Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:adm:reading_audits [2019/09/02 12:11] fiserp [New identity created] |
tutorial:adm:reading_audits [2021/10/07 13:39] (current) fiserp |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Audit - Reading audit information ====== | ====== Audit - Reading audit information ====== | ||
This article shows how to connect CzechIdM to automated security monitoring system (SIEM). This form of integration is necessary in many organizations. IdM, being the central point where identities and their roles are managed, is just another piece of the security monitoring mosaic. | This article shows how to connect CzechIdM to automated security monitoring system (SIEM). This form of integration is necessary in many organizations. IdM, being the central point where identities and their roles are managed, is just another piece of the security monitoring mosaic. | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | Please, use specialized [[devel: | ||
===== Important events to monitor ===== | ===== Important events to monitor ===== | ||
Line 117: | Line 121: | ||
" | " | ||
" | " | ||
+ | // who created | ||
" | " | ||
" | " | ||
+ | // login of created identity | ||
" | " | ||
" | " | ||
Line 125: | Line 131: | ||
</ | </ | ||
==== Identity deleted ==== | ==== Identity deleted ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | </ | ||
==== Identity enabled ==== | ==== Identity enabled ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // current state of identity | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // previous state | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
==== Identity disabled ==== | ==== Identity disabled ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // current state of identity | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // previous state | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
==== Identity password changed ==== | ==== Identity password changed ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
==== Privilege/ | ==== Privilege/ | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // name of the role | ||
+ | " | ||
+ | ... redacted ... | ||
+ | }, | ||
+ | " | ||
+ | }, | ||
+ | // identity the role was assigned to | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
==== Privilege/ | ==== Privilege/ | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // name of the role | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | }, | ||
+ | // user the role was removed from | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | } | ||
+ | } ] | ||
+ | } | ||
+ | </ | ||
==== Role request approved ==== | ==== Role request approved ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | }, | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | }, | ||
+ | " | ||
+ | } ] | ||
+ | } | ||
+ | </ | ||
==== Role request rejected ==== | ==== Role request rejected ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | ... redacted ... | ||
+ | , | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | }, | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | }, | ||
+ | " | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
==== New role created ==== | ==== New role created ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | // who created the role | ||
+ | " | ||
+ | // role name in the form of NAME|environment | ||
+ | " | ||
+ | ... redacted ... | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // implementation name of the role | ||
+ | " | ||
+ | // deployment environment the role is intended for | ||
+ | " | ||
+ | // user friendly name of the role | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
==== Role modified ==== | ==== Role modified ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | </ | ||
==== Role deleted ==== | ==== Role deleted ==== | ||
+ | **Request** | ||
+ | < | ||
+ | GET / | ||
+ | ?size=99999 | ||
+ | &page=0 | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | & | ||
+ | </ | ||
+ | |||
+ | **Response** | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ... redacted ... | ||
+ | } | ||
+ | </ |