Guides
Start typing to search…

Security Log Streaming to SQS

Voiso provides a security event streaming pre-built integration to Amazon Web Services' Simple Queue Service (SQS) for client-end processing.

Note: This simplex communication channel only sends information in one direction. You CANNOT retrieve any records using this interface. Voiso cannot interact with your data once it is on AWS SQS.

Use the one-way Security Log Streaming to Amazon SQS integration to stream security event logs from Voiso to Amazon Web Service's Simple Queue Service (AWS SQS) for client-end processing outside of Voiso.

Stream security events to AWS SQS

The Security Log Streaming to Amazon SQS integration automatically streams Voiso security events to your Amazon Simple Queue Service (AWS SQS) fully managed message queueing service. You do not have to create an application or use webhooks. Use your own or a third-party application to process the events to support your security policies by searching for violations.

Voiso sends the following security events:

  • Application login (app_login)
    • incorrect_password: The number of attempts to log in with an incorrect password exceeds 3.
    • deleted_user: Attempt to log into a deleted account.
    • successful_login: Successful login attempt.
    • unauthorized_ip: Attempt to log in from an unauthorized IP address.
    • ip_changed: Source IP changed.
  • User (user)
    • user_added: New user added.
    • user_deleted: Existing user deleted.
    • password_changed: User password changed.
    • privileges_updated: User privileges updated.
  • Allowed IP (allowed_ip)
    • ip_added: New IP address authorized.
    • ip_removed: IP removed from the list of authorized addresses.
    • ip_changed: An existing IP address changed.

Note: This communication channel only sends information in one direction. You CANNOT retrieve any records via the interface.

Integration

To use the Raw Data Streaming to AWS SQS pre-built integration, navigate to Administration > Integrations, then click the AWS - SQS: Security Log Streaming to AWS SQS. tile.

The AWS - SQS page provides information about the AWS - SQS integration, instructions for connecting the integration, and a list of prerequisites you should have in place before clicking Connect.

To complete the integration you require the following parameters as defined by your Amazon account:

  • SQS URL
  • Access Key ID
  • Access Key Secret

Managing your integration

To manage an existing AWS - SQS integration, navigate to Administration > Integrations, then click the AWS - SQS tile.

On the AWS - SQS integration page, you can reconnect an integration that has lost connection or disconnect a connected integration.

Click the Edit connection button and selected either Reconnect or Disconnect.

Reconnecting an integration

To reconnect an integration that has been disconnected, either manually or as the result of an error, or to modify the connection, click Edit connection, then select Reconnect.

Follow the on-screen instructions to connect your integration.

Disconnecting an integration

To disconnect an integration, click Edit connection, then select Disconnect.

In the Disconnect integration panel, click Disconnect to remove the integration from your contact center.

Events

The following sections describe the security events that can be streamed to your SQS environment.

App Login Events

Multiple login failure

The event is triggered when there have been more than three failed login attempts with an incorrect password.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "incorrect_password",
  "callcenter": "acme",
  "params": { "user": "[email protected]", "access_group":"admin", "count": "4" }
}

Login attempt by deleted user

The event is triggered when a deleted user tries to log in.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "deleted_user",
  "callcenter": "acme",
  "params": { "user": "[email protected]", "access_group":"supervisor" }
}

User login

The event is triggered when a user successfully logs in to the contact center.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "successful_login",
  "callcenter": "acme",
  "params": { "user": "[email protected]", "access_group":"supervisor" }
}

Login attempt from unauthorized IP address

The event is triggered when a login attempt is made from an unauthorized IP address.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "unauthorized_ip",
  "callcenter": "acme",
  "params": { "user": "[email protected]", "access_group":"supervisor", "ip": "8.8.8.8" }
}

Source IP address changed

The event is triggered when the source IP address is changed.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "ip_changed",
  "callcenter": "acme",
  "params": { "user": "[email protected]", "access_group":"supervisor", "from": "8.8.8.8", "to": "4.4.4.2" }
}

User Events

User created

The event is triggered for each new user created.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "user_added",
  "callcenter": "acme",
  "params": { "who": "[email protected]", "user": "[email protected]", "access_group":"supervisor" }
}

User deleted

The event is triggered when a user is deleted.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "user_deleted",
  "callcenter": "acme",
  "params": { "who": "[email protected]", "user": "[email protected]", "access_group":"agent" }
}

Password changed

The event is triggered when a user successfully updates their password.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "password_changed",
  "callcenter": "acme",
  "params": { "who": "[email protected]", "user": "[email protected]", "access_group":"admin" }
}

User privileges updated

The event is triggered when a user privilege is updated.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "privileges_updated",
  "callcenter": "acme",
  "params": { "who": "[email protected]", "user": "[email protected]", "from": "agent", "to": "admin" }
}

Allowed IP Events

New IP address authorized

The event is triggered when a new IP address is added to the authorized list.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "allowed_ip",
  "event": "ip_added",
  "callcenter": "acme",
  "params": { "who": "[email protected]", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}

IP address un-authorized

The event is triggered when an existing IP address is removed from the authorized list.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "allowed_ip",
  "event": "ip_removed",
  "callcenter": "acme",
  "params": { "who": "[email protected]", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}

IP address updated

The event is triggered when an existing IP address is modified.

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "allowed_ip",
  "event": "ip_changed",
  "callcenter": "acme",
  "params": { "who": "[email protected]", "access_group":"supervisor", "from": "8.8.8.8/32", "to": "8.8.4.4/32" }
}