Skip to main content

 

Splunk Lantern

Authentication data

Authentication data refers to the information used to verify the identity of a user, system, application, or device attempting to access a resource or service. Authentication verifies identity, while authorization determines what the authenticated user is allowed to do.

Authentication data is a critical component of security mechanisms, ensuring that only authorized entities can access protected resources. It can include credentials such as passwords, tokens, biometrics, or certificates. It should should never be stored in plaintext. Instead, it should be hashed or encrypted, and transmitted using secure protocols to prevent unauthorized access or interception. Handling authentication data often falls under privacy regulations like GDPR, CCPA, or HIPAA, depending on the context.

Authentication data typically includes:

  • Knowledge-based authentication (something you know)
    • Personal identification number
    • Security questions and answers
    • Username and password
  • Possession-based authentication (something you have)
    • Digital certificates
    • One-time passwords
    • Physical security tokens
    • Smart cards
  • Biometric authentication (something you are)
    • Facial recognition data
    • Fingerprint data
    • Iris or retina scans
    • Voice recognition data
  • Behavioral authentication (something you do)
    • Keystroke patterns
    • Mouse movement or gesture patterns
  • Token-based or cryptographic authentication
    • API keys
    • OAuth access tokens
    • Session tokens
    • SSH keys
  • Multi-factor authentication (MFA)
    • Password + biometric
    • Password + OTP
    • Smart Card + PIN

The Splunk Common Information Model (CIM) add-on contains an Authentication data model with fields that describe login activities from any data source.

Before looking at documentation for specific data sources, review the Splunk Help information on general data ingestion for Splunk Enterprise, Splunk Cloud Platform or Splunk Observability Cloud.