Project

General

Profile

"Alert when decrypted" behaviour

Added by Fredrik Eriksson about 1 year ago

Hi,

According to https://tracker.storedsafe.com/projects/storedsafe20/wiki/Working_with_the_Audit_Log the "Alert when decrypted" flag will send some sort of message to the remote syslog-server about the password being decrypted. However, as far as I can tell the syslog server receives the same message regardless if the alert-flag is set or not.

When decrypting two items I get the following entries in the internal StoredSafe audit log:

2018-04-12 12:26:31     <user> (40)     <vault>(9)     <entry1> (1846)         <remote>     DECRYPTED
2018-04-12 12:26:30     <user> (40)     <vault>(9)     <entry2> (1815)         <remote>     ALARM DECRYPTED

But on the external syslog server we receive these lines:

storedsafe[12651]: action="decrypted" what="<entry1> (1846)" user="<user> (40)" source="<remote>" 
storedsafe[12588]: action="decrypted" what="<entry2> (1815)" user="<user> (40)" source="<remote>" 

It seems to me that syslog does not receive enough information to create an alert on sensitive password decryptions. Or perhaps I'm misunderstanding the feature?


Replies (1)

RE: "Alert when decrypted" behaviour - Added by Redmine Admin about 1 year ago

Hi,

Sorry for the late reply,
I've created an internal ticket for it and we will look into it.

I hope you know you can create tickets also if you find stuff, that way we get a notification and can hopefully act more rapidly

Cheers

    (1-1/1)