Query List of Sign-in IPs

Query List of Sign-in IPs automates the retrieval of login event data from the last 24 hours, consolidating information from multiple sources into a single CSV file. It removes duplicate IP entries and sends the processed data via email, ensuring users receive a clear and concise report of authentication activities without redundancy.

7/8/2025
14 nodes
Medium
manualmediumsticky noteremoveduplicatesmovebinarydataconverttofileformtriggeradvancedapiintegrationfilesstorage
Categories:
Manual TriggeredMedium Workflow
Integrations:
Sticky NoteRemoveDuplicatesMoveBinaryDataConvertToFileFormTrigger

Target Audience

This workflow is designed for IT administrators, security analysts, and compliance officers who need to monitor and report on user login activities across their organizations. It is particularly useful for those working in environments that require detailed auditing of authentication events to ensure security and compliance with regulations.

Problem Solved

This workflow addresses the challenge of tracking and reporting user login activities across multiple platforms. By aggregating login events from various sources, it helps identify potential security threats, such as unauthorized access attempts, and provides a comprehensive report of user activity over the last 24 hours without duplicates.

Workflow Steps

  • Form Trigger: The process begins when a user fills out a form to request a sign-in CSV report, providing their name, email, and API key.
    2. Set Variables: The workflow sets the date for the last 24 hours and stores user inputs for later use.
    3. Fetch Events: It retrieves successful login events, OAuth authentication events, and Office365 shell login events from the API, ensuring all relevant data is collected.
    4. Combine Events: The workflow merges all authentication events into a single dataset for easier processing.
    5. Filter Data: The data is filtered to include only relevant fields such as user names, IPs, and locations.
    6. Remove Duplicates: Duplicate IP entries are removed to ensure the report is concise and accurate.
    7. Convert to CSV: The filtered data is then converted into a CSV format for easy readability.
    8. Convert to Base64: The CSV file is converted to Base64 encoding for secure email transmission.
    9. Send Email: Finally, the workflow sends an email with the attached CSV report to the user, notifying them that their request has been completed.
  • Customization Guide

    Users can customize this workflow by:
    - Modifying the form fields to collect additional information or change the required fields.
    - Adjusting the API endpoints in the HTTP request nodes to target different data sources or time frames.
    - Changing the email content in the SMTP2Go node to personalize messages sent to users.
    - Adding or removing nodes based on specific requirements, such as integrating additional data processing or storage solutions.