Janrain SIEM Integration Event Types

Janrain SIEM Integration reports the events shown in the table that follows. Additional event types are likely to be added in future releases of the product; for example, a future release might report logoffs as well as logins.

All Janrain events have a Severity rating of 5. That’s because Janrain events are, for the most part, neutral: by itself, a user logging on by using social sign-in simply means that, well, a user has logged on by using social sign-in. Janrain SIEM events only become important when viewed in aggregate. A user logging on to the system is not a problem; you probably want users to log on the system. But the same user UUID logging on to the system 100 times in the past few minutes could be a different story. Similarly, 300 password changes in the last hour – when, on a typical day, you would expect 1 or 2 password changes per hour – could indicate another problem. With Janrain, there is no single event – Core reactor breached! – that sets off warning bells. Instead, you will look for anomalous patterns of behavior and unusual trends in activity.

Note, too that Janrain SIEM Integration focuses on successful events: a user successfully registered by using social login, a user successfully logged on by using a user name and password. For now, Janrain SIEM Integration does not report on unsuccessful events: the SIEM report will not tell you that, in the past half hour, 1,000 people have unsuccessfully tried to log on to the system. Janrain does monitor for that type of activity, and takes measures to prevent brute force and denial of service attacks. But that type of monitoring, and that type of reporting, is separate from SIEM Integration.

Here are the current Janrain SIEM event types:

Event ID

Description

Role

Category

Severity

traditional_signin

An end user or administrator successfully authenticated by using Janrain-stored credentials (email address and password).

user

identity

3

social_signin

An end user or administrator successfully authenticated by using a third-party identity provider (IDP).

user

identity

3

traditional_register

An end user or administrator successfully registered by using Janrain-stored credentials.

user

identity

3

social_register

An end user or administrator successfully registered by using a third-party identity provider.

user

identity

3

sso_signin

An end user was automatically authenticated by using single sign-on (SSO). This would occur because the user either (1) visited a new website within the collection of sites using SSO; or, (2) had their SSO access token refreshed by a previously-visited site.

user

identity

3

profile_create

A new user profile database record was created. This event is fired with registration events.

user

profile

3

profile_update

A user profile database record was updated. This event is fired with numerous other events; for example, each successful login updates the lastLogin attribute of a user profile.

user

profile

3

profile_delete

A user profile database record was deleted.

user

profile

3

config_change

A customer configuration value was changed by using Janrain’s configuration APIs.

admin

admin

3

password_reset

An end user or administrator successfully reset their password.

user

identity

3

email_verified

An end user or administrator successfully verified their email address.

user

identity

3

email_sent

A system-generated email was sent in response to end user activity such as password reset, email verification, or registration.

user

email

3

password_recovery

An end user has requested a password recovery.

user

identity

3