Authentic8 collects certain log data in order to provide visibility into Silo for Safe Access activities. Logged data includes:
- Browser Navigation History
- Policy Changes
- Authentication Events
- Session Details
- Web Form POST Data (Log Encryption required)
Log data is stored for 90 days after which it is deleted from Authentic8's database system. During this 90 day period, the service can be configured to store log data in either unencrypted or encrypted format depending on customer-specific requirements
Silo for Safe Access logs are stored in unencrypted format by default, and summarized results are made available to Administrators via the reporting panel in the Silo Admin Console. Log data can also be obtained via Authentic8's Log Extract API, or with the Splunk Enterprise technical add-on
Encrypted Logging
If you are concerned about unauthorized access to your log data, or if you have regulated content in the data log (e.g., patient ID embedded in a URL), you can enable log encryption by establishing a public/private key pair. In this configuration, log data is written and maintained exclusively in encrypted format. By choosing to enforce log encryption, the reporting panel in the Admin Console will no longer be available
It is strongly recommended to obtain encrypted log data using our Log Extract API, as opposed to a manual download from the Admin Console
Additional sensitive data also becomes accessible once log encryption is enabled. Silo Administrators have control over which sensitive data are included with encrypted logs, with the options below:
- Clipboard Contents
- Cookies
- POST Data
- SMS Inbox Messages
Important: When configured, additional log data types will be recorded for the entire organization, or at the sub-org level where the log types are set
Configuring Log Encryption
From the Silo Admin Console, click Manage right below Policies, then navigate to Advanced > Log Encryption > Edit
Enter a Key Name — used as an identifier for the Public Key (essential for the Log Extract process)
Enter the Public Key value generated from the key pair
Encryption Key Pair
ECIES
Authentic8 uses Elliptic Curve Integrated Encryption Scheme (AES256GCM-SHA384) with a NIST P-256 curve key (Secp256R1/Prime256v1) to encrypt logs. The Elliptic Curve public key can be generated using standard tools, such as OpenSSL or other commonly available options
Generating an EC private key with file output to key.pem
openssl ecparam -name prime256v1 -genkey -noout -out key.pem
Extracting the public key from the key pair (this key will be used in the Silo Admin Console)
openssl ec -in key.pem -pubout -out public.pem
SECCURE (Legacy)
Authentic8 will continue to support existing log encryption implementations using the SECCURE toolset
The SECCURE toolset must be installed in order to generate a supported key pair. Toolkit installation can be performed with the following command on Debian-based Linux distributions:
sudo apt-get install seccure
Once SECCURE is installed, the key pair can be generated with the following command:
sudo seccure-key -c p256
This will prompt for a private key value to be entered in plain text. For best practice, the use of a strong private key value is highly encouraged
A public key value will be printed on the screen, which will need to be entered into the Log Encryption policy in the Silo Admin Console
Important: Authentic8 does not manage, or have the means to recover customer generated key pair values. If the private key value is misplaced, then the assumption is that the data log will no longer be accessible. It is very important to safeguard the private key value as it is needed to decrypt your organization's encrypted logs
Please refer to the Silo Logs Reference Guide for additional information
Please contact Support for any additional questions