{ "name": "entityanalytics_okta", "title": "Okta Entity Analytics", "version": "3.1.0", "release": "ga", "description": "Collect Identities from Okta with Elastic Agent.", "type": "integration", "download": "/epr/entityanalytics_okta/entityanalytics_okta-3.1.0.zip", "path": "/package/entityanalytics_okta/3.1.0", "icons": [ { "src": "/img/okta-logo.svg", "path": "/package/entityanalytics_okta/3.1.0/img/okta-logo.svg", "title": "Okta Logo", "size": "32x32", "type": "image/svg+xml" }, { "src": "/img/okta-logo-dark.svg", "path": "/package/entityanalytics_okta/3.1.0/img/okta-logo-dark.svg", "title": "Okta Logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "~9.2.6 || ^9.3.1" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security" ], "signature_path": "/epr/entityanalytics_okta/entityanalytics_okta-3.1.0.zip.sig", "format_version": "3.0.2", "readme": "/package/entityanalytics_okta/3.1.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/entityanalytics_okta-user-screenshot.png", "path": "/package/entityanalytics_okta/3.1.0/img/entityanalytics_okta-user-screenshot.png", "title": "Entity Analytics Okta User Dashboard Screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/entityanalytics_okta/3.1.0/LICENSE.txt", "/package/entityanalytics_okta/3.1.0/changelog.yml", "/package/entityanalytics_okta/3.1.0/manifest.yml", "/package/entityanalytics_okta/3.1.0/validation.yml", "/package/entityanalytics_okta/3.1.0/docs/README.md", "/package/entityanalytics_okta/3.1.0/img/entityanalytics_okta-user-screenshot.png", "/package/entityanalytics_okta/3.1.0/img/okta-logo-dark.svg", "/package/entityanalytics_okta/3.1.0/img/okta-logo.svg", "/package/entityanalytics_okta/3.1.0/kibana/tags.yml", "/package/entityanalytics_okta/3.1.0/data_stream/device/manifest.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/manifest.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/routing_rules.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/sample_event.json", "/package/entityanalytics_okta/3.1.0/data_stream/user/manifest.yml", "/package/entityanalytics_okta/3.1.0/kibana/dashboard/entityanalytics_okta-e5242a60-0f35-11ee-8319-1d33c4a0c7ae.json", "/package/entityanalytics_okta/3.1.0/kibana/search/entityanalytics_okta-d4f05110-0f7a-11ee-8319-1d33c4a0c7ae.json", "/package/entityanalytics_okta/3.1.0/data_stream/device/fields/base-fields.yml", "/package/entityanalytics_okta/3.1.0/data_stream/device/fields/beats.yml", "/package/entityanalytics_okta/3.1.0/data_stream/device/fields/ecs.yml", "/package/entityanalytics_okta/3.1.0/data_stream/device/fields/fields.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/fields/base-fields.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/fields/beats.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/fields/ecs.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/fields/fields.yml", "/package/entityanalytics_okta/3.1.0/data_stream/user/fields/base-fields.yml", "/package/entityanalytics_okta/3.1.0/data_stream/user/fields/beats.yml", "/package/entityanalytics_okta/3.1.0/data_stream/user/fields/ecs.yml", "/package/entityanalytics_okta/3.1.0/data_stream/user/fields/fields.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/agent/stream/entity-analytics.yml.hbs", "/package/entityanalytics_okta/3.1.0/data_stream/entity/elasticsearch/ingest_pipeline/default.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/elasticsearch/ingest_pipeline/device.yml", "/package/entityanalytics_okta/3.1.0/data_stream/entity/elasticsearch/ingest_pipeline/user.yml" ], "policy_templates": [ { "name": "entity", "title": "Identities", "description": "Collect identities.", "inputs": [ { "type": "entity-analytics", "title": "Collect identities", "description": "Collecting identities from Okta." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "entityanalytics_okta.device", "title": "Collect Devices Identities logs from Okta", "release": "ga", "package": "entityanalytics_okta", "path": "device" }, { "type": "logs", "dataset": "entityanalytics_okta.entity", "title": "Collect User Identities logs from Okta", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "entity-analytics", "vars": [ { "name": "okta_domain", "type": "text", "title": "Domain", "description": "The URL of your Okta domain. For example, https://dev-123456.okta.com.", "multi": false, "required": true, "show_user": true }, { "name": "okta_token_url", "type": "text", "title": "Token URL", "description": "The URL of your Okta token endpoint. Only required if you are using a custom token endpoint. By default, it is the same as the domain URL with /oauth2/v1/token appended. For example, https://dev-123456.okta.com/oauth2/v1/token.", "multi": false, "required": false, "show_user": false }, { "name": "okta_token", "type": "password", "title": "Okta API Token", "description": "The API Key of your Okta service application. This is required for standard API Key based authentication only.\nDo not use this field if you are using standard OAuth2 authentication or Okta Integration Network (OIN) app authentication.\n", "multi": false, "required": false, "show_user": true }, { "name": "client_id", "type": "text", "title": "Client ID", "description": "The Client ID of your Okta service application.\nThis is required for standard OAuth2 authentication and OIN app authentication.\nDo not use this field if you are using API Key based authentication.\n", "multi": false, "required": false, "show_user": true }, { "name": "client_secret", "type": "password", "title": "Client Secret", "description": "The Client Secret of your Okta service application.\nThis is required for standard OAuth2 authentication and OIN app authentication.\nDo not use this field if you are using API Key based authentication.\n", "multi": false, "required": false, "show_user": true }, { "name": "jwk_json", "type": "password", "title": "JWK JSON", "description": "The private JSON Web Key (JWK) of your Okta service application.\nThis is only required for OAuth2 authentication. Do not use this field if you are using API Key based authentication.\nOnly one of JWK JSON, PEM Encoded Key or JWK File may be used.\n", "multi": false, "required": false, "show_user": true }, { "name": "key_pem", "type": "textarea", "title": "PEM Encoded Key", "description": "The private key of your Okta service application in PEM format.\nThis is only required for OAuth2 authentication. Do not use this field if you are using API Key based authentication.\nOnly one of JWK JSON, PEM Encoded Key or JWK File may be used.\n", "multi": false, "required": false, "show_user": true }, { "name": "jwk_file", "type": "text", "title": "JWK File", "description": "The path to the file containing the private JSON Web Key (JWK) of your Okta service application.\nThis is only required for OAuth2 authentication. Do not use this field if you are using API Key based authentication.\nOnly one of JWK JSON, PEM Encoded Key or JWK File may be used.\n", "multi": false, "required": false, "show_user": true }, { "name": "okta_scopes", "type": "text", "title": "Okta Scopes", "description": "This is the list of 'okta.*' scopes that your Okta service application has access to.\nThis is required for standard OAuth2 authentication and OIN app authentication.\nDo not use this field if you are using API Key based authentication.\n", "multi": true, "required": false, "show_user": true, "default": [ "okta.users.read", "okta.devices.read" ] }, { "name": "dataset", "type": "select", "title": "Okta Dataset", "description": "The dataset to collect from the API. Selecting all or devices requires that the devices API has been activated in Okta. Rate limit information for the user and devices endpoints is available [here](https://developer.okta.com/docs/reference/rl-global-mgmt/). The user data set will be enriched with the users' group memberships via the API's /api/v1/users endpoints, contributing to rate limit budget cost. One request will be made for each user to obtain this enrichment data.", "multi": false, "required": false, "show_user": true, "default": "users" }, { "name": "enrich_user_roles", "type": "bool", "title": "Enrich User Roles", "description": "Enrich user entities with their Okta role data. This allows monitoring of privileged users' actions. Enabling this setting increases the number of requests to the /api/v1/users endpoint, with one request per user, which counts toward your Okta rate limits.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "sync_interval", "type": "text", "title": "Sync Interval", "description": "How often full synchronizations should occur. Must be greater than Update Interval. Expected value is a duration string (15m, 1h, 1m30, etc), defaults to 24h. Supported units for this parameter are h/m/s. Ensure that intervals are consistent with [Okta rate limits](https://developer.okta.com/docs/reference/rl-global-mgmt/).", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "update_interval", "type": "text", "title": "Update Interval", "description": "How often incremental updates should occur. Must be less than Sync Interval. Expected value is a duration string (15m, 1h, 1m30, etc), defaults to 15m. Supported units for this parameter are h/m/s. Ensure that intervals are consistent with [Okta rate limits](https://developer.okta.com/docs/reference/rl-global-mgmt/).", "multi": false, "required": true, "show_user": true, "default": "15m" }, { "name": "id", "type": "text", "title": "Input ID", "description": "Identity Source. Which will be added to every event as a label.", "multi": false, "required": false, "show_user": false }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "entityanalytics_okta-entity" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve entityanalytics_okta.user fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "entity-analytics.yml.hbs", "title": "User Identities logs", "description": "Collect User Identities logs from Okta.", "enabled": false, "ingestion_method": "API" } ], "package": "entityanalytics_okta", "elasticsearch": { "ingest_pipeline.name": "default" }, "path": "entity" }, { "type": "logs", "dataset": "entityanalytics_okta.user", "title": "Collect User Identities logs from Okta", "release": "ga", "package": "entityanalytics_okta", "path": "user" } ] }