Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-557

Support traceability of autehtication request to enable intrustion detection and forensics -> add requesting IP to authenticatePrincipal and add analyzable logs


    • Icon: Suggestion Suggestion
    • Resolution: Tracked Elsewhere
    • None
    • Plugins, SOAP
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      What we would like to do is to monitor access patterns to our extranet to spot intrusions, intrusion attempts. So far we are goind this by analyzing the logs of our central inbound proxy server and correlating users, source IP domains and other information.
      With CROWD we gained a central authetication point that records all authentication requests which is great.

      However there are a few things that could be improved:

      • It would be nice if CROWD could write a simple audit trail that just records: username, requesting IP (the IP of the applications user, not the application), application and possibly requested information. Preferably in a format a la common log format so that it can be easily processed.
      • We can extract this from the current logs (it is a little bit more complicated, but for this god gave us Perl). However what CROWD does not log is the IP of the reuqesting user. Looking at the SOAP API, this information is never given to CROWD. So I suggest to extend the API. This would also allow (possible) CROWD plugins that can enforce IP ranges.

            Unassigned Unassigned
            150ccb5cf9f8 kgbvax
            12 Vote for this issue
            6 Start watching this issue


                Original Estimate - 24h
                Remaining Estimate - 24h
                Time Spent - Not Specified
                Not Specified