Authentic8 collects certain log data in order to provide visibility into Silo for Safe Access activities. Logged data includes:

  • Browser Navigation History
  • Policy Changes
  • Authentication Events
  • Session Details
  • Web Form POST Data (Log Encryption required)


Log data is stored for 90 days after which it is deleted from Authentic8's database system. During this 90 day period, the service can be configured to store log data in either unencrypted or encrypted format depending on customer-specific requirements


Silo for Safe Access logs are stored in unencrypted format by default, and summarized results are made available to Administrators via the reporting panel in the Silo Admin Console. Log data can also be obtained via Authentic8's Log Extract API, or with the Splunk Enterprise technical add-on



Encrypted Logging

If you are concerned about unauthorized access to your log data, or if you have regulated content in the data log (e.g., patient ID embedded in a URL), you can enable log encryption by establishing a public/private key pair. In this configuration, log data is written and maintained exclusively in encrypted format. By choosing to enforce log encryption, the reporting panel in the Admin Console will no longer be available

It is strongly recommended to obtain encrypted log data using our Log Extract API, as opposed to a manual download from the Admin Console


Additional sensitive data also becomes accessible once log encryption is enabled. Silo Administrators have control over which sensitive data are included with encrypted logs, with the options below:

  • Clipboard Contents
  • Cookies
  • POST Data
  • SMS Inbox Messages


Important: When configured, additional log data types will be recorded for the entire organization, or at the sub-org level where the log types are set



Configuring Log Encryption

From the Silo Admin Console, click Manage right below Policies, then navigate to Advanced > Log Encryption > Edit




Enter a Key Name — used as an identifier for the Public Key (essential for the Log Extract process)


Enter the Public Key value generated from the key pair


Encryption Key Pair


ECIES

Authentic8 uses Elliptic Curve Integrated Encryption Scheme (AES256GCM-SHA384) with a NIST P-256 curve key (Secp256R1/Prime256v1) to encrypt logs. The Elliptic Curve public key can be generated using standard tools, such as OpenSSL or other commonly available options


Generating an EC private key with file output to key.pem

openssl ecparam -name prime256v1 -genkey -noout -out key.pem



Extracting the public key from the key pair (this key will be used in the Silo Admin Console)

openssl ec -in key.pem -pubout -out public.pem



SECCURE (Legacy)

Authentic8 will continue to support existing log encryption implementations using the SECCURE toolset


The SECCURE toolset must be installed in order to generate a supported key pair. Toolkit installation can be performed with the following command on Debian-based Linux distributions:
sudo apt-get install seccure

Once SECCURE is installed, the key pair can be generated with the following command:
sudo seccure-key -c p256

This will prompt for a private key value to be entered in plain text. For best practice, the use of a strong private key value is highly encouraged


A public key value will be printed on the screen, which will need to be entered into the Log Encryption policy in the Silo Admin Console 


Important: Authentic8 does not manage, or have the means to recover customer generated key pair values. If the private key value is misplaced, then the assumption is that the data log will no longer be accessible. It is very important to safeguard the private key value as it is needed to decrypt your organization's encrypted logs


Please refer to the Silo Logs Reference Guide for additional information



Please contact Support for any additional questions