webCOMAND

Login Security Log

The Login Security Log content type stores information about logins and login attempts in order to create an audit trail.  The Login Policy uses the audit trail to compare to it's security rules to determine if users should be blocked, locked out, etc.  The audit trail can also be inspected manually and by other tools and applications to monitor login activity.

Fields

  • Login Policy - Which Login Policy handled the login related action.
  • Timestamp - When the login related action occurred.
  • Note - Any notes about the action that may be helpful.
  • IP Address - The IP address of the device making the request.
  • User Agent - The user agent sent with the request.
  • Action - The attempted action, such as "login".  Built-in Login Policy actions include:
    • login - A user login was attempted with username/password validation, user token validation or some other means.
    • reset - A password reset was sent.
    • verify_code - Attempt to verify reset password verification code.
    • forgot_password - The forgot password process was started.
  • Account - User account identifier, such as the username or token.
  • Success - Checkbox that indicates the login attempt was successful when check/TRUE.

Examples

The following example describes how the Login Policy uses the Login Security Log to enforce security rules.

Limiting Attempts

The Web Services Token Authentication Policy's Login Controller has the following default thresholds:

  • 10 attempts from an IP address in 600 seconds, lasts for 3600 seconds
  • 5 attempts for an account in 300 seconds, lasts for 3600 seconds

When a login is attempted, the Login Security Log will be checked to see if either of the above thresholds have been exceeded, and if so, the login attempt will be ignored and fail until the threshold is no longer met.

User Locking

Once one of the thresholds above is met, a user is considered locked until the period associated with the threshold passes (3600 seconds in examples above).  The lockout can be short-circuited in two ways:

  • Unlock User - The user can be manually unlocked from the API or Users App with the following steps.
    1. Launch the Users App
    2. Open the User on the left.
    3. Click the Manage tab.
    4. Click the "Unlock" button.
  • Remove Failed Attempts - The failed attempts that caused the threshold to be exceeded can be removed from the Login Security Log, or a more recent successful log can be added for the account.