TLDR
It would be nice to get logs of clients attempting and failing to access Zoom in my managed domain. I would use that information to lock suspicious accounts and report compromise. I would also like more information available from the authorization logs.
My Problem:
We currently monitor who logs in and out of our managed domain via https://marketplace.zoom.us/docs/api-reference/zoom-api/reports/reportsigninsignoutactivities . It would be a nice feature to know where failed logins are coming from as well as client and IP information.
Suggestions
I have 2 suggestions:
- Add another reporting endpoint that aggregates failed logins ie. /reports/failedsigninaggs or /reports/failedsignins. This would be nice however computing aggregates is difficult depending on your backend, so it may not be advantageous.
- PREFERRED add a new type to /report/activities (https://marketplace.zoom.us/docs/api-reference/zoom-api/reports/reportsigninsignoutactivities) like “Sign in failed” and include as much client information as possible, most importantly the data_center and client version.
Preferred event data returned could look something like this:
{
"email": "sfkjsldfhjdsf@dskjflhdsf.com",
"time": "2019-09-15T20:56:09Z",
"type": "Sign in failed",
"ip_address": "38.99.100.6",
"client_type": "Browser",
"device": "WIN",
"data_center": "SC",
"connection_type": "P2P",
"pc_name": "dojo's pc",
"domain": "Dojo-workspace",
"mac_addr": " 00:0a:95:9d:68:16",
"version": "-"
}
if aggregating over the last day something like this:
{
"email": "sfkjsldfhjdsf@dskjflhdsf.com",
"ip_address": "38.99.100.6",
"client_type": "Browser",
"version": "-",
"count": 9000
}
Thanks Zoom Great Product!