Can you add a value for the action_value (success/failure) for login events in the Audit log. Currently you can’t tell the difference between login sucesses and login failures. I just happened to notice that one of the operators used a very strange user name to login with. After looking at the audit table I figured out by the status_code that it had to be a failure and that the operator entered their user name and password on the same line 
.
Also, in the light of seeing the operator’s password and noticing it does not conform with the organization’s password rules, it would be helpful if the user management component had a way of enforcing some type of password security rules.