InfluxDB is being used for security monitoring at InfluxData, a time series database that efficiently queries data necessary for security investigations, such as who accessed what, from where, and when. The company collects authentication events from Google Workspace audit logging services and uses Telegraf PubSub plugin to collect these events in the future. Data collection involves polling programs or using tools like NodeJS, and data storage is done on InfluxDB Cloud service. A basic information model is used for normalization of collected data, including timestamps, company account IDs, usernames, user IDs, user domains, authentication types, and results. Visualization involves creating dashboards with general usage metrics, success vs. failure counts, account and address cardinality, results over time charts, and a list of authentication event details. The dashboard is built using Flux queries that view unique accounts, authentication attempts, successful and failed attempts, average address cardinality per account, total account cardinality per address, authentication results, and latest authentication events. The company advocates for cloud software vendors to make security events widely available via APIs, especially authentication events, to build trust in their products, as seen in the industry comparison with the car industry where safety features come standard. InfluxDB OSS and Enterprise products produce detailed authorization and activity logs that are available through marketplaces like AWS, Azure, and Google Cloud.