As an ops lead,
I want to improve on detection of shared accounts within GCNotify,
So that I can flag these and take appropriate actions.
WHY are we building?
Improve detection of shared GCNotify accounts.
WHAT are we building?
A query that can surface simultaneous logins from the same account. This can be from multiple logins in a short span of time or from different locations, or both. It depends on what we have as information in the system.
VALUE created by our solution
Better detection of shared account and improved security.
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
[ ] One or many queries are produced that detects simultaneous queries. These can be Blazer or AWS CloudFront queries. These are clearly identified with a security tag and explaining their purpose.
Description
As an ops lead, I want to improve on detection of shared accounts within GCNotify, So that I can flag these and take appropriate actions.
WHY are we building?
Improve detection of shared GCNotify accounts.
WHAT are we building?
A query that can surface simultaneous logins from the same account. This can be from multiple logins in a short span of time or from different locations, or both. It depends on what we have as information in the system.
VALUE created by our solution
Better detection of shared account and improved security.
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
QA Steps
Related incident
https://docs.google.com/document/d/1_3Egk7ljIF5lH4z9RXLxElHn14G9LfuZ7z-hHwCsHZI/edit