Jacques B Posted July 18, 2022 Report Share Posted July 18, 2022 Where does Intella Connect store logins? As part of our security review I want to check the logs regularly for failed logins for evidence of possible malicious attempts. I am hoping to be able to attribute that back to a network user. For that, I'll probably have to get logs from IT. Intella Connect is being deployed such that it will be accessible by anyone who authenticates to our corporate network (whether in the office or home). Only select people will be granted access to Intella Connect via username/password and 2FA. The IP of the server won't be published, so stumbling across it is unlikely. Despite those layers of security (must authenticate to our network with 2FA if not in the office, must know the address of the server, and must log in to Intella Connect with proper credentials and 2FA), I also want to monitor failed attempts and if appropriate attribute that to a user for an investigation into a possible unauthorized attempt to access a resource. Thanks. Quote Link to comment Share on other sites More sharing options...
jon.pearse Posted July 25, 2022 Report Share Posted July 25, 2022 Hi Jacques, Connect has built-in auditing of activity that occurs in the case. To see this you need to have the case shared and a user needs to be logged in to the case. Then click on the Activity tab. Select your case from the dropdown. If you want to just see log in activity, select that option only from the Event types list. E.g. Quote Link to comment Share on other sites More sharing options...
Jacques B Posted July 25, 2022 Author Report Share Posted July 25, 2022 Thanks Jon, That's good to know. But where do I get the logs for the main login page where your cases are listed? And if I want to do a security audit of logins and attempted logins, is there an aggregated log? Or do I have to check each individual log via the GUI? If not available, it would be especially helpful in a future release to have a way to see all logins (and attempts) across all cases, as well as the main page with the list of cases. And being able to set alerts/notifications of logins or failed logins would be helpful from a audit/security perspective. Either the functionality within Intella Connect, or in absence of that (or in addition to), a way to query the logs via an API using PowerShell to incorporate checking Intella Connect logs in a custom script that audits various logs on a server. Also, where do I find the web server logs in case I need to review those as part of a security audit? Thanks, Jacques 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.