Collect data from OKTA

Overview

Get system logs using the OKTA API.

Configuration

Parameters

parameters.mydomain will store the value of the API URL, excluding the endpoint paths like or /api/v1/logs

Secrets

Auth Token (OktaAuthorization)

To add a Secret, open the Secret fields and click New secret:

Give the secret a Name.
Turn off the Expiration date option.
Click Add new value and paste the secret corresponding to the value.
Click Save.

Learn more about secrets in Onum in this article.

You can now select the secret you just created in the corresponding fields.

After entering the required parameters and secrets, you can choose to manually enter the OKTA System Log fields, or simply paste the given YAML:

Toggle this ON to enable a free text field where you can paste your YAML.

withTemporalWindow: true
temporalWindow:
  duration: 5m
  offset: 5m
  tz: UTC
  format: "2006-01-02T15:04:05"
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "webLinking"
  limit: 1000
  request:
    responseType: json
    method: "GET"
    url: "https://${parameters.mydomain}/api/v1/logs"
    headers:
      - name: Accept
        value: "application/json"
      - name: Content-Type
        value: "application/json"
      - name: Authorization
        value: "SSWS ${secrets.OktaAuthorization}"
    queryParams:
      - name: since
        value: "${temporalWindow.from}"
      - name: until
        value: "${temporalWindow.to}"
  output:
    select: "."
    map: "."
    outputMode: "element"

This HTTP Pull Listener now uses the data export API to extract events.

Click Create labels to move on to the next step and define the required Labels if needed.

PreviousEvent NextCollect data from Palo Alto products

Last updated 24 days ago

Was this helpful?

Good morning

Collect data from OKTA

Overview

Configuration

Parameters

Secrets

Enumeration Phase

Collection Phase