[
https://issues.apache.org/jira/browse/GUACAMOLE-2047?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rik Giles updated GUACAMOLE-2047:
---------------------------------
Attachment: (was: ConnectionLogger.java)
> Enhance logging for security monitoring
> ---------------------------------------
>
> Key: GUACAMOLE-2047
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2047
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-client
> Reporter: Rik Giles
> Priority: Trivial
> Attachments: ConnectionLogger.java
>
>
> The default logging implementation of Guacamole client does not record
> sufficient information for security monitoring.
> Adding the following telemetry would enable security engineers to create
> detection rules in SIEMs to generate alerts for suspicious behavior:
> * Event (open/close connection)
> * Source IP address (X-FORWARDED-FOR)
> * Source Username (from Guacamole session)
> * Destination IP address (of connection object)
> * Destination Username (used to authenticate with connection object)
> * Protocol (SSH/VNC/RDP)
>
> This proposed feature can be achieved through the use of
> `org.apache.guacamole.net.event.TunnelConnectEvent` and can be implemented as
> an optional extension (as per guacamole-auth-ldap, guacamole-vault etc.)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
