LastPass is a password manager that stores encrypted passwords online, as well as enterprise single sign-on (SSO) and adaptive multi-factor authentication (MFA).
Once configured and integrated with LastPass, Blumira’s modern SIEM platform ingests and parses log data in order to provide advanced threat detection and automated, actionable response.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Blumira can be configured to ingest a stream of LastPass event data through the LastPass Enterprise API. If you have a LastPass Enterprise account, follow these steps to forward that account’s log stream to Blumira.
To configure LastPass, you will need to obtain a “Provisioning Hash” or API key, that provides Blumira access to your data through the LastPass Enterprise API[1]. You will also need to obtain your Customer ID, or “cid” from Lastpass. To do this, follow these steps:
Next, you will need to enable your Blumira sensor to connect to LastPass, using the API Secret and cid you obtained. This connection is managed through the LastPass module, which you will install on one of your Blumira sensors.
Here’s how to add the LastPass module:
The “Add New Module” window should close, and, back in your sensor detail page view, you should now see the LastPass Module listed in the table of modules.
Within minutes of completing these steps, the LastPass module will be operational, and will ingest up to 90 days of historical logs into the Blumira platform. The module will then continuously monitor the LastPass service for the latest available logs.
[1] (Requires being logged into your LastPass enterprise account) https://lastpass.com/company/#!/settings/enterprise-api