Implement Event log

[teon]

Types of events

Each event MUST have:

• from (IP)
• date
• user

defguard events

Everything you do with defguard as an application itself - meaning everything you do directly through/on defguard UI (not related to functionalities that deguard handles later (oidc login, VPNs, YK, ...)

In other words, every event you begin with typing defguard instance url in the browser.

Examples:

• defguard
  • openid
    • openid app was added
    • app was disabled
    • app has been edited
    • app removed
  • vpn
    • location added
    • location modified
    • location deleted
    • ...
  • yubikey
    • provisioner added
  • settings
    • smtp configured/modified/
  • users
    • user added with enrollment / without enrollment
    • user modified
    • user logged in
    • user MFA failed
    • added TOTP MFA
    • disabled EMAIL MFA
    • used Recovery code

VPN events

• user connected to location
• user disconnected from location
• user filed MFA when connecting to location x

enrollment

• started
• user X ustawił hasło podczas enrollment
• zmienil numer telefonu
• dodał sobie VPN device
• dodal MFA TOTP
• pobral kody recovery

Example exaple

DATE TIME USER IP Event(downloaded MFA RECOVERY CODES) Module:(enrollment/client/defguard) device:(chrome windows/defguard-client windows 0.2) DETEILED CHANGES:(text whatever we like, ex. changed name device from Dupa to Mac(

DATE TIME USER IP Event(connected to location Moncao office) Module:(vpn) device:(blade nazwa z profilu) DETAILED CHANGES:()