Dear all, The Jenkins OpenTelemetry Plugin is now sending Jenkins authentication audit logs to external observability backends with the goal for routing these logs to SIEM solutions that will be able to detect abnormal behaviours (see documentation here <https://github.com/jenkinsci/opentelemetry-plugin/blob/master/docs/security.md#jenkins-security-logs> ).
To implement this authentication audit trail, we implemented a Jenkins SecurityListener <https://javadoc.jenkins.io/jenkins/security/SecurityListener.html> (source code here: AuditingSecurityListener.java#L120 <https://github.com/jenkinsci/opentelemetry-plugin/blob/d978ac10c2ac01ef1ef93071aa160995ff5c4882/src/main/java/io/jenkins/plugins/opentelemetry/security/AuditingSecurityListener.java#L120>) but the SecurityListener#failedLogin(username) doesn't provide any mechanism to retrieve the remoteIpAddr (Stapler#getCurrentRequest() returns null) . I looked at the code of other Jenkins plugins such as the Jenkins AuditTrail Plugin <https://plugins.jenkins.io/audit-trail/> and couldn't find a solution. *Is there way in in Jenkins plugins to listen to failed logins and to retrieve the remoteIpAddr? If not, did the community consider adding this capability as it's commonly used by security tools to detect anomalous ?* Cyrille -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3a74a1a2-6c93-426a-8f9f-28996d983b42n%40googlegroups.com.
