In Blog, Identity and Access Management (IAM), IT admins, Linux, News, Security, Uncategorized

A key ingredient for any auditing and compliance practice for a business is to answer some basic questions…like: Who did what, when, from where. To help provide meaningful data for these important chores, we launched our Event Logging API in September this year, and have since included a critical piece of functionality to round out this feature: System Event Logging for Mac OS X, Windows and Linux OSs. The benefits of this are significant as understanding who is attempting to or successfully logging into every workstation or server in your business is critical. The data is the basis to understand potential compromises and can assist in finding out who or what might be attempting a breach and from where. Further, for compliance requirements, knowing who has logged in when and on what device is a critical component to passing an audit or to generally assess and record frequency of user/system interactions.

Logging Events

Employee workstations, laptops and servers themselves are one of the most exposed entry points into an organization when it comes to gaining access to critical information, systems and data. To this end, JumpCloud has instrumented the Windows, Mac and Linux systems it manages with capturing discrete data about logins. The JumpCloud system agent will now capture information such as…

  • User login success
  • User login failure
  • User source IP where the login attempt took place

System login data is collected and stored  in JumpCloud’s Events Database and then ultimately available for users to download. Events include the device being logged into, user’s IP (where the user came from if remotely logging in), username, time of the login event, and whether it is successful or not. Events are combined for each account and available for IT admins to download.

Events are accessible via a simple API call and can be queried by date range. JumpCloud stores data for a rolling 45 days, but admins may download the data at any time. Most IT organizations will leverage that data by putting it into their security event information management system or similar log analysis tool such as Splunk.

Learn More and Try it Now!

Already use JumpCloud and want to start using the Events API? Read this knowledgebase article and get started! If you would like to learn more about how JumpCloud’s login event auditing and log tracking functionality can help you, drop us a note or give JumpCloud a try. Your first 10 users are free forever.

Recent Posts