Configuring Security

You can configure LogScale to run with or without user authentication. Authorization and permissions are handled in LogScale, while users are authenticated and logged in using one of the following integrations:

RBAC & GDPR

These two specialized sections explain LogScale's authentication and access method, as well as how LogScale logs are generated.

Managing Users & Permissions
LogScale distinguishes between authentication (i.e., establishes user identity) and authorization (i.e., sets which activities are allowed by authenticated users). LogScale's role-based access control model enables authorization of users based on roles with sets of permissions.
API Tokens
API tokens provide access to LogScale through various APIs and are configured at different access levels to allow ingestion, management and administration of LogScale.
Security Policies
Security Policies configure how access is granted through API tokens, configure IP and network limitations on access, limit dashboard access and sharing, and enable fine-grained control on how actions used in alertss and other automations can be used by different users of the system.
Session Management
Web sessions can be controlled to limit the time users can be logged in and connected to the LogScale Web UI.
Audit Logging
LogScale generates audit log events on many user activities. Per GDPR requirements, entries are marked as sensitive or non-sensitive, to make for a good audit trail.

Monitoring LogScale for security situations (e.g., hacker attempts, denial of service attacks, etc.), can be done with a number of different security monitoring systems, which can be integrated into LogScale:

For information on different integrations and products that can work with and communicate with LogScale, please see Integrations.

Immutability of Data

LogScale is designed so that data, once digested to a repository, is immutable. You can not modify or edit the data. At rest, the data is encrypted and a checksum process is used on each segment to prevent corruption.

Data in a repository can only be deleted under certain conditions and with specific elevated privileges:

By time — Data is automatically purged at the end of the designated retention period. See Data Retention.
By manual deletion of the repository — A user with sufficient permissions can delete an entire repository. See Delete a Repository or View.
By API — A user with specific privileges and administrative power over a repo can leverage the Redact API to remove specific data. Redact Events API.

All of the above actions can only be performed by authorized users with the specific mentioned permissions tied to specific repositories.

Falcon LogScale Cloud 1.132.0-1.136.0

Cloud Overview

Getting Started

LogScale Cloud Admin.

Organization Essentials

Configuring Security

Authentication & Identity Providers

Users & Permissions

Ingesting Data

LogScale URLs & Endpoints

Limits & Standards

Data Analysis 1.132.0-1.136.0

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

Configuring Security

Immutability of Data

Enter search term