cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can you Identify Which Synthetic is causing Account Lockout?

Hi everyone,

 

We allow for our users to create their own synthetics and we believe that someone has created one that uses their personal account to login to their site. Security enforces password changes every x number of days and their password has been changed recently and seems to line up with when their account began being locked out. We believe the synthetic they configured is causing the lockout but don't know the name of it. My question is if there is somewhere in AG logs that will show the synthetic name. If it is logged then I think we will be setting up some log alerting to get notified of this.

 

We do have a fair amount of synthetics so I'm looking for a way to easily know the synthetic name rather than checking ones we think may be the culprit.

5 REPLIES 5

AntonioSousa
DynaMight Guru
DynaMight Guru

Have you tried going the API route?

You should first get the list of all them,
https://www.dynatrace.com/support/help/dynatrace-api/environment-api/synthetic/synthetic-monitors/ge...

then get the properties of each one,

https://www.dynatrace.com/support/help/dynatrace-api/environment-api/synthetic/synthetic-monitors/ge...

and search inside the data collected.

This is also a great way to get backups for all those measurements.

Antonio Sousa

I imagine this would be valid in showing if the username was provided in clear text (not stored in credential vault) but then you would also have to loop through all the configuration. While this could be done, I was hoping to have something logged that can be easily searched an alerted on via a script using cron.

 

In addition to this, looping through with an api doesn't account for synthetics that are using credentials in the credential vault. I imagine this would only tell you the credential name in which case you would then have to issue another call to get details about the specific credential associated with what is being used in the credential. On top of that, you won't be able to see the username associated with that credential, that info is not provided

Since this is being done when you know the user whose account is being locked you could pull all the monitors that have credentials owned by that person. 

https://www.dynatrace.com/support/help/dynatrace-api/environment-api/synthetic/synthetic-monitors/ge...

 

I did exactly that to find a monitor that was causing the exactly issue mentioned on this topic.

To help others, here are the code I used:

 
dannemca@MBP-de-Danne Scripts-API % cat get-synth.sh 
rm -rf http-synthetic-details-all.csv
curl -X GET "https://${tenant}.live.dynatrace.com/api/v1/synthetic/monitors" -H 'Authorization: Api-token ${token}' > sresponse.json
python3 get-synthetic.py > synthetic_all.csv
for i in `cat synthetic_all.csv`
do
    curl -X GET "https://${tenant}.live.dynatrace.com/api/v1/synthetic/monitors/${i}" -H 'Authorization: Api-token ${token}' > allsynth.json 
    echo `python3 get-synthetic-all.py` >> http-synthetic-details-all.csv
done

dannemca@MBP-de-Danne Scripts-API % cat get-synthetic.py
import json

f = open('sresponse.json',)
data = json.load(f)
for i in data['monitors']:
	print(i['entityId'])

dannemca@MBP-de-Danne Scripts-API % cat get-synthetic-all.py
import json

f = open('allsynth.json',)
data = json.load(f)
print(data)

 

Once done, you can just cat http-synthetic-details-all.csv | grep user@id.com.

 

If the user ID is into a credential vault, I think is even easier, since you can just list all the vaults from that user and filter the monitors on the Synthetic list.

Site Reliability Engineer @ Kyndryl

AntonioSousa
DynaMight Guru
DynaMight Guru

So, basically you want to know which monitors use a certain entry in the Vault?

Antonio Sousa