Product Communities
Sign In Register

Robust logging API endpoint

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines

Robust logging API endpoint

0 Kudos

Robust logging API endpoint

Status: New Submitted by on ‎12-14-2022 05:50 PM
Comment

For a truly enterprise product, LastPass must introduce an API endpoint that organizations can connect their log management or SIEM tool to in order to collect LastPass activity logs. The log format should include timestamps in IETF RFC 3339 compliant format and be encapsulated in JSON.

 

The reporting functionality is not good enough and doesn't provide enough detail in any case.


Example events that should be logged:

  • Authentication
  • Administrator activity
    • User creation/modification/deletion/enablement/disablement
    • Master password reset
    • Role/permission changes
    • Role assignment
    • Policy changes
  • User activity
    • Site added/modified/deleted
      • Include site name and the name of the attribute of site that was changed.
        • Does not need to list the actual content that was added or set, just some details about that action that occurred so it can be used in tracing back to the source user that did it.

Example log events:

[{"id":"f511d4ed-0fcc-4676-bb73-5fa17555512e","timestamp":"2022-12-14T17:33:43.369Z","eventId":"1001","eventType":"authentication","sourceIp":"39.1.231.14","targetUser":"user2@contoso.com","result":"success","method":"saml","mfa":"unknown","mfaType":"unknown","message":"user2@contoso.com successfully logged in."},
{"id":"a853527b-c608-4e40-b590-8ef361e0bb60","timestamp":"2022-12-14T17:41:16.848Z","eventId":"1001","eventType":"authentication","sourceIp":"142.111.3.4","targetUser":"user3@example.com","result":"success","method":"local","mfa":false,"mfaType":"none","message":"user3@example.com successfully logged in."},
{"id":"74cbee29-ae57-4bda-9c4a-e29cb7defc35","timestamp":"2022-12-14T17:46:11.528Z","eventId":"1001","eventType":"authentication","sourceIp":"142.111.5.74","targetUser":"user4@contoso.com","result":"success","method":"local","mfa":true,"mfaType":"totp","message":"user4@contoso.com successfully logged in."},
{"id":"37ef5018-f3a3-440d-94ba-bb220fb9f8a4","timestamp":"2022-12-14T17:20:11.419Z","eventId":"4001","eventType":"itemchange","sourceIp":"138.13.85.235","sourceUser":"user1@example.com","itemName":"Company Amazon account","folderName":"Shared-Company Web Accounts","attribute":"username","action":"cleared","message":"user1@example.com cleared the username attribute on \"Company Amazon Account\" in folder \"Shared-Company Web Accounts\"."}]

See more ideas labeled with:
About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved