By Greg Keller Posted September 17, 2015
Having the ability to review the activities of users who have accessed and performed operations against resources within your internal network has become an absolute requirement for organizations of any size, large or small. The increase in data breaches is now reaching disturbing levels. Forrester Research provided alarming data related to this trend, and thus, companies are moving fast to better secure, monitor and put in places the mechanisms to review what took place when a security event occurs. Event logging is a common method to capture and store data which traces states and activities of resources in your enterprise. Event logs contain critical information to assist system administrators with analyzing data when performing forensic analysis over events, most commonly security-related events. The data these event logs persist generally describe:
WHO performed WHAT action to WHAT resource, WHEN, from WHAT location.
With this criticality in mind, directories like JumpCloud are prime resources requiring clear and easily accessible event logging data. JumpCloud manages core employee identities and connects those identities to IT resources so capturing those event patterns are critical. In addition, determining when JumpCloud executed commands against resources such as workstations and servers, one of it’s more popular features, is also incredibly important.
We are pleased to announce the release of JumpCloud’s ‘Events API’, our latest extension to the platform’s popular REST API. The Events API provides JumpCloud administrators the ability to query event data on demand or via scheduled jobs to efficiently consume log files containing various logged events e.g., changes to your JumpCloud account, such as additions, deletions, modifications to objects or execution of operations under the control of JumpCloud. JumpCloud’s Events API outputs readable JSON, a common standard for structuring data. JumpCloud’s Event API collects data for various aspects of the JumpCloud platform. The following describes what is being collected now, and what is coming soon.
- JumpCloud Administrator Console Events
- JumpCloud User Portal Events
- System Events – events that occur on desktop, laptop, or server systems running the JumpCloud agent (coming soon)
A complete technical overview of the Events API, the event data elements captured, and finally examples of code to execute your own log downloading, can be found here in our Knowledge Base.