Is there a way to catch hold of who is using the login credentials of a web service account?

Suggy
Giga Sage

‎11-16-2022 06:28 AM - edited ‎11-17-2022 12:14 PM

We have integrated ServiceNow instance 'A' with another ServiceNow instance 'B' for Incident sync using Basic Authentication (locally created account in ServiceNow)

 

Issue is - Some times the web service call fails from instance 'B' to instance 'A'.  When we checked the logs, we could see several log entries saying 'Invalid username/password' foe the above account.

 

So looks like someone is purposely trying to use login using wrong credentials and the account is getting locked out.

 

Is there a way to check WHO tried to login using the web service credentials?

 

NOTE - I could see an login attempt entry in 'syslog_transaction' for above web service account. But WHO is that is not shown.

Labels:
0 Helpfuls
  • 719 Views
5 REPLIES 5

m7777
Tera Guru
In response to Suggy

‎11-21-2022 03:03 PM

Can you confirm this from the event log?

It shows the login ID and IP that was attempted.

m7777_0-1669071777695.png

 

0 Helpfuls