Blog

What is JumpCloud and How JumpCloud Directory Insights Help Customize Security Reports for Advanced Monitoring

November 18, 2024 by Chaitanya Sistla
what-is-jumpcloud-and-how-to-monitor-with-openobserve

JumpCloud provides a centralized platform for managing identities, devices, and access, crucial for organizations with distributed teams or remote workforces. A key feature, JumpCloud Insights, offers actionable data on user and system activities, essential for security monitoring and compliance. In this guide, we’ll cover forwarding JumpCloud Insights to AWS S3, using a Lambda function to ingest these logs directly into OpenObserve, and setting up visual dashboards for comprehensive security observability.

Step1: Setting Up AWS S3 as the Log Forwarding Destination

First, set up AWS S3 as the destination for JumpCloud logs by following the instructions in the JumpCloud AWS Serverless App Directory for Insights. This process enables JumpCloud Insights data to be forwarded to an S3 bucket, acting as a raw data storage location before processing.

You can choose the ingestion time as needed. I opted for every minute since I prefer near-realtime.

With this setup, JumpCloud will start sending data to your S3 bucket as logs are generated, allowing access to raw security and operational data from JumpCloud Insights.

Step2: Creating an AWS Lambda Function for Ingestion to OpenObserve

To streamline log ingestion from S3 to OpenObserve, set up an AWS Lambda function that automatically transfers new log files into OpenObserve as they arrive in the S3 bucket.

Prerequisites

Download the src.zip from github that will be used in the next step.

Step-by-Step Deployment

  • Create Lambda function as shown in the image below
    • lambda create
  • Upload Your Lambda Function Code (src.zip)
    • Go to function and click on Upload From and select your zip file that you downloaded from prerequisites step
    • lambda create
  • Configure environment variables
    • Go to configuration and click on Environment Variables and then add BASIC_AUTH_USERNAME and BASIC_AUTH_PASSWORD
    • lambda create
  • Configure AWS InvokeFunction policy
    • Go to configuration and click on Permissions and the go to Resource-based policy statements and click on add permissions and follow the below image
    • lambda create
  • Add an S3 Trigger
    • Go to the bucket that was created in step1 and add an event trigger
      • lambda create
      • lambda create
      • lambda create

This will now start sending the events to OpenObserve when there is any event in the bucket.

Step3: Building Dashboards in OpenObserve

You can simply upload the JumpCloud dashboard that was designed by the OpenObserve team to get started quickly on security and other insights.

lambda create
lambda create
lambda create

Enhance JumpCloud Insights with OpenObserve

Integrating JumpCloud Insights with OpenObserve using AWS S3 and Lambda enables advanced security observability. The comparison below highlights the enhanced capabilities gained by sending JumpCloud logs to OpenObserve

Feature/AspectJumpCloud Insights AloneJumpCloud Insights Ingested into OpenObserve
Data StorageAWS S3 (raw data)AWS S3 with live ingestion in OpenObserve
Real-time AnalyticsLimitedFull real-time visualization
Customized DashboardsNoneAvailable in OpenObserve
Security MonitoringBasicEnhanced with detailed metrics and logs
Setup ComplexityModerateModerate, with Lambda and template.yaml
ScalabilityDepends on S3 limitationsScalable via OpenObserve

Ready to power your insights with OpenObserve? Get started here

Author:

authorImage

Chaitanya Sistla is a Principal Solutions Architect with 14X certifications across Cloud, Data, DevOps, and Cybersecurity. Leveraging extensive startup experience and a focus on MLOps, Chaitanya excels at designing scalable, innovative solutions that drive operational excellence and business transformation.

OpenObserve Inc. © 2024