Configure Security

LogScale provides comprehensive security features to protect your data and control access. Key capabilities include user authentication methods, role-based access control (RBAC), and security policies. The platform tracks all system activities through audit logging for compliance purposes and ensures data integrity with encryption at rest and controlled deletion processes.

You can configure LogScale to run with or without user authentication. The platform handles both authentication (verifying user identity) and authorization (controlling what users can do) through various integration methods.

The following diagram shows how the various layers of LogScale security and privacy work together to maintain a strong security posture.

graph TB %% User Entry Points User[๐Ÿ‘ค Users] --> Auth{Authentication<br/>Identity Verification} API[๐Ÿ”Œ API Clients] --> APIToken[API Tokens] WebUI[๐ŸŒ Web Interface] --> WebSession[Web Sessions] Ingest[๐Ÿ“ฅ Ingest] --> IngestToken[Ingest Tokens] --> IngestParser[Ingest Parser] %% Ingest Layer IngestParser --> DataLayer %% Authentication Layer Auth --> SingleUser[Single-User Mode<br/>Basic Security] Auth --> RootUser[Root Users<br/>Full Admin Privileges] Auth --> EmergencyUser[Emergency Users<br/>Local Access Backup] Auth --> IDP[Identity Providers<br/>External Authentication] %% Authorization Layer SingleUser --> RBAC[Role-Based Access Control<br/>RBAC] RootUser --> RBAC EmergencyUser --> RBAC IDP --> RBAC APIToken --> RBAC WebSession --> SessionMgmt[Session Management<br/>Time Limits & Controls] %% Access Control RBAC --> Authz[Authorization Engine<br/>What Users Can Do] SessionMgmt --> Authz %% Security Policies Authz --> SecPolicies[Security Policies] SecPolicies --> IPFilter[IP/Network Restrictions] SecPolicies --> DashControl[Dashboard Access Control] SecPolicies --> ActionControl[Alert/Automation Controls] SecPolicies --> TokenControl[API Token Limitations] %% Data Protection Layer IPFilter --> DataLayer[Data Layer] DashControl --> DataLayer ActionControl --> DataLayer TokenControl --> DataLayer DataLayer --> Encryption[๐Ÿ”’ Encryption at Rest] DataLayer --> Immutable[๐Ÿ›ก๏ธ Data Immutability<br/>Cannot Modify After Ingestion] DataLayer --> Checksums[โœ“ Checksums<br/>Corruption Prevention] %% Data Deletion Controls Immutable --> DelControl[Controlled Deletion] DelControl --> RetentionDel[โฐ Time-based Deletion<br/>Retention Policies] DelControl --> ManualDel[๐Ÿ—‘๏ธ Manual Repository Deletion<br/>Admin Privileges Required] DelControl --> APIDel[๐Ÿ”ง API Redaction<br/>] %% Monitoring and Compliance Authz --> AuditLog[๐Ÿ“‹ Audit Logging] DataLayer --> AuditLog DelControl --> AuditLog AuditLog --> GDPRCompliant[GDPR Compliance<br/>Sensitive/Non-sensitive Marking] AuditLog --> SecurityMon[๐Ÿ” Security Monitoring] SecurityMon --> ThreatDetect[Threat Detection<br/>โ€ข Unauthorized Access<br/>โ€ข DoS Attacks<br/>โ€ข Security Incidents] SecurityMon --> Integrations[๐Ÿ”— Security Integrations<br/>External Security Systems] %% Styling classDef authClass fill:#ff6b6b,stroke:#d63031,stroke-width:2px,color:white classDef accessClass fill:#4ecdc4,stroke:#00b894,stroke-width:2px,color:white classDef dataClass fill:#45b7d1,stroke:#0984e3,stroke-width:2px,color:white classDef monitorClass fill:#96ceb4,stroke:#00a085,stroke-width:2px,color:white classDef userClass fill:#ffeaa7,stroke:#fdcb6e,stroke-width:2px,color:#2d3436 classDef ingestClass fill:#ff69b4,stroke:#e91e63,stroke-width:2px,color:white class Auth,SingleUser,RootUser,EmergencyUser,IDP,APIToken,WebSession,SessionMgmt authClass class RBAC,Authz,SecPolicies,IPFilter,DashControl,ActionControl,TokenControl accessClass class DataLayer,Encryption,Immutable,Checksums,DelControl,RetentionDel,ManualDel,APIDel dataClass class AuditLog,GDPRCompliant,SecurityMon,ThreatDetect,Integrations monitorClass class User,API,WebUI userClass class Ingest,IngestToken,IngestParser ingestClass

Some of the key components of the diagram are:

  • Authentication Layer (Red)

    • Single-User Mode: Basic security for simple deployments

    • Root Users: Full administrative privileges

    • Emergency Users: Local access backup for disaster recovery

    • Identity Providers: External authentication systems (LDAP, SAML, etc.)

  • Access Control Layer (Teal)

    • RBAC: Role-Based Access Control managing user permissions

    • Security Policies: Fine-grained access controls

    • Session Management: Web session controls and timeouts

  • Data Protection Layer (Blue)

    • Encryption at Rest: All stored data is encrypted

    • Data Immutability: Once ingested, data cannot be modified

    • Checksums: Prevent data corruption

    • Controlled Deletion: Multiple methods for data removal with proper controls

  • Monitoring and Compliance Layer (Green)

    • Audit Logging: Complete audit trail of all actions

    • GDPR Compliance: Privacy controls and data marking

    • Security Monitoring: Real-time threat detection

    • External Integrations: Connect with security systems

  • Ingest Layer (Pink)

    • Parser: Data collection and structure

    • Ingest token: identify the repository, parser, and authority to send data for ingestion into with Falcon LogScale Collector or other log shippers into LogScale. Ingest tokens do not allow access to the API or to query data stored in repositories.

Note

Because ingest tokens behave differently than other methods of security and access, they are not included in this section. For more information about ingest tokens, see Ingest Tokens.

Access control and compliance

LogScale provides comprehensive access control mechanisms and compliance features to secure your environment and meet regulatory requirements.

  • LogScale distinguishes between authentication (establishing user identity) and authorization (which activities are allowed by authenticated users). LogScale's role-based access control (RBAC) model enables authorization of users based on roles with sets of permissions.

  • API tokens provide access to LogScale through various APIs and are configured at different access levels to allow ingestion, management, and administration of LogScale.

  • Security Policies configure how access is granted through API tokens, configure IP and network limitations on access, limit dashboard access and sharing, and enable fine-grained control on how actions used in alerts and other automations can be used by different users of the system.

  • Web sessions can be controlled to limit the time users can be logged in and connected to the LogScale Web UI.

  • LogScale generates audit log events on many user activities. Per GDPR requirements, entries are marked as sensitive or non-sensitive to provide an appropriate audit trail.

Security monitoring and integrations

LogScale can be monitored for security threats such as unauthorized access attempts, denial of service attacks, and other security incidents. Various security monitoring systems can be integrated with LogScale to enhance your security posture.

For information on different integrations and products that can work with and communicate with LogScale, see Package Marketplace.

Immutability of data

LogScale ensures data integrity through immutability. Once data is ingested into a repository, it cannot be modified or edited. Data at rest is encrypted, and checksums are used on each segment to prevent corruption.

Data in a repository can only be deleted under certain conditions and with specific elevated privileges:

  • By time โ€” Data is automatically purged at the end of the designated retention period. See Data Retention.

  • By manual deletion of the repository โ€” A user with sufficient permissions can delete an entire repository. See Delete a Repository or View.

  • By API โ€” A user with specific privileges and administrative power over a repo can leverage the Redact API to remove specific data. Redact Events API.

All of the above actions can only be performed by authorized users with the specific mentioned permissions tied to specific repositories.