From 5e2ef29d13ffde3e7a0ae9aa56875cbe8ddc87dc Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Tue, 11 Feb 2025 18:09:01 +0530 Subject: [PATCH 1/7] Trust Login (Apps) --- blog-service/2025-02-14-apps.md | 14 ++ cid-redirects.json | 1 + .../product-list/product-list-m-z.md | 2 +- docs/integrations/saas-cloud/index.md | 6 + docs/integrations/saas-cloud/trust-login.md | 186 ++++++++++++++++++ sidebars.ts | 1 + 6 files changed, 209 insertions(+), 1 deletion(-) create mode 100644 blog-service/2025-02-14-apps.md create mode 100644 docs/integrations/saas-cloud/trust-login.md diff --git a/blog-service/2025-02-14-apps.md b/blog-service/2025-02-14-apps.md new file mode 100644 index 0000000000..cf1513ee97 --- /dev/null +++ b/blog-service/2025-02-14-apps.md @@ -0,0 +1,14 @@ +--- +title: Trust Login (Apps) +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - apps + - trust-login +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +icon + +We're excited to introduce the new Trust Login app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Trust Login source that collects report logs from the Trust Login platform, enabling security analysts monitor authentication events, user activities, and respond to potential security threats across your organization. [Learn more](/docs/integrations/saas-cloud/trust-login/). \ No newline at end of file diff --git a/cid-redirects.json b/cid-redirects.json index 50931975cf..1f66641d30 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -1843,6 +1843,7 @@ "/cid/1961": "/docs/integrations/amazon-aws/elasticache", "/cid/1962": "/docs/integrations/saas-cloud/cloudflare", "/cid/1995": "/docs/integrations/saas-cloud/code42-incydr", + "/cid/1971": "/docs/integrations/saas-cloud/trust-login", "/cid/1963": "/docs/integrations/sumo-apps/enterprise-audit", "/cid/1964": "/docs/integrations/security-threat-detection/f5-big-ip-ltm", "/cid/1965": "/docs/integrations/security-threat-detection/netskope", diff --git a/docs/integrations/product-list/product-list-m-z.md b/docs/integrations/product-list/product-list-m-z.md index 86622e58a6..980ace0d9d 100644 --- a/docs/integrations/product-list/product-list-m-z.md +++ b/docs/integrations/product-list/product-list-m-z.md @@ -184,7 +184,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [ | Thumbnail icon | [ThreatQ](https://www.threatq.com/) | Automation integration: [ThreatQ](/docs/platform-services/automation-service/app-central/integrations/threatq/) | | Thumbnail icon | [Trellix](https://www.trellix.com/en-us/index.html) | Automation integrations:
- [FireEye AX](/docs/platform-services/automation-service/app-central/integrations/fireeye-ax/)
- [FireEye Central Management (CM)](/docs/platform-services/automation-service/app-central/integrations/fireeye-central-management-cm/)
- [FireEye Email Security (EX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-email-security-ex/)
- [FireEye Endpoint Security (HX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-endpoint-security-hx/)
- [FireEye Helix](/docs/platform-services/automation-service/app-central/integrations/fireeye-helix/)
- [FireEye Network Security (NX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-network-security-nx/)
Cloud SIEM integrations:
- [FireEye](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/1430ab5c-7b8b-44e9-a8ec-83076fa374eb.md)
- [Trellix](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/9bec8407-4182-46ec-99dd-2adfade15652.md)
Collector: [Trellix mVision ePO Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/) | | Thumbnail icon | [Trend Micro](https://www.trendmicro.com/en_us/business.html) | Apps:
- [Trend Micro Deep Security](/docs/integrations/security-threat-detection/trend-micro-deep-security/)
- [Trend Micro Vision One](/docs/integrations/saas-cloud/trend-micro-vision-one/)
Automation integrations:
- [Trend Micro Deep Security](/docs/platform-services/automation-service/app-central/integrations/trend-micro-deep-security/)
- [Trend Micro Vision One](/docs/platform-services/automation-service/app-central/integrations/trend-micro-vision-one/)
Cloud SIEM integration: [Trend Micro](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/8af48b83-18bf-4233-ad51-db37baca0313.md)
Collector: [Trend Micro Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source)| -| Thumbnail icon | [Trust Login](https://trustlogin.com/en/) | Collector: [Trust Login Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source) | +| Thumbnail icon | [Trust Login](https://trustlogin.com/en/) | App: [Trust Login](/docs/integrations/saas-cloud/trust-login)
Collector: [Trust Login Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source) | | Thumbnail icon | [Tufin](https://www.tufin.com/) | Automation integrations:
- [Tufin SecureChange](/docs/platform-services/automation-service/app-central/integrations/tufin-securechange/)
- [Tufin SecureTrack V2](/docs/platform-services/automation-service/app-central/integrations/tufin-securetrack-v2/) | ## U diff --git a/docs/integrations/saas-cloud/index.md b/docs/integrations/saas-cloud/index.md index bc67e9d398..75e8f5652d 100644 --- a/docs/integrations/saas-cloud/index.md +++ b/docs/integrations/saas-cloud/index.md @@ -339,6 +339,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.

Analyze alert logs to detect potential security risks.

+
+
+ icon

Trust Login

 +

Analyze authentication events, user activities, and potential security threats.

+
+
icon

VMware Workspace ONE

 diff --git a/docs/integrations/saas-cloud/trust-login.md b/docs/integrations/saas-cloud/trust-login.md new file mode 100644 index 0000000000..b57cbcf0a3 --- /dev/null +++ b/docs/integrations/saas-cloud/trust-login.md @@ -0,0 +1,186 @@ +--- +id: trust-login +title: Trust Login +sidebar_label: Trust Login +description: The Trust Login app for Sumo Logic provides security analysts with insights into authentication events, user activities, and potential security threats. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Trust-Login-icon + +The Trust Login app for Sumo Logic helps security analysts monitor authentication events, user activities, and potential security threats. It provides real-time tracking of login attempts, account changes, and policy updates to detect anomalies. Dashboards offer event breakdowns, trends, and time-based comparisons for faster incident response and investigations. Geo-location tracking identifies login attempts from high-risk regions, improving threat detection, while the app's alert mechanism highlight unusual activities, like suspicious logins and geo-location events, enabling proactive threat mitigation. By centralizing security insights, the app improves visibility, streamlines investigations, and strengthens security. + +:::info +This app includes [built-in monitors](#trust-login-alerts). For details on creating custom monitors, refer to the [Create monitors for Trust Login app](#create-monitors-for-the-trust-login-app). +::: + +## Log types + +This app uses Sumo Logic’s [Trust Login Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source/) to collect incidents and events logs from the Trust Login platform. + +## Sample log message + +```json title="Report Log" +{ + "id": "eb764e67-a338-481b-b57a-8f51461463ca", + "created_at": "2024-07-23T01:14:11.376+09:00", + "updated_at": "0001-01-01T00:00:00Z", + "tenant_id": "a4992f54-808d-4959-8d31-52b20d415f51", + "subject": { + "id": "b1a4aec3-45d6-49dc-9e8f-c0954ebdffd9", + "type": "user", + "data": { + "email": "qa6@junqa2022.com", + "first_name": "", + "full_name": "6 qa", + "ip_address": null, + "last_name": "" + } + }, + "objects": [ + { + "id": "b1a4aec3-45d6-49dc-9e8f-c0954ebdffd9", + "type": "Membership", + "data": { + "email": "qa6@junqa2022.com", + "first_name": "qa", + "last_name": "6" + } + } + ], + "event": { + "type": "suspended", + "context_data": { + "log_msg": "qa6@junqa2022.com" + }, + "category": "general", + "producer": "portal" + } +} +``` + +## Sample queries + +```sql title="Events by Category" +_sourceCategory=TrustLoginAppTest +| json "id", "event.type", "event.category", "event.producer", "subject.type", "objects", "subject.data.full_name", "subject.data.ip_address", "created_at", "event.context_data.log_msg", "subject.data.email", "subject.id", "subject.data.first_name", "subject.data.last_name" as event_id, event_type, event_category, event_producer, subject_type, objects, subject_full_name, subject_ip_address, created_at, event_msg, subject_email, subject_id, subject_first_name, subject_last_name nodrop +| parse regex field=objects "(?\{(?:[^\{\}]|\{[^\{\}]*\})*\})" multi +| json field=objects "type", "data.email" as object_type, object_email nodrop + +// global filters +| where event_category matches "{{event_category}}" +| where event_producer matches "{{event_producer}}" +| where event_type matches "{{event_type}}" +| where object_type matches "{{object_type}}" +| where subject_type matches "{{subject_type}}" + +| count by event_id, event_category +| count by event_category +| sort by _count, event_category +``` + +```sql title="Events Over Time by Type" +_sourceCategory=TrustLoginAppTest +| json "id", "event.type", "event.category", "event.producer", "subject.type", "objects", "subject.data.full_name" as event_id, event_type, event_category, event_producer, subject_type, objects, subject_full_name nodrop +| parse regex field=objects "(?\{(?:[^\{\}]|\{[^\{\}]*\})*\})" multi +| json field=objects "type" as object_type nodrop + +// global filters +| where event_category matches "{{event_category}}" +| where event_producer matches "{{event_producer}}" +| where event_type matches "{{event_type}}" +| where object_type matches "{{object_type}}" +| where subject_type matches "{{subject_type}}" + +| timeslice 1d +| count by event_id, event_type, _timeslice +| count as frequency by _timeslice, event_type +| fillmissing timeslice, values all in event_type +| transpose row _timeslice column event_type +``` + +```sql title="Top 10 User" +_sourceCategory=TrustLoginAppTest +| json "id", "event.type", "event.category", "event.producer", "subject.type", "objects", "subject.data.full_name" as event_id, event_type, event_category, event_producer, subject_type, objects, subject_full_name nodrop +| parse regex field=objects "(?\{(?:[^\{\}]|\{[^\{\}]*\})*\})" multi +| json field=objects "type" as object_type nodrop + +// global filters +| where event_category matches "{{event_category}}" +| where event_producer matches "{{event_producer}}" +| where event_type matches "{{event_type}}" +| where object_type matches "{{object_type}}" +| where subject_type matches "{{subject_type}}" + +| where !isBlank(subject_full_name) +| count by subject_full_name, event_id +| count as frequency by subject_full_name +| sort by frequency, subject_full_name +| limit 10 +``` + +## Collection configuration and app installation + +import CollectionConfiguration from '../../reuse/apps/collection-configuration.md'; + + + +:::important +Use the [Cloud-to-Cloud Integration for Trust Login](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Trust Login app is properly integrated and configured to collect and analyze your Trust Login data. +::: + +### Create a new collector and install the app + +import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md'; + + + +### Use an existing collector and install the app + +import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md'; + + + +### Use an existing source and install the app + +import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md'; + + + +## Viewing the Trust Login dashboards​​ + +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; + + + +### Events Overview + +The **Trust Login - Events Overview** dashboard provides security analysts an overview of authentication events, user activities, and system changes. It features visualizations like event breakdowns, trends, and geo-location tracking to help detect suspicious behavior.
Trust-Login-Events-Overview + +## Create monitors for the Trust Login app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### Trust Login alerts + +The Trend Micro Vision One monitors serve as a security tool, concentrating on observing essential operations and unusual occurrences within the Trend Micro Platform. These notifications offer instantaneous insight into significant events, allowing security personnel to swiftly react to deviations or breaches. + +| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | +|:--|:--|:--|:--| +| `Unusual account status changes` | This alert is triggered when an unusual event is performed frequently. It can help detect potential security threats like account takeovers or insider threats. | Critical | Count > 3 | +| `Embargoed Geo Location of Events` | This alert is triggered when an event is detected from a location identified as high-risk. This helps you to monitor activity from unusual or restricted geographic locations, enhancing your ability to identify suspicious activity. | Critical | Count > 0| + +## Upgrading/Downgrading the Trust Login app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the Trust Login app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + diff --git a/sidebars.ts b/sidebars.ts index bb46d58618..710a3567eb 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2496,6 +2496,7 @@ integrations: [ 'integrations/saas-cloud/symantec-web-security-service', 'integrations/saas-cloud/tenable', 'integrations/saas-cloud/trend-micro-vision-one', + 'integrations/saas-cloud/trust-login', 'integrations/saas-cloud/vmware-workspace-one', 'integrations/saas-cloud/webex', 'integrations/saas-cloud/workday', From b334ca5bcbba678d1f73c49161c582ab57814d36 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Tue, 11 Feb 2025 18:59:04 +0530 Subject: [PATCH 2/7] Update trust-login.md --- docs/integrations/saas-cloud/trust-login.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/integrations/saas-cloud/trust-login.md b/docs/integrations/saas-cloud/trust-login.md index b57cbcf0a3..8b1a340c5d 100644 --- a/docs/integrations/saas-cloud/trust-login.md +++ b/docs/integrations/saas-cloud/trust-login.md @@ -2,14 +2,14 @@ id: trust-login title: Trust Login sidebar_label: Trust Login -description: The Trust Login app for Sumo Logic provides security analysts with insights into authentication events, user activities, and potential security threats. +description: The Trust Login app for Sumo Logic provides security analysts with an overview of the authentication events, user activities, and potential security threats. --- import useBaseUrl from '@docusaurus/useBaseUrl'; Trust-Login-icon -The Trust Login app for Sumo Logic helps security analysts monitor authentication events, user activities, and potential security threats. It provides real-time tracking of login attempts, account changes, and policy updates to detect anomalies. Dashboards offer event breakdowns, trends, and time-based comparisons for faster incident response and investigations. Geo-location tracking identifies login attempts from high-risk regions, improving threat detection, while the app's alert mechanism highlight unusual activities, like suspicious logins and geo-location events, enabling proactive threat mitigation. By centralizing security insights, the app improves visibility, streamlines investigations, and strengthens security. +The Sumo Logic app for Trust Login assists security analysts in monitoring authentication events, user activities, and potential security threats. It tracks login attempts, account changes, and policy updates in real-time to detect anomalies. The Trust Login dashboard offers insights into event breakdowns, trends, and time-based comparisons for faster incident response and investigations. The geo-location metrics identify login attempts from high-risk regions, improving threat detection, and the alert mechanism highlights unusual activities, like suspicious logins and geo-location events, enabling proactive threat mitigation. By centralizing security insights, the app improves visibility, streamlines investigations, and strengthens security. :::info This app includes [built-in monitors](#trust-login-alerts). For details on creating custom monitors, refer to the [Create monitors for Trust Login app](#create-monitors-for-the-trust-login-app). @@ -156,7 +156,7 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md'; ### Events Overview -The **Trust Login - Events Overview** dashboard provides security analysts an overview of authentication events, user activities, and system changes. It features visualizations like event breakdowns, trends, and geo-location tracking to help detect suspicious behavior.
Trust-Login-Events-Overview +The **Trust Login - Events Overview** dashboard provides a snapshot of the authentication events, user activities, and system changes. It includes visuals like event breakdowns, trends, and geo-location monitoring to detect suspicious behavior in your organization.
Trust-Login-Events-Overview ## Create monitors for the Trust Login app @@ -170,8 +170,8 @@ The Trend Micro Vision One monitors serve as a security tool, concentrating on o | Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |:--|:--|:--|:--| -| `Unusual account status changes` | This alert is triggered when an unusual event is performed frequently. It can help detect potential security threats like account takeovers or insider threats. | Critical | Count > 3 | -| `Embargoed Geo Location of Events` | This alert is triggered when an event is detected from a location identified as high-risk. This helps you to monitor activity from unusual or restricted geographic locations, enhancing your ability to identify suspicious activity. | Critical | Count > 0| +| `Unusual account status changes` | This alert is triggered when an unusual event is performed frequently. This alert helps detect potential security threats like account takeovers or insider threats. | Critical | Count > 3 | +| `Embargoed Geo Location of Events` | This alert is triggered when an event is detected from a location identified as high-risk. This alert helps you monitor activity from unusual or restricted geographic locations, enhancing your ability to identify suspicious activity. | Critical | Count > 0| ## Upgrading/Downgrading the Trust Login app (Optional) From 27b7d03640555e77adf89ef8f2150a9eae11d521 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Tue, 11 Feb 2025 19:00:44 +0530 Subject: [PATCH 3/7] Update 2025-02-14-apps.md --- blog-service/2025-02-14-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog-service/2025-02-14-apps.md b/blog-service/2025-02-14-apps.md index cf1513ee97..8d32627bdd 100644 --- a/blog-service/2025-02-14-apps.md +++ b/blog-service/2025-02-14-apps.md @@ -11,4 +11,4 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; icon -We're excited to introduce the new Trust Login app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Trust Login source that collects report logs from the Trust Login platform, enabling security analysts monitor authentication events, user activities, and respond to potential security threats across your organization. [Learn more](/docs/integrations/saas-cloud/trust-login/). \ No newline at end of file +We're excited to introduce the new Trust Login app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Trust Login source that collects report logs from the Trust Login platform, enabling security analysts to monitor authentication events, and user activities, and respond to potential security threats across your organization. [Learn more](/docs/integrations/saas-cloud/trust-login/). From be262704773e5ee9e92fc3b6abd3336d8b41ebed Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Tue, 11 Feb 2025 19:08:39 +0530 Subject: [PATCH 4/7] Update trust-login.md --- docs/integrations/saas-cloud/trust-login.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/integrations/saas-cloud/trust-login.md b/docs/integrations/saas-cloud/trust-login.md index 8b1a340c5d..e58618c3e4 100644 --- a/docs/integrations/saas-cloud/trust-login.md +++ b/docs/integrations/saas-cloud/trust-login.md @@ -166,8 +166,6 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md'; ### Trust Login alerts -The Trend Micro Vision One monitors serve as a security tool, concentrating on observing essential operations and unusual occurrences within the Trend Micro Platform. These notifications offer instantaneous insight into significant events, allowing security personnel to swiftly react to deviations or breaches. - | Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |:--|:--|:--|:--| | `Unusual account status changes` | This alert is triggered when an unusual event is performed frequently. This alert helps detect potential security threats like account takeovers or insider threats. | Critical | Count > 3 | From 9592af99643211f7611691ded36ab9bd13da353a Mon Sep 17 00:00:00 2001 From: "John Pipkin (Sumo Logic)" Date: Fri, 14 Feb 2025 09:53:57 -0600 Subject: [PATCH 5/7] Update blog-service/2025-02-14-apps.md --- blog-service/2025-02-14-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog-service/2025-02-14-apps.md b/blog-service/2025-02-14-apps.md index 8d32627bdd..b3b9972bc9 100644 --- a/blog-service/2025-02-14-apps.md +++ b/blog-service/2025-02-14-apps.md @@ -11,4 +11,4 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; icon -We're excited to introduce the new Trust Login app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Trust Login source that collects report logs from the Trust Login platform, enabling security analysts to monitor authentication events, and user activities, and respond to potential security threats across your organization. [Learn more](/docs/integrations/saas-cloud/trust-login/). +We're excited to introduce the new Trust Login app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Trust Login source that collects report logs from the Trust Login platform, enabling security analysts to monitor authentication events and user activities, and respond to potential security threats across your organization. [Learn more](/docs/integrations/saas-cloud/trust-login/). From ea750b671e2b727def46e0fa1fe85e33be4090f3 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 17 Feb 2025 15:17:50 +0530 Subject: [PATCH 6/7] Update docs/integrations/saas-cloud/trust-login.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/trust-login.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/trust-login.md b/docs/integrations/saas-cloud/trust-login.md index e58618c3e4..3745f201da 100644 --- a/docs/integrations/saas-cloud/trust-login.md +++ b/docs/integrations/saas-cloud/trust-login.md @@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; Trust-Login-icon -The Sumo Logic app for Trust Login assists security analysts in monitoring authentication events, user activities, and potential security threats. It tracks login attempts, account changes, and policy updates in real-time to detect anomalies. The Trust Login dashboard offers insights into event breakdowns, trends, and time-based comparisons for faster incident response and investigations. The geo-location metrics identify login attempts from high-risk regions, improving threat detection, and the alert mechanism highlights unusual activities, like suspicious logins and geo-location events, enabling proactive threat mitigation. By centralizing security insights, the app improves visibility, streamlines investigations, and strengthens security. +The Sumo Logic app for Trust Login helps security analysts monitor authentication events, user activities, and potential security threats. It tracks login attempts, account changes, and policy updates in real time to detect anomalies. The Trust Login dashboard provides insights into event breakdowns, trends, and time-based comparisons, facilitating faster incident response and investigations. Additionally, the geo-location metrics identify login attempts from high-risk regions, enhancing threat detection. The alert mechanism highlights unusual activities, such as suspicious logins and geo-location events, enabling proactive threat mitigation. By centralizing security insights, the app improves visibility, streamlines investigations, and strengthens overall security. :::info This app includes [built-in monitors](#trust-login-alerts). For details on creating custom monitors, refer to the [Create monitors for Trust Login app](#create-monitors-for-the-trust-login-app). From f7e48f441b1d1a541992314c3c76036e04a44678 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 17 Feb 2025 15:18:01 +0530 Subject: [PATCH 7/7] Update docs/integrations/saas-cloud/trust-login.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/trust-login.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/trust-login.md b/docs/integrations/saas-cloud/trust-login.md index 3745f201da..9499b8d122 100644 --- a/docs/integrations/saas-cloud/trust-login.md +++ b/docs/integrations/saas-cloud/trust-login.md @@ -168,7 +168,7 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md'; | Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |:--|:--|:--|:--| -| `Unusual account status changes` | This alert is triggered when an unusual event is performed frequently. This alert helps detect potential security threats like account takeovers or insider threats. | Critical | Count > 3 | +| `Unusual account status changes` | This alert is triggered when an unusual event is performed frequently. This alert helps you to detect potential security threats like account takeovers or insider threats. | Critical | Count > 3 | | `Embargoed Geo Location of Events` | This alert is triggered when an event is detected from a location identified as high-risk. This alert helps you monitor activity from unusual or restricted geographic locations, enhancing your ability to identify suspicious activity. | Critical | Count > 0| ## Upgrading/Downgrading the Trust Login app (Optional)