Getting started with Event Logs
Enpass helps organizations monitor and track important events related to user activities across key areas, including user accounts, vaults, password recovery, sharing, and more. Additionally, Enpass Event logs system can integrate with Security Information and Event Management (SIEM) tools to enable businesses to analyze and respond to high risk security events.
Pre-requisites
To enable Event Logs and SIEM integration in Enpass, ensure the following:
- An Enpass Business Plan (Only with Microsoft 365 or Google Workspace storage option)
- An account with Super Admin privileges for Enpass Admin Console.
Enabling Event Logs Collection
Event logging is provided as a feature of Enpass Hub. To activate this feature, please follow the steps below:
- If you haven’t integrated the Enpass Hub yet, follow the steps here. Completing the integration will automatically enable the Event Logs feature.
- If the Enpass Hub is already integrated and Event logs are still not enabled, follow the steps given below
- Go to Integration section in Enpass Admin Console.
- On the Integration screen, locate the Event Logs section.
- Click on the Enable button of Event Logs to activate the feature.
Learn About Events and its Descriptions
Event Logs in Admin Console provides a detailed history of actions performed within the Enpass environment, including Enpass App, Enpass Hub and the Enpass admin console. Enpass Hub retains Event logs for a duration of up to 90 days. For extended retention and deeper analysis, integration with a SIEM tool is recommended.
Data Presented in Event Logs
- Date & Time – Shows the timestamp of each logged event.
- Actor – Refers to the user and system that performed the action.
- Component – Identifies whether the activity was performed in the Enpass App, Enpass Hub or Enpass Admin Console.
- IP Address – Displays the IP address from which the action was performed.
- Activity – Details the specific action performed.
Event Categories
Event logs are organized into categories to help structure the various activities being tracked. The table below lists the different event categories and provides descriptions of the event logs tracked within each category.
Categories |
Events |
Users |
|
Vaults |
|
Sharing |
|
Recovery |
|
Organization |
|
App |
|
Disabling Event logs
To disable Event Logs from Enpass Admin Console follow the steps below:
- Go to Settings in Enpass Admin Console.
- On the Setting screen, locate the Event Logs section.
- Click on Three dots and then click on Disable.
- A confirmation pop-up will appear to finalize the disabling of Event Logs.
SIEM Integration
Enpass Hub only retains Event logs for a duration of up to 90 days. For extended retention and deeper analysis, integration with a SIEM (Security Information and Event Management) tool is recommended. SIEM provides advanced features such as visual dashboards for event analysis, customisable alerting to trigger automated actions.
Enpass supports integration with the following SIEM tools. You can refer to the appropriate integration guide based on your requirements: