Voiso provides a security event streaming pre-built integration to Amazon Web Services' Simple Queue Service (SQS) for client-end processing.
Note: This simplex communication channel only sends information in one direction. You CANNOT retrieve any records using this interface. Voiso cannot interact with your data once it is on AWS SQS.
Use the one-way Security Log Streaming to Amazon SQS integration to stream security event logs from Voiso to Amazon Web Service's Simple Queue Service (AWS SQS) for client-end processing outside of Voiso.
Stream security events to AWS SQS
The Security Log Streaming to Amazon SQS integration automatically streams Voiso security events to your Amazon Simple Queue Service (AWS SQS) fully managed message queueing service. You do not have to create an application or use webhooks. Use your own or a third-party application to process the events to support your security policies by searching for violations.
Voiso sends the following security events:
- Application login (
app_login)incorrect_password: The number of attempts to log in with an incorrect password exceeds 3.deleted_user: Attempt to log into a deleted account.successful_login: Successful login attempt.unauthorized_ip: Attempt to log in from an unauthorized IP address.ip_changed: Source IP changed.
- User (
user)user_added: New user added.user_deleted: Existing user deleted.password_changed: User password changed.privileges_updated: User privileges updated.
- Allowed IP (
allowed_ip)ip_added: New IP address authorized.ip_removed: IP removed from the list of authorized addresses.ip_changed: An existing IP address changed.
Note: This communication channel only sends information in one direction. You CANNOT retrieve any records via the interface.
Activation
To use the Security Log Streaming to AWS SQS pre-built integration, you must first enable it in the Voiso System Settings. Navigate to Administration > System Settings, and click Enabled in the Security Log Streaming section.
After enabling the Security Log Streaming feature, specify the following parameters as defined by your Amazon account:
- Queue URL
- Access Key ID
- Secret Access Key
The following sections describe the security events that can be streamed to your SQS environment.
App Login Events
Multiple login failure
The event is triggered when there have been more than three failed login attempts with an incorrect password.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "incorrect_password",
"callcenter": "acme",
"params": { "user": "[email protected]", "access_group":"admin", "count": "4" }
}
Login attempt by deleted user
The event is triggered when a deleted user tries to log in.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "deleted_user",
"callcenter": "acme",
"params": { "user": "[email protected]", "access_group":"supervisor" }
}
User login
The event is triggered when a user successfully logs in to the contact center.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "successful_login",
"callcenter": "acme",
"params": { "user": "[email protected]", "access_group":"supervisor" }
}
Login attempt from unauthorized IP address
The event is triggered when a login attempt is made from an unauthorized IP address.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "unauthorized_ip",
"callcenter": "acme",
"params": { "user": "[email protected]", "access_group":"supervisor", "ip": "8.8.8.8" }
}
Source IP address changed
The event is triggered when the source IP address is changed.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "ip_changed",
"callcenter": "acme",
"params": { "user": "[email protected]", "access_group":"supervisor", "from": "8.8.8.8", "to": "4.4.4.2" }
}
User Events
User created
The event is triggered for each new user created.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "user_added",
"callcenter": "acme",
"params": { "who": "[email protected]", "user": "[email protected]", "access_group":"supervisor" }
}
User deleted
The event is triggered when a user is deleted.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "user_deleted",
"callcenter": "acme",
"params": { "who": "[email protected]", "user": "[email protected]", "access_group":"agent" }
}
Password changed
The event is triggered when a user successfully updates their password.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "password_changed",
"callcenter": "acme",
"params": { "who": "[email protected]", "user": "[email protected]", "access_group":"admin" }
}
User privileges updated
The event is triggered when a user privilege is updated.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "privileges_updated",
"callcenter": "acme",
"params": { "who": "[email protected]", "user": "[email protected]", "from": "agent", "to": "admin" }
}
Allowed IP Events
New IP address authorized
The event is triggered when a new IP address is added to the authorized list.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "allowed_ip",
"event": "ip_added",
"callcenter": "acme",
"params": { "who": "[email protected]", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}
IP address un-authorized
The event is triggered when an existing IP address is removed from the authorized list.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "allowed_ip",
"event": "ip_removed",
"callcenter": "acme",
"params": { "who": "[email protected]", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}
IP address updated
The event is triggered when an existing IP address is modified.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "allowed_ip",
"event": "ip_changed",
"callcenter": "acme",
"params": { "who": "[email protected]", "access_group":"supervisor", "from": "8.8.8.8/32", "to": "8.8.4.4/32" }
}