We’re excited to share the launch of Event Logging and SIEM (Security Information and Event Management) Integration for Enterprise customers. This major upgrade allows organizations to keep a comprehensive audit trail of essential activities within their Enpass environment—while also enabling security teams to stream these logs into their existing SIEM platforms for centralized monitoring, alerting, and analysis.
Track key activities across Enpass with event logging
The new Event Logging feature offers detailed records of significant events happening within the Enpass application, Admin Console, and Enpass Hub. Once activated, organizations can monitor a wide array of security-related activities, such as:
- Successful and failed login attempts
- Vault creation, sharing, or import/export
- Triggers for account recovery
- User provisioning and deprovisioning
- Changes to policies and other administrative actions
Every event is timestamped and associated with specific users and devices, giving complete visibility into actions that affect security and compliance.
Send event logs into SIEM for better visibility
To fully leverage the value of event data, Enpass now supports direct integration with popular SIEM platforms, allowing organizations to channel their logs into centralized monitoring and response systems. This integration ensures that password management events are not siloed but instead become part of a broader enterprise security strategy. Once this is setup, you can retain audit logs beyond default durations provided by Enpass hub (90 days). The current supported SIEM solutions include
- Microsoft Sentinel
- Splunk
- IBM QRadar
- Sumo Logic
Requirements and Setup
To enable Event Logging and SIEM integration, organizations must meet the following prerequisites:
- Enpass Enterprise Business Plan
- Enpass Hub connected with the Admin Console
- Super Admin privileges in the Enpass Admin Console
- Use of Microsoft 365 or Google Workspace as the storage provider
To get started, first ensure that Enpass Hub is connected with your Admin Console. Then, navigate to the Integrations section and enable Event Logs. Once enabled, you can choose your preferred SIEM.
Here is a comprehensive documentation to assist with configuration and deployment.
Get started with event logging and SIEM in Enpass
This release represents a significant milestone towards fulfilling our commitment to your enterprise policies. By enabling a robust logging framework and allowing integration with existing SIEM tools, Enpass empowers organizations to achieve both secure password management and compliance needs.