What is JumpCloud and How JumpCloud Directory Insights Help Customize Security Reports for Advanced Monitoring

Chaitanya Sistla
Chaitanya Sistla
November 18, 2024
3 min read
Don’t forget to share!
TwitterLinkedInFacebook

Table of Contents

Jumpcloud.gif

JumpCloud provides a centralized platform for managing identities, devices, and access, crucial for organizations with distributed teams or remote workforces. A key feature, JumpCloud Insights, offers actionable data on user and system activities, essential for security monitoring and compliance. In this guide, we’ll cover forwarding JumpCloud Insights to AWS S3, using a Lambda function to ingest these logs directly into OpenObserve, and setting up visual dashboards for comprehensive security observability.

Step1: Setting Up AWS S3 as the Log Forwarding Destination

First, set up AWS S3 as the destination for JumpCloud logs by following the instructions in the JumpCloud AWS Serverless App Directory for Insights. This process enables JumpCloud Insights data to be forwarded to an S3 bucket, acting as a raw data storage location before processing.

You can choose the ingestion time as needed. I opted for every minute since I prefer near-realtime.

With this setup, JumpCloud will start sending data to your S3 bucket as logs are generated, allowing access to raw security and operational data from JumpCloud Insights.

Step2: Creating an AWS Lambda Function for Ingestion to OpenObserve

To streamline log ingestion from S3 to OpenObserve, set up an AWS Lambda function that automatically transfers new log files into OpenObserve as they arrive in the S3 bucket.

Prerequisites

Download the src.zip from github that will be used in the next step.

Step-by-Step Deployment

  • Create Lambda function as shown in the image below
    • lambda create
  • Upload Your Lambda Function Code (src.zip)
    • Go to function and click on Upload From and select your zip file that you downloaded from prerequisites step
    • lambda create
  • Configure environment variables
    • Go to configuration and click on Environment Variables and then add BASIC_AUTH_USERNAME and BASIC_AUTH_PASSWORD
    • lambda create
  • Configure AWS InvokeFunction policy
    • Go to configuration and click on Permissions and the go to Resource-based policy statements and click on add permissions and follow the below image
    • lambda create
  • Add an S3 Trigger
    • Go to the bucket that was created in step1 and add an event trigger
      • lambda create
      • lambda create
      • lambda create

This will now start sending the events to OpenObserve when there is any event in the bucket.

Step3: Building Dashboards in OpenObserve

You can simply upload the JumpCloud dashboard that was designed by the OpenObserve team to get started quickly on security and other insights.

lambda create
lambda create
lambda create

Enhance JumpCloud Insights with OpenObserve

Integrating JumpCloud Insights with OpenObserve using AWS S3 and Lambda enables advanced security observability. The comparison below highlights the enhanced capabilities gained by sending JumpCloud logs to OpenObserve

Feature/Aspect JumpCloud Insights Alone JumpCloud Insights Ingested into OpenObserve
Data Storage AWS S3 (raw data) AWS S3 with live ingestion in OpenObserve
Real-time Analytics Limited Full real-time visualization
Customized Dashboards None Available in OpenObserve
Security Monitoring Basic Enhanced with detailed metrics and logs
Setup Complexity Moderate Moderate, with Lambda and template.yaml
Scalability Depends on S3 limitations Scalable via OpenObserve

About the Author

Chaitanya Sistla

Chaitanya Sistla

LinkedIn

Chaitanya Sistla is a Principal Solutions Architect with 16X certifications across Cloud, Data, DevOps, and Cybersecurity. Leveraging extensive startup experience and a focus on MLOps, Chaitanya excels at designing scalable, innovative solutions that drive operational excellence and business transformation.

Latest From Our Blogs

View all posts