Skip to content

adding solution Auth0 for packing new connector #11528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
v-prasadboke merged 5 commits into from
Dec 13, 2024
Merged

adding solution Auth0 for packing new connector #11528

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
21e8375
adding solution for packing new connector
idoshabi07 Dec 5, 2024
387dc48
parameters corrected
v-prasadboke Dec 13, 2024
006b8f8
Solution packaged
v-prasadboke Dec 13, 2024
c74c619
Update ReleaseNotes.md
v-prasadboke Dec 13, 2024
d58da5e
Merge branch 'master' into pr/11528
v-prasadboke Dec 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
121 changes: 121 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/DCR.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
{
"name": "Auth0LogsDCR",
"apiVersion": "2021-09-01-preview",
"type": "Microsoft.Insights/dataCollectionRules",
"location": "{{location}}",
"kind": null,
"properties": {
"streamDeclarations": {
"Custom-Auth0Logs": {
"columns": [
{
"name": "date",
"type": "datetime"
},
{
"name": "type",
"type": "string"
},
{
"name": "description",
"type": "string"
},
{
"name": "connection",
"type": "string"
},
{
"name": "connection_id",
"type": "string"
},
{
"name": "client_id",
"type": "string"
},
{
"name": "client_name",
"type": "string"
},
{
"name": "ip",
"type": "string"
},
{
"name": "user_agent",
"type": "string"
},
{
"name": "hostname",
"type": "string"
},
{
"name": "user_id",
"type": "string"
},
{
"name": "user_name",
"type": "string"
},
{
"name": "audience",
"type": "string"
},
{
"name": "scope",
"type": "string"
},
{
"name": "strategy",
"type": "string"
},
{
"name": "strategy_type",
"type": "string"
},
{
"name": "location_info",
"type": "dynamic"
},
{
"name": "details",
"type": "dynamic"
},
{
"name": "log_id",
"type": "string"
},
{
"name": "tenant_name",
"type": "string"
},
{
"name": "isMobile",
"type": "boolean"
}
]
}
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "{{workspaceResourceId}}",
"name": "clv2ws1"
}
]
},
"dataFlows": [
{
"streams": [
"Custom-Auth0Logs"
],
"destinations": [
"clv2ws1"
],
"transformKql": "source| extend TimeGenerated = ['date'] , EventType = type | project-rename Description = description, Connection = connection, ConnectionId = connection_id, ClientId = client_id, ClientName = client_name, SrcIpAddr = ip, HttpUserAgent = user_agent, SrcHostname = hostname, ActorUserId = user_id, ActorUsername = user_name, Audience = audience, Scope = scope, Strategy = strategy, StrategyType = strategy_type, LocationInfo = location_info, Details = details, LogId = log_id, TenantName = tenant_name, IsMobile = isMobile | project-away ['date'], type",
"outputStream": "Custom-Auth0Logs_CL"
}

],
"dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]"
}
}
116 changes: 116 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/DataConnectorDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
{
"name": "Auth0ConnectorCCPDefinition",
"apiVersion": "2022-09-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"location": "{{location}}",
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
"id": "Auth0ConnectorCCPDefinition",
"title": "Auth0 Logs",
"publisher": "Microsoft",
"descriptionMarkdown": "The [Auth0](https://auth0.com/docs/api/management/v2/logs/get-logs) data connector allows ingesting logs from Auth0 API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses Auth0 API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.",
"graphQueries": [
{
"metricName": "Total logs received",
"legend": "Auth0 Logs",
"baseQuery": "Auth0Logs_CL"
}
],
"sampleQueries": [
{
"description": "Get Sample of Auth0 logs",
"query": "Auth0Logs_CL | take 10"
}
],
"dataTypes": [
{
"name": "Auth0Logs_CL",
"lastDataReceivedQuery": "Auth0Logs_CL\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors",
"value": null
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"tenant": null,
"licenses": null,
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "Read and Write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"read": true,
"write": true,
"delete": true,
"action": false
}
}
]
},
"instructionSteps": [
{
"instructions": [
{
"type": "Markdown",
"parameters": {
"content": "#### STEP 1 - Configuration steps for the Auth0 Management API"
}
},
{
"type": "Markdown",
"parameters": {
"content": "Follow the instructions to obtain the credentials. \n 1. In Auth0 Dashboard, go to [**Applications > Applications**]\n 2. Select your Application. This should be a [**Machine-to-Machine**] Application configured with at least [**read:logs**] and [**read:logs_users**] permissions. \n 3. Copy [**Domain, ClientID, Client Secret**]"
}
},
{
"parameters": {
"label": "Base API URL",
"placeholder": "https://example.auth0.com",
"type": "text",
"name": "Domain"
},
"type": "Textbox"
},
{
"parameters": {
"label": "Client ID",
"placeholder": "Client ID",
"type": "text",
"name": "ClientId"
},
"type": "Textbox"
},
{
"type": "Textbox",
"parameters": {
"label": "Client Secret",
"placeholder": "API Token",
"type": "password",
"name": "ClientSecret"
}
},
{
"parameters": {
"label": "toggle",
"name": "toggle"
},
"type": "ConnectionToggleButton"
}
],
"innerSteps": null
}
],
"isConnectivityCriteriasMatchSome": false
}
}
}
49 changes: 49 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/PollingConfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"type": "Microsoft.SecurityInsights/dataConnectors",
"apiVersion": "2021-10-01-preview",
"name": "Auth0Logs",
"location": "{{location}}",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "Auth0ConnectorCCPDefinition",
"dataType": "Auth0Logs_CL",
"auth": {
"type": "OAuth2",
"ClientId": "{{ClientId}}",
"ClientSecret": "{{ClientSecret}}",
"GrantType": "client_credentials",
"TokenEndpoint": "[[concat(parameters('Domain'),'/oauth/token')]",
"TokenEndpointQueryParameters": {
"audience": "[[concat(parameters('Domain'),'/api/v2/')]"
}
},
"request": {
"apiEndpoint": "[[concat(parameters('Domain'),'/api/v2/logs')]",
"headers": {
"Accept": "application/json"
},
"httpMethod": "Get",
"QueryParameters": {
}
},
"response": {
"eventsJsonPaths": [
"$"
],
"format": "json"
},
"dcrConfig": {
"streamName": "Custom-Auth0Logs",
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
},
"Paging": {
"pagingType" : "PersistentToken",
"nextPageParaName" : "from",
"nextPageTokenJsonPath" : "$.[-1:].log_id",
"PageSizeParameterName": "take",
"PageSize": 100
}

}
}
102 changes: 102 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/table.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
{
"name": "Auth0Logs_CL",
"apiVersion": "2021-03-01-privatepreview",
"type": "Microsoft.OperationalInsights/workspaces/tables",
"location": "{{location}}",
"kind": null,
"properties": {
"schema": {
"name": "Auth0Logs_CL",
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "event_date",
"type": "datetime"
},
{
"name": "EventType",
"type": "string"
},
{
"name": "Description",
"type": "string"
},
{
"name": "Connection",
"type": "string"
},
{
"name": "ConnectionId",
"type": "string"
},
{
"name": "ClientId",
"type": "string"
},
{
"name": "ClientName",
"type": "string"
},
{
"name": "SrcIpAddr",
"type": "string"
},
{
"name": "HttpUserAgent",
"type": "string"
},
{
"name": "SrcHostname",
"type": "string"
},
{
"name": "ActorUserId",
"type": "string"
},
{
"name": "ActorUsername",
"type": "string"
},
{
"name": "Audience",
"type": "string"
},
{
"name": "Scope",
"type": "string"
},
{
"name": "Strategy",
"type": "string"
},
{
"name": "StrategyType",
"type": "string"
},
{
"name": "LocationInfo",
"type": "dynamic"
},
{
"name": "Details",
"type": "dynamic"
},
{
"name": "LogId",
"type": "string"
},
{
"name": "TenantName",
"type": "string"
},
{
"name": "IsMobile",
"type": "boolean"
}
]
}
}
}
Loading
Loading