Skip to content

Added support for Datadog CloudSIEM

Choose a tag to compare

View all tags
@pimvdnoll pimvdnoll released this 06 Sep 11:22
· 4 commits to main since this release
v2.1
6442c32
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

To support the feature of using Datadog's CloudSIEM there is a new constant introduced to enable this. When enabled it will produce INFO logmessages that are detected by Datadog's CloudSIEM if you have Datadog configured for your environment.
Please take a look at the documentation: https://docs.mendix.com/developerportal/operate/datadog-metrics/ and https://www.datadoghq.com/blog/how-to-monitor-authentication-logs/#log-using-a-standard-parsable-format

Example is

evt.category="authentication" evt.name="MFA code created" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="user login with MFA" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="MFA validated" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="unknown user" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="Henk"
evt.category="authentication" evt.name="invalid password" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="MFA enabled but no session found" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Max MFA attempts exceeded" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
Assets 3
Loading