JumpCloud

Version: JumpCloud.

JumpCloud is a Directory-as-a-Service (DaaS) solution that customers use to authenticate, authorize, manage users, devices, and applications. JumpCloud provides directory, system (Mac, Linux and Windows), Lightweight Directory Access Protocol (LDAP), Remote Authentication Dial-In User Service (RADIUS), Single sign-on (SSO), Mobile Device Management (MDM) events.

Netsurion Open XDR helps to monitor events from JumpCloud. Its dashboard, alerts and reports will help you to track login activities, directory, system, RADIUS server, LDAP server, MDM events to keep you informed about the system and its activities. It will trigger alert whenever user login failure event is detected, user is given admin privileges and other critical events occur.

Netsurion Data Source Integration for JumpCloud allows you to monitor the following components: –

  • Security: Login failures, directory object events, directory user and admin events, system events.
  • Operation: LDAP and MDM events
  • Compliance: Login success events

After the JumpCloud is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security JumpCloud – Login Failure Events This alert is generated when any login failure is detected on JumpCloud user portal, LDAP directory server, SSO application, system (Mac, Linux, Windows), RADIUS server.
Security JumpCloud – User Granted Admin Privilege This alert is generated when any user is granted admin sudo privileges on devices by admin. This action will give the user access to create accounts and amend system settings.
Security JumpCloud – Active Directory Deleted This alert is generated when an active directory is deleted.
Security JumpCloud – Admin Created This alert is generated when an admin is created. Admin account has privilege to amend setting affecting the whole organization and should be monitoring closely.
Security JumpCloud – System Deleted This alert is generated when any system is deleted.
Security JumpCloud – User Account Deleted This alert is generated when any user is deleted.
Security JumpCloud – User Account Locked or Suspended This alert is generated when any user account is locked or suspended. Lockout or account suspension should be monitored as it can be a result of brute force attack.

Reports

Type Name Description
Security JumpCloud – Login Failure Detected Report This report gives information about all the login failure events to user portal, systems (Mac, OS, Linux), RADIUS server, LDAP and SSO application. Reports contain IP address, username, event_type, auth method, user_agent, information regarding user location, organization id and other useful information.
Security JumpCloud – Directory Command and Policy Event Report This report gives the information about command management events, policy management events, file management events, IP list management events.
Security JumpCloud – Directory Object Event Report This report gives information about directory application, group, translation rule, system, organization, notification and RADIUS server management events.
Security JumpCloud – Directory Integration Event Report This report gives information about active directory events, ids resource events, samba domain events, workday, and integration events.
Security JumpCloud – Directory User and Admin Event Report This report provides information related to all user and admin management events such as user/admin create update, delete create. password change, password reset, user account lockout etc.
Security JumpCloud – System Event Report This category provides information related to user lockout, password change and other system (Mac, Linux, Windows) events.
Operations JumpCloud – LDAP and MDM Events Report This report gives information about LDAP search events and MDM command result. Report contains username who initiated the event, organization, changes, search result and other relevant information.
Compliance JumpCloud – Login Success Detected Report This report gives information about all the successful login events to user portal, systems (Mac, OS, Linux), RADIUS server, LDAP and SSO application. Report contains IP address, username, event_type, auth method, user_agent, info regarding user location, organization id and other useful information.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 or later, and JumpCloud.

Download Integration Guide, JumpCloud Integrator, and How-to Guide for configuration instructions and more information.