Analyze Login Attempts for e-PHI
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Log Workspaces allows you to bring in log data to analyze login attempts and audit access to electronic protected health information (e-PHI). To start monitoring and identifying failed login attempts, using Workspaces’ flexible querying and visualization options by following these steps.
This guide assumes that you are:
- Submitting logs to Datadog for a similar use case.
- Able to create a workspace and add cells.
To get started, bring in the logs from the service(s) you want to analyze.
- Create a new Workspace.
- Select Logs Query as your data source.
To search for failed login attempts, which might indicate unauthorized attempts to access e-PHI, set up your logs query to filter for these events. An example query might include filtering by an event outcome code that signifies failure.
You can add any additional filters, facets, or attributes to narrow your search based on your requirements and what is available in your logs.
To analyze the data further, you can count the number of failed login attempts by user ID and sort the results. This is helpful for identifying users with repeated failed login attempts, which may require further investigation.
- Add an Analysis cell to your workspace.
- Run a SQL query.
SELECT * FROM failed_logins
To get a clearer picture of when failed logins are occurring, you can create a timeline or Timeseries visualization.
- Add a Visualization cell.
- Choose Timeseries from the “Visualize as” dropdown.
- Configure the graph to display the number of failed login attempts over time, using your query results as the data source.
Documentation, liens et articles supplémentaires utiles:
