System Log API

Overview

Get system logs using the OKTA API.

Configuration

Parameters

Secrets

After entering the required parameters and secrets, you can choose to manually enter the OKTA System Log fields, or simply paste the given YAML:

Toggle this ON to enable a free text field where you can paste your Cortex XDR multi alerts YAML.

withTemporalWindow: true
temporalWindow:
  duration: 5m
  offset: 5m
  tz: UTC
  format: "2006-01-02T15:04:05"
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "webLinking"
  limit: 1000
  request:
    responseType: json
    method: "GET"
    url: "https://${parameters.oktaDomain}/api/v1/logs"
    headers:
      - name: Accept
        value: "application/json"
      - name: Content-Type
        value: "application/json"
      - name: Authorization
        value: "SSWS ${secrets.oktaAuthorization}"
    queryParams:
      - name: since
        value: "${temporalWindow.from}"
      - name: until
        value: "${temporalWindow.to}"
  output:
    select: "."
    map: "."
    outputMode: "element"

This HTTP Pull Listener now uses the data export API to extract events.

Click Create labels to move on to the next step and define the required Labels if needed.

Last updated

Was this helpful?