Cumulocity IoT Feedback Portal
Unauthorized request (all reqeusts which require authentication and without valid credentials being provided)
Successful login (TFA, oAuth)
Unsuccessful login (TFA, oAuth)
Password change (local accounts)
After reviewing this idea we agreed that generally there is room for improvement regarding which events to include in the audit logs.
However, unauthorized request attemts should be monitored on platform level as including them in the audit logs could lead to performance issues in the case of brute force attacks.
What could make sense to log are:
Account was disabled after too many login attempts
Successful logins