Voiso provides a security event streaming pre-built integration to Amazon Web Services' Simple Queue Service (SQS) for client-end processing.
Note: This simplex communication channel only sends information in one direction. You CANNOT retrieve any records using this interface. Voiso cannot interact with your data once it is on AWS SQS.
Use the one-way Security Log Streaming to Amazon SQS integration to stream security event logs from Voiso to Amazon Web Services' Simple Queue Service (AWS SQS) for client-end processing outside of Voiso.
The Security Log Streaming to Amazon SQS integration automatically streams Voiso security events to your Amazon Simple Queue Service (AWS SQS) fully managed message queueing service. You do not have to create an application or use webhooks. Use your own or a third-party application to process the events to support your security policies by searching for violations.
Voiso sends the following security events:
app_login)
incorrect_password: The number of attempts to log in with an incorrect password exceeds 3.deleted_user: Attempt to log into a deleted account.successful_login: Successful login attempt.unauthorized_ip: Attempt to log in from an unauthorized IP address.ip_changed: Source IP changed.user)
user_added: New user added.user_deleted: Existing user deleted.password_changed: User password changed.privileges_updated: User privileges updated.allowed_ip)
ip_added: New IP address authorized.ip_removed: IP removed from the list of authorized addresses.ip_changed: An existing IP address changed.Note: This communication channel only sends information in one direction. You CANNOT retrieve any records via the interface.
To use the Security Log Streaming to AWS SQS pre-built integration, you must first enable it in the Voiso System Settings. Navigate to Administration > System Settings, and click Enabled in the Security Log Streaming section.
After enabling the Security Log Streaming feature, specify the following parameters as defined by your Amazon account:
The following sections describe the security events that can be streamed to your SQS environment.
The event is triggered when there have been more than three failed login attempts with an incorrect password.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "incorrect_password",
"callcenter": "acme",
"params": { "user": "foo@bar.com", "access_group":"admin", "count": "4" }
}
The event is triggered when a deleted user tries to log in.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "deleted_user",
"callcenter": "acme",
"params": { "user": "foo@bar.com", "access_group":"supervisor" }
}
The event is triggered when a user successfully logs in to the contact center.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "successful_login",
"callcenter": "acme",
"params": { "user": "foo@bar.com", "access_group":"supervisor" }
}
The event is triggered when a login attempt is made from an unauthorized IP address.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "unauthorized_ip",
"callcenter": "acme",
"params": { "user": "foo@bar.com", "access_group":"supervisor", "ip": "8.8.8.8" }
}
The event is triggered when the source IP address is changed.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "app_login",
"event": "ip_changed",
"callcenter": "acme",
"params": { "user": "admin@voiso.com", "access_group":"supervisor", "from": "8.8.8.8", "to": "4.4.4.2" }
}
The event is triggered for each new user created.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "user_added",
"callcenter": "acme",
"params": { "who": "admin@voiso.com", "user": "foo@bar.com", "access_group":"supervisor" }
}
The event is triggered when a user is deleted.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "user_deleted",
"callcenter": "acme",
"params": { "who": "admin@voiso.com", "user": "foo@bar.com", "access_group":"agent" }
}
The event is triggered when a user successfully updates their password.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "password_changed",
"callcenter": "acme",
"params": { "who": "admin@voiso.com", "user": "foo@bar.com", "access_group":"admin" }
}
The event is triggered when a user privilege is updated.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "user",
"event": "privileges_updated",
"callcenter": "acme",
"params": { "who": "admin@voiso.com", "user": "foo@bar.com", "from": "agent", "to": "admin" }
}
The event is triggered when a new IP address is added to the authorized list.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "allowed_ip",
"event": "ip_added",
"callcenter": "acme",
"params": { "who": "admin@voiso.com", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}
The event is triggered when an existing IP address is removed from the authorized list.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "allowed_ip",
"event": "ip_removed",
"callcenter": "acme",
"params": { "who": "admin@voiso.com", "access_group":"supervisor", "ip": "8.8.8.8/32" }
}
The event is triggered when an existing IP address is modified.
{
"timestamp": "2020-10-10T10:11:12.12Z",
"type": "allowed_ip",
"event": "ip_changed",
"callcenter": "acme",
"params": { "who": "admin@voiso.com", "access_group":"supervisor", "from": "8.8.8.8/32", "to": "8.8.4.4/32" }
}
Was this page helpful?
Back to top