OpenAM And The ELK Stack - A Security Event Dashboard

Being able to monitor what’s going with business- or mission-critical software is key to any IT organization. Be it for troubleshooting, auditing, business or IT performance reviews, SLAs, or what have you.

OpenAM, like ForgeRock’s other products, can produce a wealth of logging and auditing information. In fact, we’re working towards a very nice audit framework that will be common across all of our products.

While OpenAM’s log information can be consumed by many products, including FireEye’s and Palo Alto Networks’ products for intrusion detection and network security, it also can be fed into an ELK stack setup (Elasticsearch, Logstash and Kibana), for some very powerful graphical analysis of access management data.

Our own Warren Strange created a great little demo about it.

Now, Andy White from our partner Identropy created a very nice demo about it as well. A scenario that he calls a “Security Event Dashboard” that reports on OpenAM authentication events: