Rik Giles created GUACAMOLE-2047:
------------------------------------
Summary: Enhance logging for security monitoring
Key: GUACAMOLE-2047
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2047
Project: Guacamole
Issue Type: New Feature
Components: guacamole-client
Reporter: Rik Giles
The default logging implementation of Guacamole client does not record
sufficient information for security monitoring.
Adding the following telemetry would enable security engineers to create
detection rules in SIEMs to generate alerts for suspicious behavior:
* Event (open/close connection)
* Source IP address (X-FORWARDED-FOR)
* Source Username (from Guacamole session)
* Destination IP address (of connection object)
* Destination Username (used to authenticate with connection object)
* Protocol (SSH/VNC/RDP)
This proposed feature can be achieved through the use of `TunnelConnectEvent`
in `org.apache.guacamole.net.event` and can be implemented as an optional
extension (as per guacamole-auth-ldap, guacamole-vault etc.)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
