Back to Compliance and Audit

Growth · Part of Compliance and Audit

Failed + denied access log

Available

Every authentication failure, permission denial, and cross-tenant probe in one stream. Brute-force aggregation surfaces patterns (≥5 failures from same IP in 10 min) so a credential-stuffing wave doesn't drown in single-row noise.

Failed + denied access log — every authentication failure, permission denial, and cross-tenant probe in one stream. Brute-force aggregation surfaces patterns (≥5 failures from same IP in 10 min) so a credential-stuffing wave doesn't drown in single-row noise.
Failed + denied access log — every authentication failure, permission denial, and cross-tenant probe in one stream. Brute-force aggregation surfaces patterns (≥5 failures from same IP in 10 min) so a credential-stuffing wave doesn't drown in single-row noise.

For the operator

Sweep this weekly looking for IPs you don't recognize, actors with sustained failure rates, or any cross-tenant probe rows. The brute-force aggregation lets you scan a thousand-row list in 30 seconds because the noise is collapsed. Cross-reference against your IAM logs to confirm whether failures are legitimate (e.g., a new employee on day-one) or hostile.

Business impact

The other half of the compliance defense story (alongside successful audit events). "We log every successful access" is half the answer; "we also log every attempted access" is the full answer. SOC 2 CC6.1 explicitly requires this; PCI DSS 10.2.4 requires this; pretty much every enterprise security questionnaire requires this.

Previous

PII access log + purpose annotation

Next

Data retention policy editor + enforcement

Request Early Access
Failed + denied access log — Compliance and Audit — FrontLine Atlas | FrontLine