz]_AuthCds.xql
Query based upon the IOP query which also shows
banking agent response information.
H[xz]_BQIOPPANBarcodes.xql
Query based upon the IOP query which also shows
any banking agent C2 messages, PAN and client
account references.
H[xz]_Bureau.xql
Query based upon the IOP query which also shows
details of Bureau transactions.
H[xz]_Events.xql
Basic events query. Shows all counter events
generated at a branch.
H[xz]_Events_Num.xql
As H[xz]_Events.xql but includes the JSN (Num for
Riposte) too. Note that Hx_Events_Num.xql was
modified for CP 1913 to include a poid column as
described in section 8.5.4.5.3.6 “Hx_Events_Num.xql”.
H[xz]_IOP.xql
Basic branch transactions query. Shows basic
information on transactions recorded at a branch.
H[xz]_lOP_DEST_SRC xa]
As H[xz]_lOP.xql but omits the “reversal” attribute.
H[xz]_IOP_Num.xql
As H[xz]_IOP.xql but includes the JSN (Num for
Riposte) too.
H[xz]_lOP_TITO.xql
As H[xzj_IOP.xql but includes transfer in/out
information if present.
H[xz]_IOPDVLA.xql
Query based upon the IOP query which also shows
even more additional information relating to DVLA
transactions than H[xz]_IOPDVLA.xql. It does not
restrict those transactions shown to be DVLA related
as H[xz]_lOPDVLA.xql does.
H[xz]_lOPDVLAAdditional.xql
Query based upon the IOP query which also shows
additional information relating to DVLA transactions.
H[xz]_lOPMLabel.xql
Query based upon the IOP query which also shows
additional information relating to Mails labels.
H[xz]_IOPPANBarcodes.xql
Query based upon the IOP query which also shows
additional information relating to Pan and client
account references. As of release 17.58 this query was
enhanced with an additional field - see section
8.5.4.5.3.11 “Hx_lIOPPANBarcodes” on page 55 for
details.
H[xz]_lOPPouchid.xql
Query based upon the IOP query which also shows the
pouchid.
© Copyright Fujitsu Services
Limited 2009-2017
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
UNCONTROLLED IF PRINTED
Ref: DEV/GEN/MAN/0015
Version: 9.0
Date: 21 May 2018
Page No: 49 of 72
fee)
FUJITSU
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
H[xz]_lOPMailService.xq!
Query based upon the IOP query which also shows
additional information relating to Mails service
transactions.
H[xz]_lOPMailServiceSDAddress.xql
Query based upon the IOP query which also shows
additional information relating to the destination
address of Mails transactions. As of release 17.58 this
query was enhanced with additional fields - see
section 8.5.4.5.3.10 “Hx_lOPMailServiceSDAddress”
on page 55 for details.
H[xz]_lOPMailServiceSDAddressWithExtraAddresses.xq
I
Hz_lOPMailServiceSDAddressWithExtraAddresses.xq
lis identical to Hz_lOPMailServiceSDAddress.xql.
Hx_lOPMailServiceSDAddressWithExtraAddresses.xq
I outputs in its spreadsheet some extra columns over
and above Hx_lOPMailServiceSDAddress.sql_ which
are shown in section 8.5.4.5.3.1.
H[xz]_RemittancePouches.xql
Query which shows the barcodes of all remittance
pouches delivered to, or collected from a branch.
H[xz]_SecurityEvents.xql
Query based upon the Events query which also shows
additional security information.
H[xz]_Signons.xql
Query based upon the Events query which only shows
details of sign-ons & signoffs.
H[xz]_StockDeclarations.xql
Query which shows details of all stock declarations
made at a branch
H[xz]_JSN.xql
This query is mainly of significance for Hx_JSN.xql
though Hz_JSN.xql has been designed to be similar.
For Hx_JSN.xql it makes a point of outputting all
JSNs. For any counter JSNs are unique and there are
no gaps in the sequence of them.
More details of Hx_JSN.xql are shown in section
8.5.4.5.3.2. More details of Hz_JSN.xql are shown in
section 8.5.4.5.3.3.
H[xz]_POID.xql
Hz_POID.xql just produces a spreadsheet with “POID
never supported in Horizon” in an Info column.
Hx_POID.xql is described in section 8.5.4.5.3.4
"Hx_POID.xql”.
H[xz]_Poid_User.xql
Hz_Poid_User.xql just produces a spreadsheet with
“POID never supported in Horizon” in an Info column.
Hx_Poid_User.xql is described in section 8.5.4.5.3.5
“Hx_Poid_User.xql”.
H[xz]_IOPPANBarcodesWithPaymentCode.xql
These queries are copies of
H[xz]_IOPPANBarcodes.xqI with an additional column
for the “Method of Payment”. Full details are given in
sections 8.5.4.5.3.7 and 8.5.4.5.3.8.
H[xz]_Pouches.xal
Hz_Pouches.xqI just supplies a line “This query is not
yet supported in Horizon”. Hx_Pouches.xql is
described in section 8.5.4.5.3.9.
H[xz]_BranchTradingStatement.xql Hz_BranchTradingStatement.xql just produces a
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 50 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
spreadsheet with “trading statements are not available
for Horizon yet” in an Info column.
Hz_BranchTradingStatement.xql is described in
section 8.5.4.5.3.12
“Hx_BranchTradingStatement.xql”.
H[xz]_BFwdandCFwd.xql
Hz_BFwdandCFwd.xql just produces a spreadsheet
with “rollover figures not available for Horizon yet” in
an Info column.
Hx_BFwdandCFwd.xql is described in section
8.5.4.5.3.13 “Hx_BFwdandCFwd.xql”.
8.5.4.5.3.1 I Hx_lOPMailServiceSDAddressWithExtraAddresses.xq/
These are the extra columns Hx_lOPMailServiceSDAddressWithExtraAddresses.xql produces over and
above Hx_lOPMailServiceSDAddress.xal.
Hx_lOPMailServiceSDAddressWithExtraAddresses.xisx
column header
Contents from XML
VDestina.Address. Premises
$tt/Message/Data/VDestina/Address/Premises
VDestina.Address.PostcodeZip
$tt/Message/Data/VDestina/Address/PostcodeZip
TandT.Control.Source.Name
$tt/Message/Data/TandT/Control/Source/Name
TandT.Control.Source.Add1
$tt/Message/Data/TandT/Control/Source/Add1
TandT.Control.Source. Postcode
$tt/Message/Data/TandT/Control/Source/Postcod
e
where $it is the trackAndTraceMessage “Entry Name” directive value of the PSAAccountingLine
element.
8.5.4.5.3.2 Hx_JSN.xql
These are all the columns in Hx_JSN.xql.
Hx_JSN.xIsx Contents from XML
column header
RequestType node-name($s)
Branchid $s/RequestHeader/Branchid
Counterld $s/RequestHeader/Counterld
JSN $s/RequestHeader/JournalSeqNumber
TimeSent $s/RequestHeader/TimeSent
Userld $s/RequestHeader/Userld
Serviceldentifie I $s/Serviceldentifier
r
Sessionld $s/Dyno/directive:Entry[@Name='basketHeader'I/BasketHeader/directive:Entry[@Name='ssn')/Lonc
)
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 51 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
where $s is the message.
This report is ordered by CounterID and JSN.
This report is intended to output all JSNs. However the actual code logic that checks that no JSNs are
missing or duplicated checks the JSN in the “Request Header” which is outside of the XML returned and
processed in these queries. If the JSN was in this “Request Header” but missing from the JSN field of
the XML above it would not appear.
8.5.4.5.3.3 Hz_JSN.xql
These are all the columns in Hz_JSN.xql.
Hz_JSN.xIsx column header Contents from XML
Groupld $s/Groupld
Id $s/ld
Num $s/Num
Date $s/Date
Time $s/Time
TxnData.SessionId $s/TxnData/Sessionld
where $s is the message.
This report is ordered by Id and Num.
8.5.4.5.3.4 — Hx_POID.xql
These are all the columns in Hx_POID.xql.
Hx_POID.xisx column header Contents from XML
Counterld $s/RequestHeader/Counterld
JSN $s/RequestHeader/JournalSeqNumber
TimeSent $s/RequestHeader/TimeSent
Userld $s/RequestHeader/Userld
Poid $s/RequestHeader/Poid
RefDataVersion $s/RequestHeader/RefDataVersion
Serviceldentifier $s/Serviceldentifier
Tokenld $s/RequestHeader/Tokenld
TrainingMode $s/RequestHeader/TrainingMode
where $s is the top level GenericRequestDTO element and $s/RequestHeader/Poid exists.
The report is ordered by Counterld and JSN (as integers).
8.5.4.5.3.5 I Hx_Poid_User.xq!
These are all the columns in Hx_Poid_User.xql.
Hx_Poid_User.xIsx column header Contents from XML
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version:
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 52 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Counterld $s/RequestHeader/Counterld
JSN $s/RequestHeader/JournalSeqNumber
TimeSent $s/RequestHeader/TimeSent
Userld $s/RequestHeader/Userld
branchUser $s/Dyno/directive:Entry[@Name='branchUser']
firstName $s/Dyno/directive:Entry[@Name='firstName']
lastName $s/Dyno/directive:Entry[@Name='lastName']
userRole $s/Dyno/directive:Entry[@Name='userRole']
stockUnit $s/Dyno/directive:Entry[@Name='poid']
poid $s/RequestHeader/Counterld
globalUser $s/Dyno/directive:Entry[@Name='globalUser']
where $s is the top level GenericRequestDTO element and $s/Serviceldentifier =
"eum/CreatePOIDUser".
The report is ordered by Counterld and JSN (as integers).
8.5.4.5.3.6
Hx_Events_Num.xq/
This was modified for CP 1913 to output a poid column.
The logic for this column is —
if (exists($req/Poid))
then
<Poid>{data($req/Poid)}</Poid>
else
(
if (contains($poid,'POID'))
then
<Poid>{data($poid)}</Poid>
else
<Poid></Poid>
so there may either be a poid from the poid user creation message or from the second logon message.
where $req is the top level RequestHeader element and $poid=
$s/directive:Entry[@Name='eposAdditionalData'] where %s is the item in the MessageList of the
AuditData being processed.
© Copyright Fujitsu Services
Limited 2009-2017
FUJITSU RESTRICTED (COMMERCIAL IN Ref. DEV/GEN/MAN/0015,
CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 53 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.4.5.3.7 I Hx_IOPPANBarcodesWithPaymentCode.xq!
These are the extra columns Hx_IOPPANBarcodesWithPaymentCode.xql produces over and above
Hx_lOPPANBarcodes.xal.
Hx_IOPPANBarcodesWithPaymentCode.xls I Contents from XML
x column header
PaymentCode {data($x/directive:Entry[@Name='paymentCode']/Integer)
$x can be any of $s//EpossAccountingLine , $s//BankingAccountingLine, $s//DCSAccountingLine,
$s//APAccountingLine, $s//PSAccountingLine, $s//PS2ndaryAccountingLine or $s//ForExAccountingLine)
where
$s is any GenericRequestDTO.
The possible values of PaymentCode are defined in associated document “HNG-X HLD - Settlement
Functions”.
Version 11.0 of that document gives —
This defines the Method of payment declared as part of the AP Transaction.
Value Meaning
4 Cash
2 ‘Cheque or Chq/Cash
3 Saving Stamps included
4 Debit Card or Debit / Credit Card
8.5.4.5.3.8 I Hz_IOPPANBarcodesWithPaymentCode.xq!
These are the extra columns Hz_IOPPANBarcodesWithPaymentCode.xql produces over and above
Hz_lOPPANBarcodes.xql.
Hz_lOPPANBarcodesWithPaymentCode.xisx Contents from XML
column header
EPOSSTransaction.AdditionalData.MoP data($x/EPOSSTransaction/AdditionalData/MoP)
$x is any Message
8.5.4.5.3.9 Hx_Pouches.xql
These are all the columns in Hx_Pouches.xql.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 54 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Hx_Pouches.xls I Contents from XML
x column header
Counterld $s/RequestHeader/Counterld
JSN $s/RequestHeader/JournalSeqNumber
TimeSent $s/RequestHeader/TimeSent
Userld $s/RequestHeader/Userld
RefDataVersion $s/RequestHeader/RefDataVersion
Serviceldentifier I $s/Serviceldentifier
Tokenld $s/RequestHeader/Tokenld
TrainingMode $s/RequestHeader/TrainingMode
accBarcode $s/Dyno/directive:Entry[@Name='basketHeader']/BasketHeader/directive:
Entry[@Name='optionalData']/OptionalData/directive:EntryI[@Name='accBarcode')/Strin
pouchData $s/Dyno/directive:Entry[@Name='basketHeader']/BasketHeader/directive:
Entry[@Name='optionalData']/OptionalData/directive:
Entry[@Name='pouchData')/MessageList/String)
where $s is the message which must start GenericRequestDTO and lines are included only if the
accBarcode is not blank.
The report is ordered by first Counterld and then within that JSN.
8.5.4.5.3.10 Hx_lOPMailServiceSDAddress
As of release 17.58 this query was enhanced with the following additional fields.
Hx_lOPMailServiceSDAddress.xIsx I Contents from XML
column header
FirstLineOfAddress data(fn:replace($x/directive:Entry[@Name='nrtData'/nrtdata/NrtMessage
, "(A.*<Address1>([*<]*)</Address1>.*$I*.+$)", "$2", "s"))
CertificateOfPostinglssuedYorN. data($x/directive:Entry[@Name='copIssued'I/Boolean)
CustomerReference data($x/directive:Entry[(@Name='customerReference'//String)
DestinationPostCode data($x/directive:Entry[@Name='destinationAddress']/String)
where $x is the settlement message — the full query needs to be looked at for details.
8.5.4.5.3.11 Hx_IOPPANBarcodes
As of release 17.58 this query was enhanced with the following additional field.
Hx_IOPPANBarcodes.xIsx column I Contents from XML
header
CustomerReference data($x/directive:Entry[@Name='customerReference'//String)
where $x is the settlement message — the full query needs to be looked at for details.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 55 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
8.5.4.5.3.12 Hx_BranchTradingStatement.xq!
This query outputs the following fields.
Hx_BranchTradingStatement.xIsx Contents from XML
column header
Time data($s/RequestHeader/TimeSent)
Ident data($sv)
RolloverReport data($s/Reprint/ReportData))
where $s is any RoliBranchRequestDTO and $v is $s/Serviceldentifier.
The report is ordered by the first “Time” column.
The RolloverReport gives all the data from the Branch Trading statement in a special print format. One
way to make the data in each cell more legible is to select the cell with data in, press Cntrl Home, Cntrl
Shift End, Cntri C and then paste the output into notepad.
8.5.4.5.3.13 Hx_BFwdandCFwd.xq!
This query outputs the following fields.
Hx_BFwdandCFwd.xisx column I Contents from XML.
header
Time data($s/RequestHeader/TimeSent)
Ident data($sv)
SU (fn:replace(data($s/Reprint/ReportData),
“ *<ifnotreprint>\s<space
x=""[0-9]*""/>TP:\s<space
x=""[0-9]""/>BP:\s<space
9}*""/>[0-9:\s/]*\s<space
(0-9}*""/>({0-9]*)\s<space
(0-9]*""/>([0-9]*)\s<space
x=""[0-9]*"/>SU:\s<space x="[0-9}*"/>([A-Za-z0-
9]*)\s<ni/>\s.*","$3", "s"))
/ (fn:replace (data($s/Reprint/ReportData),
“ *<ifnotreprint>\s<space
x="[0-9}*"/>TP-\s<space
x=""[0-9}*""/>BP-\s<space
9]*""/>[0-9:\s/]"\s<space
(0-9}*"/>({0-9]")\s<space
(0-9}*"/>({0-9]*)\s<space
x=""[0-9}*""/>SU:\s<space x="[0-9]*"/>((A-Za-z0-
9]*)\s<ni/>\s.*","$1", "s"))
BP (fn:replace(data($s/Reprint/ReportData),
inotreprint>\s<space 9]*"/>[0-9:\s/]"\s<space
x=""[0-9]*"/>TP:\s<space (0-9]*""/>([0-9]*)\s<space
x=""[0-9]*""/>BP:\s<space (0-9}*""/>([0-9]*)\s<space
x=""[0-9]*"/>SU:\s<space x=""[0-9]*"/>([A-Za-z0-
9]*)\s<nl/>\s.*","$2", "s"))
BFwd (fn:replace(data($s/Reprint/ReportData), "*Balance
B/Fwd\s<space x=""[0-9]*""/>(-?[0-9.]*-2).*","$1", "s"))
CFwd (fn:replace(data($s/Reprint/ReportData), "*Balance
C/Fwd\s<space x=""[0-9]*"/&agt; (-2[0-9.]*-).*","61", "s"))
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 56 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
where $s is any RolloverSUBPRequestDTO or RollSURequestDTO and $v is $s/Serviceldentifier.
The complex expressions for SU, TP, BP, BFwd and CFwd are designed to return the stock unit name,
Trading Period, Balance Period, brought forward figure and carried forward figure for the stock unit
rollover reports.
The report is ordered by the first “Time” column.
This report can be used to check that brought forward and carried forward figure match as follows.
Break the period you want for a given office into contiguous periods and run FASTARQs for each using
the new report Hx_BFwdandCFwd. I have found 4 months works fine for one of the contiguous periods.
A bigger number of months can be tried. There will be a limit at some point.
Rename the spreadsheet with the very oldest data Hx_BFwdandCFwd.xisx Hx_BFwdandCFwdFull.xisx.
Then open progressively less and less old Hx_BFwdandCFwd.xlsx s and copy the data and paste it to
the bottom of Hx_BFwdandCFwdFull.xisx. It is essential this is done correctly since each spreadsheet is
in time order and we want to preserve this.
Now select all the data in the report (leave the headings etc.) and do Home Sort by column C (the stock
unit).
Now select the empty column H, right click, Format Cells and select General. This step is essential to
make the formula work.
Now copy the following formula
=IF(C10=C9, IF(G9<>F10,"Discrepancy","OK"),"Different SU")
into cell H9.
Now copy cell H9 and paste it into all the column H cells below it which have data to the left.
Now visually check row H and confirm it only has OK or Different SU in. Alternatively copy all of row H
and paste it into notepad and search notepad for the word Discrepancy and make sure none are found.
8.5.4.5.4 Note on Executing Multiple Queries under a Single ARQ
When executing multiple queries, the validation step (see section 8.5.4.5.1) must be performed for each
data source in an ARQ, and the querying and presentation steps (see sections 8.5.4.5.2 and 8.5.4.6)
must be performed for each query for each data source.
The recommended approach is to process each query for each data source through to presentation
before starting the next.
8.5.4.6 Presentation
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 57 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
jlo aes
ARQ Details I Retrieval Criteria] Audit Tracks I Filtering I Validation and Query I. Presentation I
Export Results to Excel
I Expott to Excel
fe ‘Report. xlsx 5
Export Events to Excel
r
[se vents-xisx
:
Reliesh View I Close I
Figure 33 - Maintain ARQ form — Presentation tab
This form allows filtered message data and event data to be output to Excel.
Results may be targeted to a different location/file using the “Change” button adjacent to the required
output file box.
Once all required options have been selected, clicking the Create Output button instigates the creation of
the required files.
There is a limit in Excel 2013 32 bit of about a million rows per spreadsheet. To ensure that this is never
exceeded when the number of rows is set to exceed 240,000 output is split across multiple worksheets.
This number is a constant MAX_XL_ROWS in the audit client source. If it is found that it would be useful
if this is increased it can be by request to the audit team. The maximum it can be set to would be around
the million mark. It will take a moderate amount of work to test such a large number and make sure it
works.
8.6 ‘Fast ARQ’ Form
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 58 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Si Fast ARQ =15l =I)
et aa ~
ARQ Details I
Requester =] Receipt Ret,
Date Received I 30/04/2010 nA Date Required = [90/4/2010
if Selection Criteria —
Fitter Start Date Fiter End Date Extta days for extraction FAD Code —_ Include Events
Famnnc x] [ave =] fo = a
Select cive and folder for output Queries to be run
[DATA]
II) [aads
I) LSdudi
Ca SomeARg
Ouput folder [oi \Audit\StandardD est
Exit ARQ
Execute ARG
Figure 34 - Fast ARQ form
This form is used to specify the search criteria and initiate a ‘fast’ ARQ. There are fewer options than
with the ‘slow’ ARQ forms but, once started by clicking the ‘Execute ARQ’ button, the ARQ will proceed
through the retrieving, sealing, filtering, querying and presentation steps without further user interaction.
The Fast ARQ form can be displayed in three ways:
1. Select ‘Fast ARQ’ from the File menu.
When opened from the File menu, the Fast ARQ form will be displayed as in Figure 34. The
Data Centre frame at the top of the form allows the selection of the data centre in which the new
ARQ is to be created.
2. Click the ‘New fast ARQ’ button in the toolbar.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 59 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
When opened from the toolbar, the Fast ARQ form will be displayed as in Figure 34. The Data
Centre frame at the top of the form allows the selection of the data centre in which the new ARQ
is to be created.
3. Right click on the required data centre and select ‘Fast ARQ’ from the drop down menu.
When opened by right clicking a data centre, the Data Centre frame is not shown in the form as
the data centre will automatically be set to the one which was clicked.
Field — I Input Value ae : Mandatory?
“Data Centre (if displayed) The data centre at which the ARQ is to be created. Mandatory
Requester Select From: Mandatory
Other 3° party
Pathway IA
Pathway Other
Pathway SSC
POCL IA
POCL Other
POCL Security
Receipt Ref. ARQ Number, taken from the ARQ form. Mandatory
Date Received The date the request was received. Mandatory
Date Required The date the request is to be returned. Mandatory
Filter Start Date Start date for which filtering should be applied. Mandatory
Filter End Date End date for which filtering should be applied. Mandatory
Extra days for extraction Number of days beyond the Filter End Date for I Mandatory
which audit files should be retrieved.
(An Audit File may not be gathered until one or two
days after it was created so adding extra days to
the Filter End Date helps to ensure that all the
required Audit Files are retrieved.)
FAD Code FAD Code to filter on. Mandatory
Include Events Checked if Event data is to be retrieved. Optional
Select drive and folder for I Specifies the location on the Audit Workstation I Mandatory
output where the final output files are to be copied.
Queries to be run Specifies the queries that are to be run against the I Optional
audit data that has been retrieved and filtered.
Output folder This is a read-only field that displays the selected
output folder.
After setting the selection criteria, the user can click the ‘Execute ARQ’ button to start the ARQ
processing. If no queries have been selected, a message box is shown asking the user to confirm that
they wish to continue (see figure 35).
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 60 of 72
fee)
FUJITSU
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
FUJ00158710
FUJ00158710
Requester
[other 3rd Party =
Receipt Ref.
4M3001
Date Received frovosrania ea
Date Required I 10/06/2010 ea]
Gb ee ee ee eee
Fitter Start Date Fiter End Date Extra daysforextiaction FAD Code —_Include Events
foroaroio =] [2evoarani0 =] fo =} [oazaa2 r
‘Audit Extractor Client ee st
Select drive and fok
wo __I
TOF”
IOPDVLA,
IDPDVLAAdditional
IOPMailService
lOPMailServiceSDAddress
IOPMLabel
IOPPANBarcodes
!OPPouchid
{OP_TITO
MailService
EW StandardDesk
\SomeARQ
Quput folder Jo cit
anda
Execute ARO I I
Figure 35 — Continue confirmation message box
If the user clicks ‘No’, the message box closes and the user is returned to the Fast ARQ form to select
one or more queries. If the user clicks ‘Yes’, the ARQ processing commences.
When the ARQ completes, the message ‘ARQ completed successfully’ will be displayed in the status bar
and the ‘Close ARQ’ and ‘Exit ARQ’ buttons are enabled.
An Excel spreadsheet is created in the specified output directory on the audit workstation for each of the
queries that have been executed. If events were included, a spreadsheet called Events.xls is also
created in the output directory.
(Note that if no queries were selected, there will be no Excel spreadsheets of message data created on
the audit workstation since no queries were run. The files of filtered message data (Filteredhx.xml and
Filteredhz.xml) will exist in the QUERY_AT\FINAL directory for the ARQ in the F:\UserArea on the audit
server.)
Clicking ‘Exit ARQ’ will close the Fast ARQ form but, if the ARQ has not been executed, a message box
will be displayed requesting confirmation that the ARQ is to be exited (see figure 36).
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 61 of 72
FUJ00158710
FUJ00158710
oO Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Si Fast ARQ we ilel Es)
ARQ Details —— aoe
Requester Other 3rd Party =] Receipt Ref. IAM3001
Date Received [10/06/2010 x] Date Required I 10/06/2010 >
~ Selection Criteria SoS eee = or
Filter Start Date Filter End Date Extra days for extraction FAD Code Include Events
foroareni0 x] [arvoarzni0 x] ps [aazaa2 x
Select drive and folder for output Queries to be run
[Sepa >] Audit Extractor Cli xs aise
‘The AiG hes ok croeted. ales ANBarcodes
Do you wish to close the form?
StandardDesk
iF}
IOPMailServiceSDAddress.
!OPMLabel
IOPPANBarcodes
!OPPouchid
OP_TITG
MaiService 2
Ouput folder fe \Audit\StandardDesk
Execute ARQ Clase ARG I Exit ARQ
I
Figure 36 — Exit Fast ARQ confirmation message box
Clicking ‘Close ARQ’ will display the Close ARQ form (see section 8.7).
8.7 Closing an ARQ
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version. 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 62 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Data Centre ] =i
Show Query Details I
Access Reason
Files Names ;
Filename. i Size I Status I I
I
I
I
I
I
I
Files Found 9 SelectAl [I
No of Files Selected 0 I
Size of Selected Files: 0 I
Close Gen, Close I
—— ee
Figure 37 - Close ARQ form
This form is used to close an active ARQ. It may be opened in five ways:
1. Select ‘Close ARQ’ from the File menu.
When opened from the File menu, the Close ARQ form will be displayed with the ‘Data Centre’
frame at the top of the form as shown in figure 37. This allows the selection of the data centre
from which the ARQ is to be closed.
2. Click the ‘Close ARQ’ button in the toolbar.
When opened from the toolbar, the Close ARQ form will be displayed with the ‘Data Centre’
frame at the top of the form as shown in figure 37. This allows the selection of the data centre
from which the ARQ is to be closed.
3. Right click on the required data centre and select ‘Close ARQ’ from the drop down menu.
When opened by right clicking a data centre, the ‘Data Centre’ frame is not shown in the form as
the data centre will automatically be set to the one which was clicked.
4. Right click on an ARQ in the Data Centres window and select Close from the drop down menu.
When opened by right clicking an ARQ, the ‘Data Centre’ frame is not shown in the form as the
data centre will automatically be set according to the data centre of the selected ARQ. In
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 63 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
fee)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
addition, the Query Reference drop down list will be disabled and pre-populated with the
selected query reference.
5. Click the ‘Close ARQ’ button on a Fast ARQ form.
When opened by clicking the ‘Close ARQ’ button, the ‘Data Centre’ frame is not shown in the
form as the data centre will automatically be set according to the data centre of the ARQ. In
addition, the Query Reference drop down list will be disabled and pre-populated with the query
reference of the ARQ.
Once the data centre and query reference have been selected, one of the following actions may be
performed:
Show Query Details
Displays a form showing details of the selected query (see section 8.5.2.1).
Close Query
Closes the ARQ.
Clicking the Close button will close the Close ARQ form.
Once the request is closed the audit log (see Appendix 2) is written to the F:\UserArea on the appropriate
Audit Server.
8.7.1 Closing Policy
Note that open ARQs can use a lot of disk space and should be closed when they are finished with.
In particular once an ARQ has been run and the data sent to the Post Office and they have confirmed
receipt of the data Sec Ops will close the ARQ and delete any ARQ data off of the audit workstations.
Appendix 1 FLOWR Query Language
It had been the intention to include a simplified guide to the FLOWR query language as part of this
manual. However, due to the complexity of the queries required and data to be analysed the W3C.
XQuery 1.0 Specification document has been included.
Section 3.8 pertains to FLOWR, although it is probable that the additional information contained in this
document will be required during the life of the system.
D:\FLOWR_Guide\
W3C_xQuery 1_0_S¢
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 64 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual .
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN E&
CONFIDENCE)
Appendix 2 Example ARQ Audit Log
Included is an example close log.
RFIOTH3076B. txt
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 65 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Appendix 3 PGP Zip Configuration
A requirement of the audit system is the ability to transfer the created Excel spreadsheet results in a
secure manner to the relevant customer. The mechanism that has been chosen to achieve this is to
create a self-extracting PGP zip file via the Symantec Encryption Desktop application. Every user who
activates the application for the first time has to go through a configuration process prior to being able to
use the application. The process for configuring the application is as follows:
Execute Symantec Encryption Desktop from the start menu.
Symantec Error x
This installation of PGP has not been initialized or the initialization
settings have been deleted or damaged.
Please reboot your computer or manually launch PGPtray and the setup
assistant will help you initialize PGP.
This may bring up the following Symantec error message, depending upon whether you are the first user
to perform the configuration steps. This message can safely be ignored as the initial configuration
corrects the error being reported. Select ‘Ok’ to continue.
Enabling POP
{yg donot mtn to use PG om ths account isnt necessary to comets the
ee _I
Encryption Desktop
ma One
Additional Features
Geymariat
(a) ce)
Ensure that ‘Yes’ is selected to enable PGP from this account and select the ‘Next’ button.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015,
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 66 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
Licensing Assistant: Enter License
Encryption Desktop nts the ence number received for your purchase or unradebelo. 1 you do
detheve scree uber youey zee rot wt mor eohres ated.
Enable User
Global rectory
Messa0ing [
‘Additional Features
Lee what need dele moet nconaiy)
Bsymantec.
oc CS] oe I
The PGP Zip functionality that is required can be utilised without the need for a licence key so select the
‘Use without a licence ...’ option and select the ‘Next’ button
symantec Ucensing
Encryption Desktop No cense specie. Most features wi be dale,
Enable User
‘Ucensing
Key Generation
Global Directory
‘Additional Features
Product infermaton
a) a, =
re Share re
Encypton Messaging
Por ore
Meuse over an en to lear about each feature of Ercryoton Desktop
VY symantec.
(ores
This screen confirms that only the PGP Zip functionlaity will be configured. If this is the case then select
the ‘Next’ button.
User Type
Symante
The accistant nl help you configure Encryption Desktop and mite your keys
Encryption Desktop
lense select one
yam new veer.
O thhave used Enerypton Desktop before and I have pasting keys
tessaging
ncsaggraatone)
GBsymantec.
ee
Select the ‘I am a new user option and select the ‘Next’ button.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 67 of 72
Fe)
FUJITSU
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
FUJ00158710
FUJ00158710
Encryption Desktop
GBsymantec
Encryption Desktop Setup Assistant
PGP Key Generation Assistant
‘The aasatant wil hep you generate a nen PGP key. A key requred by each
Spent nthe secured emai top. Uang a key wil ane rove te highest level of
Eenvervence when cteatng PGP Archives and PGP Dak.
1 you would ke mare information on what akey sand how PGP works, choose the
ntrrpton Desktop Mele mare
If youuse ahardiare token plesse isert/tmom, Your taken information wi eplay
ot
For the creation of Zip files it is not necessary to create PGP keys so on this page select the ‘Skip’
button.
Encryption Desktop Setup Assistant
Encryption Desktop
Enable User
Ucensing
New User
Key Generation
Global Directory
Additional Features
Ensure the ‘Automatically detect my email accounts’ option is NOT set and select the ‘Next’ button.
Encryption Desktop Setup Assi
nae
ryption Desktop
Enable User
Licensing
New User
Additional Features
Ysymantec.
Congratulations!
Ene yption Desktop is now ready for use.
PGP Messaging: Introduction
Encryption Desktop integrates seamlessly into your messagng. PGP automaticaly
detects and configures itself to secure the vast maponity of emal accounts and
Servers. SMTP, POP, IMAP, Exchange Server, and Lous Notes access ate pronied by
Eo
(Ciitematealy aeicet my anal accounts
Launch and contral Encryption Desktop from the Windows system tray
Erase sensitve documents by dregong them tothe PGP Shredder icon now located on
you desktop
At this point the PGP Zip functionaliy has successfully been configured so select the ‘Finish’ button.
Limited 2009-2017
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref: DEV/GEN/MAN/0015
CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 68 of 72
FUJ00158710
FUJ00158710
Audit Extraction Client User Manual
Fe)
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
On subsequent activation of the Symantec Encryption Desktop software the user is presented with the
following screen:
(Bd symantec Encryption Desktop -veriction tony
To create a Zip file of the Audit results select the ‘New PGP Zip’ option. The generates the following
screen:
PGP Zip Assistant
Symante\ dus) New PGP Zip
ryption Desktop teu
Encryption Desktop [eet etter etre erga
fies nto the box, or use the buttons below to browse for your election,
Name Size Type
Drag and Drop files here
symantec.
The user should then drag and drop all the audit result files into the list area of the screen and optionally
select the ‘Shred originals’ option if the files on disk are to be destroyed. The user should then select the
‘Next’ button.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 69 of 72
Fe)
FUJITSU
Audit Extraction Client User Manual
FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
FUJ00158710
FUJ00158710
PGP Zip Assistant
symantec
Encryption Desktop
Ssymanteé
Select the ‘PGP Self-Decrypting Archive’ option and then select the ‘Next’ button.
PGP Zip Assistant
symantec
Encryption Desktop
Sign 8
Encrypt
choose how you want to encrypt te your reapeents, Ifyou re uneure of partial anton
[Sckit ta see an explanaton bao
(O Recipient keys
Thave keys (ral reaplents (most secre)
Orassphrase
1 donlthave keys for al recpients, but they alluse Eneryption Desktop
@PGP Sei Decrypting Archive
Reapents donot use Encryption Desktop
sign Only
eate @ PCP Signature fe (no enerypsen)
Use the ton when you do not need Encryption Desktop to encrypt your fle, you ely
edit to create a PGP Signature fe (prove that you are te sander) and ther
nto 2p archive. Racinents mast have Ena ypton Design notated
‘Sn the computers to open or venty the Hp orcive
< Bock iets Cancel He
Create a passphrase
(Create a passphrase to secure your items.
Passphrace:
Conf:
‘Show Keystrokes [_]
cio] [eres
At this stage the user should enter the passphrase that the customer will use in order to extract the
results file. Note that the ‘Next’ button will only be enabled when the text in the Passphrase and Confirm
areas match. When this is the case select the ‘Next’ button.
Limited 2009-2017
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref:
CONFIDENCE) Version:
UNCONTROLLED IF PRINTED Date:
Page No:
DEV/GEN/MAN/0015
9.0
21 May 2018
70 of 72
FUJ00158710
FUJ00158710
(oe) Audit Extraction Client User Manual
FUJITSU FUJITSU RESTRICTED (COMMERCIAL IN
CONFIDENCE)
PGP Zip Assistant
Symantec Sign and Save
Encryption Desktop
Sad the save location below
Sonng Key
I
I
Signing your PGP Zp alows your reaplents to venfy its authentic. Confer your signing key
I
I
em 7 gf OO icesO Adare Browse,
Vi symantec.
<Back Bees] I cance Heb
The final stage is to specify the location that the PGP Zip file is to created in. This will typically be the
medium that is going to be used to transfer the data. When specified select the ‘Next’ button.
PGP Zip Assistant
Finished
Encryption Desktop ea s
four PCP Zp is sea
= B tp
Creating PGP Self Decrypting Archive OTH30978. Hz JOPMailSen
1 W) Reporting I
Encrypting with passphrase I
@ [l) Files & Folders
(0TH30978 Horizonaxml
(OTH30978_Hz JOPMailSericeSDAddress.xql
I
« >
At this point select ‘Finish’ and the zip file creation will be completed.
© Copyright Fujitsu Services FUJITSU RESTRICTED (COMMERCIAL IN Ref. DEV/GEN/MAN/0015
Limited 2009-2017 CONFIDENCE) Version: 9.0
UNCONTROLLED IF PRINTED Date: 21 May 2018
Page No: 71 of 72