-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Expand file tree
/
Copy pathPingOneAuditLogs__PollingConfig.json
More file actions
53 lines (53 loc) · 1.96 KB
/
PingOneAuditLogs__PollingConfig.json
File metadata and controls
53 lines (53 loc) · 1.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
[
{
"type": "Microsoft.SecurityInsights/dataConnectors",
"apiVersion": "2025-03-01",
"name": "{{innerWorkspace}}/Microsoft.SecurityInsights/PingOneAuditActivitiesPoller_{{environmentId}}",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "PingOneAuditLogsCCPDefinition",
"dataType": "PingOne_AuditActivitiesV2_CL",
"addOnAttributes": {
"EnvironmentId": "[[parameters('environmentId')]"
},
"auth": {
"type": "OAuth2",
"ClientId": "[[parameters('clientId')]",
"ClientSecret": "[[parameters('clientSecret')]",
"grantType": "client_credentials",
"tokenEndpoint": "[[concat('https://auth.',parameters('apidomain'),'/',parameters('environmentId'),'/as/token')]",
"tokenEndpointHeaders": {
"Content-Type": "application/x-www-form-urlencoded"
}
},
"request": {
"apiEndpoint": "[[concat('https://api.', parameters('apidomain'), '/v1/environments/', parameters('environmentId'), '/activities')]",
"httpMethod": "GET",
"queryWindowInMin": 10,
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
},
"queryParameters": {
"filter": "recordedat gt \"{_QueryWindowStartTime}\" and recordedat lt \"{_QueryWindowEndTime}\""
}
},
"response": {
"eventsJsonPaths": [
"$._embedded.activities"
],
"format": "json"
},
"dcrConfig": {
"streamName": "Custom-PingOne_AuditActivitiesV2_CL",
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
},
"paging": {
"pagingType": "LinkHeader",
"linkHeaderTokenJsonPath": "$._links.next.href"
}
}
}
]