Security Event

Owned by Kevin Wu
Jan 03, 2024
2 min read

The Security event is triggered for each failed login attempt.

Filtering

In the Event Setup tab, the values for all the event fields  are set by default to All in the Match Value(s) column, which will generate event notifications for all state changes for all workflow groups. Double-click-on the field to open the Match Values dialog where you can click on the Add button to add which values you want to filter on. If there are specific values available, these will appear in a drop-down list. Alternatively, you can enter a hard coded string or a regular expression.

The following fields are available for filtering of Group State events in the Event Setup tab:

Fields inherited from the Base event

The following fields are inherited from the Base event, and described in more detail in Base Event:

  • category - If you have configured any Event Categories, you can select to only generate notifications for System events with the selected categories. See Event Category for further information about Event Categories.

  • contents - The contents field contains a hard coded string with event specific information. If you want to use this field for filtering you can enter a part of the contents as a hard coded string, e g the state you are interested in Idle/Running/Stopping/etc. However, for Security events, the content consists of the text "Login attempt by <username> from host <IP address> failed." 

  • eventName - This field can be used to specify which event types you want to generate notifications for. This may be useful if the selected event type is a parent to other event types. However, since the Security event is not a parent to any other event, this field will typically not be used for this event.

  • origin - The Platform IP address.

  • receiveTimeStamp - This field contains the date and time for when the event was inserted into the Platform database. If you want to use timeStamp for filtering, it may be a good idea to enter a regular expression, for example, "2018-04.*" for catching all System events from 1st of April, 2018, to 30th of April, 2018.

  • severity - With this field you can determine to only generate notifications for state changes with a certain severity; Information, Warning, Error or Disaster. The severity level for Security events is always Warning.

  • timeStamp This field contains the date and time when the Platform generated the event. If you want to use timeStamp for filtering, it may be a good idea to enter a regular expression, for example, "2018-06-15 09:.*" for catching all System events from 9:00 to 9:59 on the 15th of June, 2018.

Note!

The values of these fields may also be included in the notifications according to your configurations in the Notifier Setup tab.

Fields inherited from the Security event

  • systemMessage - This field contains the username and IP address of the Desktop.