|
Post by mharishm on Mar 10, 2021 14:17:05 GMT
Hi,
In our current redfish implementation we are adding audit log entry on login failure (i.e correct username and wrong password). Do we need to add a log record for non-exist user login failure?
Thanks, Harish
|
|
|
Post by mraineri on Mar 11, 2021 20:35:04 GMT
With today's model, you can use the existing LogService with LogEntry resources to capture these sorts of events. In terms of what sort of events you capture from a security perspective, this is ultimately up to your product requirements.
However, we do not have a standard message registry to enumerate these types of events. We do have NoValidSession in the Base Message Registry as a generic response to an unauthorized client; it's kept generic like this to ensure there isn't any leaking of information about what specifically might be wrong, which could help narrow down a point of attack. That said, from a purely logging perspective, implementers at this time would need to create their own message registry to capture this sort of information. But there might be use in standardizing on security types of events, and we might need to construct a Security Message Registry to help address this.
|
|