Showcase: Web Console Event Auditing and Logging

Written by Greg Keller on November 17, 2015

Share This Article

It seems as if all of the news stories we read about are brand name organizations having their data compromised by hackers. And, if it seems that way, it is – more organizations are being compromised than ever before. The urgency to lock down infrastructure by IT departments to ensure they are not the next ‘TechCrunch’ story is all consuming. These same IT departments putting in place employee access security architectures must also lay in place the ability to ‘record’ access events to have means for post mortems in the event of a breach.  

To help meet this need, we’ve enabled event logging within the product in various capacities, most recently enabling the recording of Administrative Console and User Portal events. For example, it’s important to track when an admin on the account makes an access control change, granting or denying a new user certain permissions. For compliance purposes, those changes need to be turned in to the auditors. Our Event Logging API enables that, allowing IT admins the ability to query our database on demand for events on the JumpCloud console related to their account

There is an analogous feature in which events from logins onto devices like laptops, workstations and servers is also available, but we’ll discuss that separately in a different blog post. The purpose of this blog post is to highlight the events and logging available with respect to the web console.

Virtually, and literally, all changes made on the JumpCloud console are available via the Event Logging API. Changes on the Portal and Console that are made and then logged can include instances such as:

         User accounts added/terminated

         Admin accounts modified

         Active Directory bridge activated/deactivated

         Google Apps integration activated/deactivated

         LDAP activated/deactivated

         Password complexity modified

         Systems added/terminated/modified

         Tags added/terminated/modified

–       More…

Any other changes made in the web console are also logged. It should be noted that not only are manual changes available via the logs, but also that any changes made by API calls are also logged. This helps ensure that any automated changes made to the system are also traced.

All of the web console event logs are available via a simple data query range mechanism through an API call. The data is returned via JSON and can be subsequently imported and integrated into larger logging initiatives managed by analysis tools such as Splunk. Plus, the data can be retained for audits or compliance events. By default, JumpCloud stores all web console event data for 30 days.

If you would like to learn more about how JumpCloud stores web console events for auditing and logging, drop us a note. We’d be happy to walk you through the functionality.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter