{ "name": "okta", "title": "Okta", "version": "3.14.2", "release": "ga", "description": "Collect and parse event logs from Okta API with Elastic Agent.", "type": "integration", "download": "/epr/okta/okta-3.14.2.zip", "path": "/package/okta/3.14.2", "icons": [ { "src": "/img/okta-logo.svg", "path": "/package/okta/3.14.2/img/okta-logo.svg", "title": "Okta", "size": "216x216", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.19.8 || ^9.2.2" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security", "iam" ], "signature_path": "/epr/okta/okta-3.14.2.zip.sig", "format_version": "3.6.1", "readme": "/package/okta/3.14.2/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/okta-system-screenshot.png", "path": "/package/okta/3.14.2/img/okta-system-screenshot.png", "title": "Okta Dashboard", "size": "1024x662", "type": "image/png" } ], "assets": [ "/package/okta/3.14.2/LICENSE.txt", "/package/okta/3.14.2/changelog.yml", "/package/okta/3.14.2/manifest.yml", "/package/okta/3.14.2/validation.yml", "/package/okta/3.14.2/docs/README.md", "/package/okta/3.14.2/img/okta-logo.svg", "/package/okta/3.14.2/img/okta-system-screenshot.png", "/package/okta/3.14.2/kibana/tags.yml", "/package/okta/3.14.2/data_stream/system/manifest.yml", "/package/okta/3.14.2/data_stream/system/sample_event.json", "/package/okta/3.14.2/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json", "/package/okta/3.14.2/kibana/search/okta-298faf71-d846-4007-9510-4e8ff20aa772.json", "/package/okta/3.14.2/data_stream/system/fields/agent.yml", "/package/okta/3.14.2/data_stream/system/fields/base-fields.yml", "/package/okta/3.14.2/data_stream/system/fields/beats.yml", "/package/okta/3.14.2/data_stream/system/fields/fields.yml", "/package/okta/3.14.2/data_stream/system/agent/stream/httpjson.yml.hbs", "/package/okta/3.14.2/data_stream/system/elasticsearch/ingest_pipeline/default.yml", "/package/okta/3.14.2/data_stream/system/elasticsearch/ingest_pipeline/ecs_category_type.yml", "/package/okta/3.14.2/data_stream/system/elasticsearch/ingest_pipeline/no_use_flattened_debug.yml", "/package/okta/3.14.2/data_stream/system/elasticsearch/ingest_pipeline/use_flattened_debug.yml" ], "policy_templates": [ { "name": "okta", "title": "Okta logs", "description": "Collect logs from Okta", "inputs": [ { "type": "httpjson", "vars": [ { "name": "url", "type": "text", "title": "Okta System Log API URL", "description": "This is the URL of your Okta System Log API. For example, https://dev-123456.okta.com/api/v1/logs.", "multi": false, "required": true, "show_user": true }, { "name": "interval", "type": "text", "title": "Interval", "description": "Interval at which logs are pulled. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "60s" }, { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "Initial Interval for first log pull. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "24h" }, { "name": "api_key", "type": "password", "title": "API Key", "description": "The API Key of your Okta service application.", "multi": false, "required": false, "show_user": true }, { "name": "okta_domain_url", "type": "text", "title": "Okta Domain URL", "description": "The URL of your Okta domain. For example, https://dev-123456.okta.com.", "multi": false, "required": false, "show_user": true }, { "name": "client_id", "type": "text", "title": "Client ID", "description": "The Client ID of your Okta service application.", "multi": false, "required": false, "show_user": true }, { "name": "jwk_json", "type": "password", "title": "JWK JSON", "description": "The private JSON Web Key (JWK) of your Okta service application.\nOnly one of JWK JSON, PEM Encoded Key or JWK File may be used.\n", "multi": false, "required": false, "show_user": true }, { "name": "key_pem", "type": "textarea", "title": "PEM Encoded Key", "description": "The private key of your Okta service application in PEM format.\nOnly one of JWK JSON, PEM Encoded Key or JWK File may be used.\n", "multi": false, "required": false, "show_user": true }, { "name": "jwk_file", "type": "text", "title": "JWK File", "description": "The path to the file containing the private JSON Web Key (JWK) of your Okta service application.\nOnly one of JWK JSON, PEM Encoded Key or JWK File may be used.\n", "multi": false, "required": false, "show_user": true }, { "name": "dpop_key_pem", "type": "textarea", "title": "PEM DPoP Key", "description": "The Demonstrating Proof of Possession key of your Okta service application in PEM format. Only required if DPoP is enabled in Okta.", "multi": false, "required": false, "show_user": true }, { "name": "okta_scopes", "type": "text", "title": "Okta Scopes", "description": "The list of 'okta.*' scopes that your Okta service application has access to.", "multi": true, "required": false, "show_user": true, "default": [ "okta.logs.read" ] }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http\\[s\\]://:@:", "multi": false, "required": false, "show_user": false }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "okta-system" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "remove_flattened_debug", "type": "bool", "title": "Remove flattened debug data", "description": "When set to false, the original `debugContext.debugData` object will be kept in `okta.debug_context.debug_data.flattened`. We recommend turning this on for new installations where nothing depends on `okta.debug_context.debug_data.flattened`.", "multi": false, "required": false, "show_user": false }, { "name": "disable_keep_alive", "type": "bool", "title": "Disable HTTP Keep-Alives", "description": "Controls whether HTTP keep-alives are disabled.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "rate_limit_early_limit", "type": "text", "title": "Rate Limit Early Limit", "description": "Start rate-limiting before reaching the limit specified in the response. Values less than 1 are treated as a percentage of the limit (e.g. 0.9 means 90%). Values greater than or equal to 1 are treated as the target remaining value.", "multi": false, "required": false, "show_user": false }, { "name": "limit", "type": "integer", "description": "Sets the maximum number of results that are returned in the Okta API response. Maximum value is 1000.", "multi": false, "required": false, "show_user": false, "default": 1000 } ], "title": "Collect Okta logs via API", "description": "Collecting logs from Okta via API" } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true, "is_default": true } } } ], "data_streams": [ { "type": "logs", "dataset": "okta.system", "title": "Okta system logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "httpjson", "template_path": "httpjson.yml.hbs", "title": "Okta system logs", "description": "Collect Okta system logs", "enabled": true, "ingestion_method": "API" } ], "package": "okta", "path": "system" } ] }