"Alert when decrypted" behaviour
Added by Fredrik Eriksson over 6 years ago
Hi,
According to https://tracker.storedsafe.com/projects/storedsafe20/wiki/Working_with_the_Audit_Log the "Alert when decrypted" flag will send some sort of message to the remote syslog-server about the password being decrypted. However, as far as I can tell the syslog server receives the same message regardless if the alert-flag is set or not.
When decrypting two items I get the following entries in the internal StoredSafe audit log:
2018-04-12 12:26:31 <user> (40) <vault>(9) <entry1> (1846) <remote> DECRYPTED 2018-04-12 12:26:30 <user> (40) <vault>(9) <entry2> (1815) <remote> ALARM DECRYPTED
But on the external syslog server we receive these lines:
storedsafe[12651]: action="decrypted" what="<entry1> (1846)" user="<user> (40)" source="<remote>" storedsafe[12588]: action="decrypted" what="<entry2> (1815)" user="<user> (40)" source="<remote>"
It seems to me that syslog does not receive enough information to create an alert on sensitive password decryptions. Or perhaps I'm misunderstanding the feature?
Replies (1)
RE: "Alert when decrypted" behaviour - Added by Redmine Admin over 6 years ago
Hi,
Sorry for the late reply,
I've created an internal ticket for it and we will look into it.
I hope you know you can create tickets also if you find stuff, that way we get a notification and can hopefully act more rapidly
Cheers