FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can you Identify Which Synthetic is causing Account Lockout?

Go to solution
sivart_89
Advisor

‎12 May 2022 04:12 PM

Hi everyone,

 

We allow for our users to create their own synthetics and we believe that someone has created one that uses their personal account to login to their site. Security enforces password changes every x number of days and their password has been changed recently and seems to line up with when their account began being locked out. We believe the synthetic they configured is causing the lockout but don't know the name of it. My question is if there is somewhere in AG logs that will show the synthetic name. If it is logged then I think we will be setting up some log alerting to get notified of this.

 

We do have a fair amount of synthetics so I'm looking for a way to easily know the synthetic name rather than checking ones we think may be the culprit.

Labels:
0 Kudos
Reply
7 REPLIES 7

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru

‎12 May 2022 06:30 PM

Have you tried going the API route?

You should first get the list of all them,
https://www.dynatrace.com/support/help/dynatrace-api/environment-api/synthetic/synthetic-monitors/ge...

then get the properties of each one,

https://www.dynatrace.com/support/help/dynatrace-api/environment-api/synthetic/synthetic-monitors/ge...

and search inside the data collected.

This is also a great way to get backups for all those measurements.

Antonio Sousa
Reply

Go to solution
sivart_89
Advisor
In response to AntonioSousa

‎12 May 2022 06:40 PM

I imagine this would be valid in showing if the username was provided in clear text (not stored in credential vault) but then you would also have to loop through all the configuration. While this could be done, I was hoping to have something logged that can be easily searched an alerted on via a script using cron.

 

In addition to this, looping through with an api doesn't account for synthetics that are using credentials in the credential vault. I imagine this would only tell you the credential name in which case you would then have to issue another call to get details about the specific credential associated with what is being used in the credential. On top of that, you won't be able to see the username associated with that credential, that info is not provided

0 Kudos
Reply

Go to solution
HannahM
Dynatrace Leader
Dynatrace Leader
In response to sivart_89

‎13 May 2022 11:43 AM

Since this is being done when you know the user whose account is being locked you could pull all the monitors that have credentials owned by that person. 

https://www.dynatrace.com/support/help/dynatrace-api/environment-api/synthetic/synthetic-monitors/ge...

 

Synthetic SME and community advocate.
0 Kudos
Reply

Go to solution
dannemca
DynaMight Guru
DynaMight Guru
In response to AntonioSousa

‎13 May 2022 02:41 PM

I did exactly that to find a monitor that was causing the exactly issue mentioned on this topic.

To help others, here are the code I used:

 
dannemca@MBP-de-Danne Scripts-API % cat get-synth.sh 
rm -rf http-synthetic-details-all.csv
curl -X GET "https://${tenant}.live.dynatrace.com/api/v1/synthetic/monitors" -H 'Authorization: Api-token ${token}' > sresponse.json
python3 get-synthetic.py > synthetic_all.csv
for i in `cat synthetic_all.csv`
do
    curl -X GET "https://${tenant}.live.dynatrace.com/api/v1/synthetic/monitors/${i}" -H 'Authorization: Api-token ${token}' > allsynth.json 
    echo `python3 get-synthetic-all.py` >> http-synthetic-details-all.csv
done

dannemca@MBP-de-Danne Scripts-API % cat get-synthetic.py
import json

f = open('sresponse.json',)
data = json.load(f)
for i in data['monitors']:
	print(i['entityId'])

dannemca@MBP-de-Danne Scripts-API % cat get-synthetic-all.py
import json

f = open('allsynth.json',)
data = json.load(f)
print(data)

 

Once done, you can just cat http-synthetic-details-all.csv | grep user@id.com.

 

If the user ID is into a credential vault, I think is even easier, since you can just list all the vaults from that user and filter the monitors on the Synthetic list.

Site Reliability Engineer @ Kyndryl
Reply

Go to solution
sivart_89
Advisor
In response to dannemca

‎02 Jun 2022 02:19 AM

Thanks for this, I will give it a try sometime soon

0 Kudos
Reply

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru

‎12 May 2022 06:44 PM

So, basically you want to know which monitors use a certain entry in the Vault?

Antonio Sousa
0 Kudos
Reply

Go to solution
sivart_89
Advisor
In response to AntonioSousa

‎02 Jun 2022 02:18 AM

It really shouldn't be isolated to credentials stored in the credential vault. Although of course recommended to store them there, we allow our teams to create their own synthetics and can't be sure that it is always stored there.

0 Kudos
Reply
Ask a question

Featured Posts