You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Sumo Logic App for JumpCloud Directory Insights helps IT admins and security analysts track user activities, authentication events, and security actions in JumpCloud-managed environment. By using JumpCloud Directory Insights logs, the app allows them to monitor access, detect anomalies, and respond to security threats efficiently.
13
-
With pre-configured dashboards, the app delivers insights into user authentication trends, directory modifications, policy enforcement, and security incidents. Analysts can track failed login attempts, privileged access changes, and account lockouts in real-time to improve security and ensure organizational policy compliance.
12
+
The Sumo Logic app for JumpCloud Directory Insights provides comprehensive visibility into user activities, authentication events, and security actions in the JumpCloud managed environment. By using JumpCloud Directory Insights logs, this app enables IT administrators and security analysts to monitor access, detect anomalies, and respond to security threats efficiently.
13
+
14
+
With pre-configured dashboards, the app delivers insights into user authentication trends, directory modifications, policy enforcement, and security incidents. Analysts can track failed login attempts, privileged access changes, and account lockouts in real time to improve security and ensure organizational policy compliance.
14
15
15
16
:::info
16
17
This app includes [built-in monitors](#jumpcloud-directory-insights-monitors). For details on creating custom monitors, refer to the [Create monitors for JumpCloud Directory Insights app](#create-monitors-for-the-jumpcloud-directory-insights-app).
@@ -20,7 +21,7 @@ This app includes [built-in monitors](#jumpcloud-directory-insights-monitors). F
20
21
21
22
This app uses Sumo Logic’s [JumpCloud Directory Insights Source](docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source/) to collect the logs from the JumpCloud Directory Insights platform.
22
23
23
-
### Sample log messages
24
+
### Sample log message
24
25
25
26
<details>
26
27
<summary>Event Log</summary>
@@ -245,19 +246,15 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md';
245
246
246
247
### Overview
247
248
248
-
The **JumpCloud Directory Insights - Overview** dashboard provides the following key metrics:
249
-
- A comprehensive view of the directory activity (user logins, admin changes, system updates).
250
-
- Tracking of successful and failed logins over time to help IT teams spot patterns.
251
-
- Insights into user provisioning, deprovisioning, and group membership changes, with visibility into directory structure updates.
252
-
- Monitoring of administrator actions like password resets and policy modifications.<br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/JumpCloud+Directory+Insights/JumpCloud+Directory+Insights+-+Overview.png')} alt="JumpCloud Directory Insights-Overview" style={{border: '1px solid gray'}} width="800" />
249
+
The **JumpCloud Directory Insights - Overview** dashboard provides a comprehensive view of directory activity, including user authentications, administrative changes, and system modifications. It highlights authentication trends by tracking successful and failed logins over time, helping IT teams identify patterns. This dashboard also provides insights into user provisioning, de-provisioning, and group membership changes, offering visibility into directory structure updates. Additionally, it includes administrator actions such as password resets and policy modifications to monitor privileged activities.
The **JumpCloud Directory Insights - Security Overview** dashboard provides the following key metrics:
257
-
- Tracking of security events like failed logins, account lockouts, and privilege escalations.
258
-
- Geographic insights into authentication activities to spot suspicious login locations.
259
-
- Tracking of high-risk events such as MFA failures and unauthorized access attempts to enhance security monitoring.
260
-
- Analysis of login behaviors and access trends to help security teams identify threats and enforce compliance policies.<br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/JumpCloud+Directory+Insights/JumpCloud+Directory+Insights+-+Security+Overview.png')} alt="JumpCloud Directory Insights-Security Overview" style={{border: '1px solid gray'}} width="800" />
255
+
The **JumpCloud Directory Insights - Security Overview** dashboard focuses on security-related events, emphasizing failed login attempts, account lockouts, and privilege escalations. It provides geographic insights into authentication activities, helping you to detect suspicious login locations. This dashboard also tracks high-risk events such as MFA failures and unauthorized access attempts to enhance security monitoring. By analyzing login behaviors and access trends, it helps security teams identify potential threats and enforce compliance policies.
## Create monitors for the JumpCloud Directory Insights app
263
260
@@ -270,9 +267,9 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
270
267
| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition |
271
268
|:--|:--|:--|:--|
272
269
|`JumpCloud Directory Insights - Alerts Created`| This alert is triggered when potential security risks, configuration issues, or critical system events requiring investigation are identified. | Critical | Count > 3 |
273
-
|`JumpCloud Directory Insights - Disabled MFA`| This alert is triggered when unauthorized flags or accidental removal of MFA, which could expose accounts to compromise, are identified. Immediate review is recommended to ensure compliance and security. | Critical | Count > 0 |
274
-
|`JumpCloud Directory Insights - Events from Embargoed Locations`| This alert is triggered when logins or actions from embargoed locations, suggesting potential unauthorized access, are detected. Investigate to confirm legitimacy or block malicious actors. | Critical | Count > 0 |
275
-
|`JumpCloud Directory Insights - Impossible Logins`| This alert is triggered when the user account is compromised. For example, a user logging in from two distant locations consecutively. Urgent investigation is required to rule out credential theft. | Critical | Count > 0 |
270
+
|`JumpCloud Directory Insights - Disabled MFA`| This alert is triggered when unauthorized flags or accidental removal of MFA are identified. This could expose accounts to compromise and immediate review is recommended to ensure compliance and security. | Critical | Count > 0 |
271
+
|`JumpCloud Directory Insights - Events from Embargoed Locations`| This alert is triggered when logins or actions from embargoed locations are detected, suggesting potential unauthorized access. Investigate to confirm legitimacy or block malicious actors. | Critical | Count > 0 |
272
+
|`JumpCloud Directory Insights - Impossible Logins`| This alert is triggered when the user account is compromised. For example, a user logging in from two distant locations consecutively. Immediate investigation is required to rule out credential theft. | Critical | Count > 0 |
276
273
|`JumpCloud Directory Insights - Unsuccessful Logins`| This alert is triggered when credentials are misconfigured, or when brute-force attacks and credential stuffing are detected. Review source IPs and lock accounts if suspicious activity is confirmed. | Critical | Count > 1 |
277
274
|`JumpCloud Directory Insights - Unsuccessful SSOs`| This alert is triggered by misconfigurations in identity providers or malicious attempts to bypass SSO. Check SSO logs to identify the cause or any threats. | Critical | Count > 1 |
0 commit comments