-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Expand file tree
/
Copy pathPingOneAuditLogs_DataConnectorDefinition.json
More file actions
121 lines (121 loc) · 3.95 KB
/
PingOneAuditLogs_DataConnectorDefinition.json
File metadata and controls
121 lines (121 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
{
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"apiVersion": "2025-03-01",
"name": "PingOneAuditLogsCCPDefinition",
"location": "{{location}}",
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
"id": "PingOneAuditLogsCCPDefinition",
"title": "Ping One",
"publisher": "Microsoft",
"descriptionMarkdown": "This connector ingests **audit activity logs** from the PingOne Identity platform into Microsoft Sentinel using a codeless connector.",
"graphQueriesTableName": "PingOne_AuditActivitiesV2_CL",
"graphQueries": [
{
"metricName": "Total audit events received",
"legend": "Audit Events",
"baseQuery": "PingOne_AuditActivitiesV2_CL"
}
],
"sampleQueries": [
{
"description": "Get sample audit activity events",
"query": "PingOne_AuditActivitiesV2_CL\n | take 10"
}
],
"dataTypes": [
{
"name": "PingOne_AuditActivitiesV2_CL",
"lastDataReceivedQuery": "PingOne_AuditActivitiesV2_CL\n | where TimeGenerated > ago(12h)\n | summarize Time=max(TimeGenerated)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors"
}
],
"availability": {
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "Read and Write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"read": true,
"write": true,
"delete": false,
"action": false
}
}
]
},
"instructionSteps": [
{
"title": "Connect Ping One connector to Microsoft Sentinel",
"instructions": [
{
"type": "Markdown",
"parameters": {
"content": "Before connecting to PingOne, ensure the following prerequisites are completed. Refer to the [document](https://github.com/v-anjohari/Ping-One-Documentation/blob/main/README.md) for detailed setup instructions, including how to obtain client credentials and the environment ID."
}
},
{
"type": "Markdown",
"parameters": {
"content": "#### 1. Client Credentials \n You'll need client credentials, including your client id and client secret."
}
},
{
"type": "Markdown",
"parameters": {
"content": "#### 2. Environment Id \n To generate token and gather logs from audit activities endpoint"
}
},
{
"type": "Textbox",
"parameters": {
"label": "Client ID",
"placeholder": "Enter ID of the client",
"type": "text",
"name": "clientId",
"required": true
}
},
{
"type": "Textbox",
"parameters": {
"label": "Client Secret",
"placeholder": "Enter your secret key",
"type": "password",
"name": "clientSecret",
"required": true
}
},
{
"type": "Textbox",
"parameters": {
"label": "Environment ID",
"placeholder": "Enter your environment Id ",
"type": "text",
"name": "environmentId",
"required": true
}
},
{
"type": "ConnectionToggleButton",
"parameters": {
"connectLabel": "Connect",
"name": "toggle"
}
}
]
}
]
}
}
}