Loggicat solves data leaks by shifting data security left
For Loggicat Watcher
For Loggicat Cloud
- Overview What is Loggicat?
- Why Loggicat Why do I need Loggicat?
- Workflow Some typical Loggicat use cases
- Features Available features
- Integration Integrate Loggicat with popular tools such as Github, Slack
- Important Notes Please read this section before your first login
- Known issues Some known issues and the workarounds
Loggicat provides a solution to data leaks and drastically decrese the detection time for such issues from months to seconds or hours.
There are two components:
- Loggicat Cloud - A SaaS server to store security findings and configurations.
- Loggicat Watcher - Deployed on client machines or build machines to scan code, logs and databases.
- Prevent data leaks : Logs will never contain any sensitive data with Loggicat (code push monitoring will be available in the next releases)
- Seamless integration : Loggicat will not change how you work, it can be used on top of any other tools.
- Another layer of security : Even if you already have an in-house solution or another tool, it is always good to have something else since there might always be some false-negatives cases in the security world
- FREE - Loggicat will be entirely FREE during beta release!
Essentially Loggicat uses a smart engine to detect security issues such as plaintext secrets or PII in given text, so Loggicat can be used under many different circumstances.
Protecting data security in 
Before sending local logs to Splunk, we can now have Loggicat watcher to monitor local logs first and any potential sensitive data will be extracted from the logs and sent to Loggicat Cloud, your splunk logs will always be clean.
Noted : Streaming mode is currentely not supproted. It will be added in the next release.
Protecting data security in 
Jenkins is a very power CI/CD platform especially with a vast number of plugins. However, this also introduces extra risks since a plugin might log sensitive data in plaintext. Loggicat Watcher can be configured in this case to ensure that any job console output and Jenkins logs are clean.
Protecting data security in 
Loggicat watcher can scan local code for potential sensitive data.
Noted : pre-commit-hooks is currentely not supproted. It will be added in the next release. Cloud Git repo scan will also be added.
There are two types of security rules
- Builtin rules :
Pre-defined rules created by Loggicat Engine, users can choose to enable/disable builtin rules.
Builtin rules can be found in "Manage Security Rules" -> "Built-in Security Rules". - Custom rules : When the token/secret you are using is not in the builtin rules, users should reach out to us using the "Contact us" button in the builtin rules tab.
Before new rules are created, users can choose to create some temporary regex rules in "Manage Security Rules" -> Custom Security Rules".
To create such rules, simply create the "Add a new rule" button.
- Enable/Disable a custom rule
- Edit
- Delete
- Add a pattern to always ignore (see AllowLists section)
- Add a pattern to always redact (see AllowLists section)
Loggicat handles false postivies or acceptd risks by using allowlists.
- Ignore list: Accepting the risk, once a keyword/finding is ignored, future matches from the same security rule will be ignored. Ignore should be used on false positives.
- Redact list: Similar to ignore list, future matches to the items on the redact list will not be reported, the finding will be redacted instead. Redact should be used for non false positives.
There are two ways to add a new item to allowlists.
- Added from "Findings", users will not be able to change the keyword in this case
- Added from "Manage Security Rules"
Items added to whitelists can be edited or removed from "Manage Allowlist"
Security findings from both builtin rules and custom rules can be audited/triaged from the "Findings" tab on the sidebar.
Click on a row to expand to view more information
With the Scan Test feature, users are able to try out Loggicat Engine eaisly without setting up the Loggicat Watcher.
Sample text:
this is my line 1
this is my line 2
this is my line 3 but with an AWS access key AKIAIOSFODNN7EXAMPLE
Result:
Noted: nothing will be stored/logged on Loggicat Cloud using Scan Test, so feel free to put some real logs there to see how it works
In order to leverage all features on Loggicat Cloud, a Loggicat Watcher must be used, Watcher Management is to monitor watcher activities and generate refresh tokens.
All tokens/secrets/webhooks mentioned in this section are encrypted on Loggicat Cloud.
Loggicat Cloud will never return plaintext secrets/token back to users, neither from UI or APIs.
Loggicat has integrated Github and Slack, other integrations(including Gitlab, Jira, Jenkins, etc.) are under development and will be released in the future.
Github integration turns logs with sensitive data to the exact code location, this can help developers to fix issues much faster.
Noted that : Github Code search/scan and commit monitoring are not released yet.
In order to use Github integration, a Github Personal Access Token must be created and stored on Loggicat.
Following scopes are required :
- Full access to repos, this is required in order to scan and search in private repos. public_repo if only for public repos
- read:org
Github Tokens should be added from the "Github Integration" tab and a name must be provided.
Once at least one token is added to Loggicat Cloud, now users can go to "Findings" tab and trigger a scan manually.
Noted that : Scans will be triggered automatically for newly added findings.
Users might see following Github search status:
- Not started : A job has been been created, a manual scan might be needed
- Pending : A job has been created and will be triggered soon
- Owner Infomation Found : Search is done and Loggicat has found the owner
- Owner Infomation Not Found : Search is done and Loggicat has not found the owner
- No Github token available : No Github tokens to use
- Invalid Gtihub tokens or Invalid confidence setting : Expired Github tokens
Once the result is ready, users can click on the "Display Owner Information" button(as shown in the previous paragraph) to view owner information.
Confidence is used to measure the accuracy, when the returned infomration seems irrelevant, raise the confidence level. When Loggicat can't find any owner information for many of the findings, try lower the confidence level.
The default confidence is 70% and is configurable in "Github Integration" -> "Github Integration Settings"
With Slack integration, Loggicat Cloud will be able to notify the right person or channel in real time.
- Create a slack app following this guide.
- Once a slack app is created for your workplace, go to "OAuth & Permissions" to create a bot token.
Simply go to "Slack Integration" page.
Users can choose to make the default notification target to either a channel or an user.
noted that the user full name won't work, you will need to either use the email address or the user ID
Messages sent to this channel/user will only contain the number and the categories of findings.
Loggicat Cloud currentely supports 3 types of mappings in "Slack Integration" -> "Slack Integration Settings"
- Repo name to Slack channel/Username : This can be used to notify the owner of a github repo, for example, a github teamA/repo1 should be mapped to a slack channel owned by teamA, so whenever Loggicat finds a vulnerability in that repo, they will be notified ASAP.
- Username to Slack channle/Username : This maps an username on github to an username on slack, so whenever this user commits anything vulnerable, she/he will be notified.
- Hostname to Slack channel/Username : Security findings reported by Loggicat Watcher will always include a hostname, users can choose to use the hostname as a mapping source. For example, teamA owns a build machine jenkinsA so Loggicat will notify the team channel whenever it sees findings from jenkinsA.
note : The first two mappings(repo name and username) will only be triggered with after Github owner search, while the hostname mapping doesn't need Github integration.
Sample message :
- Non-nessccary builtin rules should be disabled to speed up the scan speed, however, generic rules such as "Generic Secrets" should always be enabled.
- Ignore list has higher priority than redact list, so your finding will be ignored if you have the same keyword in both ignore and redact lists, a feature to improve this behavior is under development.
- Please use the "Contact us" button to report any bug or feature request, this is the simplest and most efficient way.
- "Failed to connect to server", try refersh the page or re-login
