System Log API
Overview
Get system logs using the OKTA API.
Configuration
Parameters

Secrets

After entering the required parameters and secrets, you can choose to manually enter the OKTA System Log fields, or simply paste the given YAML:
Toggle this ON to enable a free text field where you can paste your Cortex XDR multi alerts YAML.
withTemporalWindow: true
temporalWindow:
duration: 5m
offset: 5m
tz: UTC
format: "2006-01-02T15:04:05"
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
paginationType: "webLinking"
limit: 1000
request:
responseType: json
method: "GET"
url: "https://${parameters.oktaDomain}/api/v1/logs"
headers:
- name: Accept
value: "application/json"
- name: Content-Type
value: "application/json"
- name: Authorization
value: "SSWS ${secrets.oktaAuthorization}"
queryParams:
- name: since
value: "${temporalWindow.from}"
- name: until
value: "${temporalWindow.to}"
output:
select: "."
map: "."
outputMode: "element"
This HTTP Pull Listener now uses the data export API to extract events.
Click Create labels to move on to the next step and define the required Labels if needed.
Last updated
Was this helpful?