Get SDK
API Docs by APIMATIC

Security Log Streaming to SQS
#

Security Log Streaming to SQS
#

Security Log Streaming to SQS
#

Voiso provides a security event streaming pre-built integration to Amazon Web Services' Simple Queue Service (SQS) for client-end processing.

Note: This simplex communication channel only sends information in one direction. You CANNOT retrieve any records using this interface. Voiso cannot interact with your data once it is on AWS SQS.

Activation
#

To use the Security Log Streaming to AWS SQS pre-built integration, you must first enable it in the Voiso System Settings. Navigate to Administration > System Settings, and click Enabled in the Security Log Streaming section.

After enabling the Security Log Streaming feature, specify the following parameters as defined by your Amazon account:

  • Queue URL
  • Access Key ID
  • Secret Access Key

security log streaming settings in Administration System Settings

The following sections describe the security events that can be streamed to your SQS environment.

App Login Events
#

The number of attempts to log in with an incorrect password exceeds 3
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "incorrect_password",
  "callcenter": "acme",
  "params": { "user": "foo@bar.com", "access_group":"admin", "count": "4" }
}

Attempt to log into a deleted account
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "deleted_user",
  "callcenter": "acme",
  "params": { "user": "foo@bar.com", "access_group":"supervisor" }
}

Successful log-in attempt
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "successful_login",
  "callcenter": "acme",
  "params": { "user": "foo@bar.com", "access_group":"supervisor" }
}

Attempt to log in from an unauthorized IP address
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "unauthorized_ip",
  "callcenter": "acme",
  "params": { "user": "foo@bar.com", "access_group":"supervisor", "ip": "8.8.8.8" }
}

Source IP changed
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "app_login",
  "event": "ip_changed",
  "callcenter": "acme",
  "params": { "user": "admin@voiso.com", "access_group":"supervisor", "from": "8.8.8.8", "to": "4.4.4.2" }
}

User Events
#

New user added
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "user_added",
  "callcenter": "acme",
  "params": { "who": "admin@voiso.com", "user": "foo@bar.com", "access_group":"supervisor" }
}

Existing user deleted
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "user_deleted",
  "callcenter": "acme",
  "params": { "who": "admin@voiso.com", "user": "foo@bar.com", "access_group":"agent" }
}

User password changed
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "password_changed",
  "callcenter": "acme",
  "params": { "who": "admin@voiso.com", "user": "foo@bar.com", "access_group":"admin" }
}

User privileges updated
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "user",
  "event": "privileges_updated",
  "callcenter": "acme",
  "params": { "who": "admin@voiso.com", "user": "foo@bar.com", "from": "agent", "to": "admin" }
}

Allowed IP Events
#

New IP address authorized
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "allowed_ip",
  "event": "ip_added",
  "callcenter": "acme",
  "params": { "who": "admin@voiso.com", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}

IP removed from the list of authorized addresses
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "allowed_ip",
  "event": "ip_removed",
  "callcenter": "acme",
  "params": { "who": "admin@voiso.com", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}

An existing IP address changed
#

{
  "timestamp": "2020-10-10T10:11:12.12Z",
  "type": "allowed_ip",
  "event": "ip_changed",
  "callcenter": "acme",
  "params": { "who": "admin@voiso.com", "access_group":"supervisor", "from": "8.8.8.8/32", "to": "8.8.4.4/32" }
}