Our next-gen architecture is built to help you make sense of your ever-growing data.

Watch a 4-min demo video!
Start Free Trial Get a Demo
Start Free Trial

Onelogin Log Insights with Coralogix

  • Amir Raz
  • July 21, 2020
Share article
OneLogin-Log-Insights

OneLogin is one of the top leading Unified Access Management platforms, enabling organizations to manage and Access their cloud applications in a secure way. OneLogin makes it simpler and safer for organizations to access the apps and data they need anytime, everywhere. This post will show you how Coralogix can provide analytics and insights for your OneLogin log data – including performance and security insights.

OneLogin Logs

OneLogin generates system events related to the authentication activity of your users and any actions made by them. The data provides an audit trail that helps you understand activities within your platforms. Each log event object describes a single logged action or “event” performed by a certain actor for a certain target and its result.

You can leverage this event data by using Coralogix alerts and dashboards to instantly detect problems and their root causes, spot malicious behavior, and get real-time notifications on any event you can define. Ultimately, this offers a better monitoring experience and more value out of your Auth0 data with minimal effort.

To connect your OneLogin logs with Coralogix you will first need to send your OneLogin events to Amazon EventBridge and route them to AWS CloudtTail and then, send them from CloudTrail to Coralogix with our predefined Lambda function.

OneLogin Dashboards

Here are a few examples of Kibana dashboards we created, using the OneLogin log data, Coralogix IP address GEO enrichment, and Elastic queries.

  • Overview
  • Security
  • App Monitoring

You may create additional visualizations and dashboards of your own, using your OneLogin logs.

  • Overview

  • Security

  • App Monitoring

OneLogin Alerts

Coralogix User-defined alerts enable you to easily create any alert you have in mind, using complex queries and various conditions heuristics, thus being more proactive with your OneLogin logs and notified in real-time when issues arise. Here are some examples of alerts we created using traditional OneLogin log data.

1. More than usual login failure per event type

Alert Filter: detail.event_type_id.numeric:(6 OR 9 OR 77 OR 154 OR 901 OR 905 OR 906)

Alert Condition: ‘More than usual times, within 5 min with a minimum of 10 occurrences’, grouped by detail.event_type_id.

2. App user limit reach

Alert Filter: detail.event_type_id.numeric:20

Alert Condition: ‘Notify immediately’

3. Successful login from an unfamiliar country

Alert Filter: detail.event_type_id.numeric:(5 OR 8 OR 78 OR 153 OR 900 OR 904) NOT detail.ipaddr_geoip.country_name:(israel OR ireland OR “united states”)

Alert Condition: ‘Notify immediately’

4. Unauthorized API event

Alert Filter: detail.event_type_id.numeric:401

Alert Condition: ‘Notify immediately’

5. More than 50 API lock user event in 10 min

Alert Filter: detail.event_type_id.numeric:531

Alert Condition: ‘More than 50 times, within 10 min’

Need More Help with Auth0 or any other log data? Click on the chat icon on the bottom right corner for quick advice from our logging experts.

Related Articles

Is your CDN really at the edge?
7 min

Is your CDN really at the edge?

  • By Chris Cooney
  • September 17, 2024

tldr: This post discusses how to measure CDN request locality without indexing a single log. The function of a CDN is to bring cacheable data, like…

AWS Elemental MediaTailor – measuring transcoding performance with Coralogix
7 min

AWS Elemental MediaTailor – measuring transcoding performance with Coralogix

  • By Chris Cooney
  • September 4, 2024

AWS Elemental MediaTailor provides a wealth of information via metrics, but one key feature that is very difficult to track is the Transcoding performance. What is…

You don’t need ALL those metrics!
4 min

You don’t need ALL those metrics!

  • By Emma Mock
  • August 4, 2024

Metrics are key to monitoring system health and performance but you probably are ingesting far more metrics than you will ever need or use.  The issue…

Observability and Security
that Scale with You.

Schedule Demo
Get a Demo