Viewing client connection logs
SDS for C&M clients generate a log every time they log in to SDS for C&M, indicating whether the connection succeeded or failed.
Looking through these logs makes it possible to detect whether a user account is the target of a brute force attack.
These logs are deleted by default after 365 days.
Connection logs can be viewed on client workstations in
C:\Program Files\Stormshield\Stormshield Data Security\accountConnectionLogs.json,
In the following example, the first login was attempted using the account user1domain.com. The line
"success": true means that the login was successful. The second attempt was carried out with the account user2domain.com. The line
"success": false means that the login failed.
“success": false },