Skip to Main Content
Cumulocity IoT Feedback Portal
Status Added/Resolved 🎉
Created by Jens Wildhagen
Created on Jul 25, 2019

As customer I want unauthorised request attempts in the audit logs

  • Unauthorized request (all reqeusts which require authentication and without valid credentials being provided)

  • Successful login (TFA, oAuth)

  • Unsuccessful login (TFA, oAuth)

  • Password change (local accounts)

  • Attach files
  • Admin
    Nikolaus Neuerburg
    Sep 20, 2019

    After reviewing this idea we agreed that generally there is room for improvement regarding which events to include in the audit logs.

    However, unauthorized request attemts should be monitored on platform level as including them in the audit logs could lead to performance issues in the case of brute force attacks.

    What could make sense to log are:

    1. Account was disabled after too many login attempts

    2. Successful logins