LoginHistory

Comprehensive audit trail of all login attempts to the system. This entity records every single attempt to access an account, whether successful or failed, providing crucial security information for detecting unauthorized access attempts, brute force attacks, and unusual login patterns. It captures detailed information about each attempt including the IP address, device information, geographic location, and the reason for any failures. Security teams use this data to identify compromised accounts, detect attacks in progress, and help users understand who has accessed their account. It's also valuable for compliance requirements that mandate authentication auditing. Failed attempts can trigger security alerts or automatic account locks.

14 properties

Schema

Properties

Property	Type	Mode	Description	Required
user	User	stored	User account that was attempted to be accessed (null if username doesn't exist)	Optional
username	string	stored	The username that was entered in the login attempt	Required
timestamp	DateTime	stored	Exact time when the login attempt occurred	Required
success	boolean	stored	Whether the login attempt was successful	Required
failureReason	string	enum	Specific reason why the login failed Values: `invalid_credentials, account_locked, account_suspended, account_inactive, mfa_required, mfa_failed, password_expired` Example: `"invalid_credentials"`	Optional
authMethod	string	enum	Authentication method used for this attempt Values: `password, oauth, saml, ldap, mfa, biometric, api_key` Example: `"password"`	Optional
ipAddress	string	stored	IP address from which the login was attempted Example: `"192.168.1.100"`	Optional
userAgent	string	stored	Browser or application identification string	Optional
deviceFingerprint	string	stored	Unique device identifier for tracking	Optional
location	object	stored	Geographic location based on IP address	Optional
riskScore	number	stored	Calculated risk level of this login attempt (0-100)	Optional
riskFactors	string[]	stored	Specific risk indicators detected Example: `["new_device","unusual_location"]`	Optional
sessionId	string	stored	Session ID created if login was successful	Optional
metadata	object	stored	Additional context about the login attempt	Optional

Examples

Example 1

{
  "@type": "LoginHistory",
  "username": "john.doe",
  "timestamp": "2024-03-15T10:00:00Z",
  "success": true,
  "authMethod": "password",
  "ipAddress": "192.168.1.100",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0",
  "deviceFingerprint": "device_abc123",
  "location": {
    "country": "United States",
    "city": "New York",
    "coordinates": {
      "lat": 40.7128,
      "lon": -74.006
    }
  },
  "riskScore": 5,
  "riskFactors": [],
  "sessionId": "sess_xyz789",
  "metadata": {
    "loginPage": "/login",
    "referrer": "/home"
  }
}

Example 2

{
  "@type": "LoginHistory",
  "username": "admin@company.com",
  "timestamp": "2024-03-15T14:30:00Z",
  "success": false,
  "failureReason": "mfa_failed",
  "authMethod": "password",
  "ipAddress": "203.0.113.42",
  "userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0) Mobile/15E148",
  "location": {
    "country": "China",
    "city": "Beijing"
  },
  "riskScore": 85,
  "riskFactors": [
    "unusual_location",
    "vpn_detected",
    "multiple_failed_attempts",
    "impossible_travel"
  ],
  "metadata": {
    "vpnProvider": "NordVPN",
    "attemptNumber": 3,
    "timeSinceLastAttempt": 30
  }
}