Showcase: Web Console Event Auditing And Logging

By Greg Keller Posted November 17, 2015

event auditing and logging

It seems as if all of the news stories we read about are brand name organizations having their data compromised by hackers. And, if it seems that way, it is – more organizations are being compromised than ever before. The urgency to lock down infrastructure by IT departments to ensure they are not the next ‘TechCrunch’ story is all consuming. These same IT departments putting in place employee access security architectures must also lay in place the ability to ‘record’ access events to have means for post mortems in the event of a breach.  

To help meet this need, we’ve enabled event logging within the product in various capacities, most recently enabling the recording of Administrative Console and User Portal events. For example, it’s important to track when an admin on the account makes an access control change, granting or denying a new user certain permissions. For compliance purposes, those changes need to be turned in to the auditors. Our Event Logging API enables that, allowing IT admins the ability to query our database on demand for events on the JumpCloud console related to their account

There is an analogous feature in which events from logins onto devices like laptops, workstations and servers is also available, but we’ll discuss that separately in a different blog post. The purpose of this blog post is to highlight the events and logging available with respect to the web console.

Virtually, and literally, all changes made on the JumpCloud console are available via the Event Logging API. Changes on the Portal and Console that are made and then logged can include instances such as:

         User accounts added/terminated

         Admin accounts modified

         Active Directory bridge activated/deactivated

         Google Apps integration activated/deactivated

         LDAP activated/deactivated

         Password complexity modified

         Systems added/terminated/modified

         Tags added/terminated/modified

–       More…

Any other changes made in the web console are also logged. It should be noted that not only are manual changes available via the logs, but also that any changes made by API calls are also logged. This helps ensure that any automated changes made to the system are also traced.

All of the web console event logs are available via a simple data query range mechanism through an API call. The data is returned via JSON and can be subsequently imported and integrated into larger logging initiatives managed by analysis tools such as Splunk. Plus, the data can be retained for audits or compliance events. By default, JumpCloud stores all web console event data for 30 days.

If you would like to learn more about how JumpCloud stores web console events for auditing and logging, drop us a note. We’d be happy to walk you through the functionality.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts