Is there a way to create a report on when a user logged into the console?
There’s nothing specifically in the console UI that will give you that info but it is tracked in the auth.log on the console itself. Troubleshooting | InsightVM Documentation.
I see. Thank you.
Hi op,
If you have platform administrative privileges. You can go to the platform home when logging in via insight.rapid7.com . Youll see a gear marked as settings. In those settings the first tab is your audit log. Assuming you have that enabled, you will be able to view that log, and search for any specifics. That will give you the date and time a user has logged in and the product that was navigated to.
Best of luck on your reporting!
Keep in mind we only track logins to the platform as a whole. The cloud component and direct logins to the console are two separate matters.
Thanks for the reply, John.
Do we have any auditing capabilities to track for logins to the product aside from looking at the user administration page?
That would be a nice to have feature ensuring our product and platform owners are managing their risk.
There’s nothing specific within the platform that monitors access to a specific tool. There’s endpoints that monitor specific actions within the platform but not everything.
As far as InsightVM is considered though, like I said, you can monitor the auth.log to see and direct logins to the console. I’m not entirely sure off the top of my head what that looks like when Insight Platform Login is configured though. I would have to go check.
If you have InsightIDR you could create an event source that reads the auth.log to monitor the logins to the console though.
So IPL is also monitored in the auth.log looking at my own log file
I think a quick csv export from the admin user page in the security console would be a nice feature to have.
Yeah that’s not a bad idea. To get that implemented please put in a RFE ticket for it so we can track it and get it on the list. A lot of these new features are driven by customer requests.
So to add to this discussion. Is there a way to track user actions?
We have multiple users to the console and it will be nice to see what user made what changes. Is there a way to track these since this post is about 6 months old. Maybe new improvements made to the console?
that should all be in the audit.log in the same directory