Condeco logs available to the customer SIEM tools (ie Splunk via API?)
Condeco Cloud collects various logs in relation to interactions the platform has undertaken with other systems and users. For example, who undertook what actions in the tool, who signed in and when, synchronisation to Exchange mailboxes, who requested meetings, who was invited, dates and times, SSO integrations and Office365 integrations, creation/deletion/configuration changes of meeting rooms, desks, user accounts etc.
Most of these logs are not accessible to the end customers Security Information and Event Management (SIEM) toolsets (i.e. Splunk), and are stored alongside other Condeco customers log data. Because of this it is problematic for Condeco to extract data in the event a customer is investigating a security incident or simply requires visibility of application and security logs.
Other major SaaS providers provide API access to tenant specific log files, for example Zoom, Dropbox, Salesforce etc. This request is that Condeco also provide the same end-customer access to customer specific log files. By doing so, customers can achieve visibility into their own environments and be provided with a complete picture during a security incident or daily monitoring to log suspicious behaviour.
Simon Robson
shared this idea
-
Frank Calderon
commented
This makes sense.