Skip to content

Commit

Permalink
Merge pull request #11528 from idoshabi07/auth0-packaging-solution
Browse files Browse the repository at this point in the history 
adding solution Auth0 for packing new connector
  • Loading branch information
@v-prasadboke
v-prasadboke authored Dec 13, 2024
2 parents 6cc0fed + d58da5e commit d4f0dd2
Show file tree
Hide file tree
Showing 11 changed files with 1,249 additions and 289 deletions.
121 changes: 121 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/DCR.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
{
"name": "Auth0LogsDCR",
"apiVersion": "2021-09-01-preview",
"type": "Microsoft.Insights/dataCollectionRules",
"location": "{{location}}",
"kind": null,
"properties": {
"streamDeclarations": {
"Custom-Auth0Logs": {
"columns": [
{
"name": "date",
"type": "datetime"
},
{
"name": "type",
"type": "string"
},
{
"name": "description",
"type": "string"
},
{
"name": "connection",
"type": "string"
},
{
"name": "connection_id",
"type": "string"
},
{
"name": "client_id",
"type": "string"
},
{
"name": "client_name",
"type": "string"
},
{
"name": "ip",
"type": "string"
},
{
"name": "user_agent",
"type": "string"
},
{
"name": "hostname",
"type": "string"
},
{
"name": "user_id",
"type": "string"
},
{
"name": "user_name",
"type": "string"
},
{
"name": "audience",
"type": "string"
},
{
"name": "scope",
"type": "string"
},
{
"name": "strategy",
"type": "string"
},
{
"name": "strategy_type",
"type": "string"
},
{
"name": "location_info",
"type": "dynamic"
},
{
"name": "details",
"type": "dynamic"
},
{
"name": "log_id",
"type": "string"
},
{
"name": "tenant_name",
"type": "string"
},
{
"name": "isMobile",
"type": "boolean"
}
]
}
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "{{workspaceResourceId}}",
"name": "clv2ws1"
}
]
},
"dataFlows": [
{
"streams": [
"Custom-Auth0Logs"
],
"destinations": [
"clv2ws1"
],
"transformKql": "source| extend TimeGenerated = ['date'] , EventType = type | project-rename Description = description, Connection = connection, ConnectionId = connection_id, ClientId = client_id, ClientName = client_name, SrcIpAddr = ip, HttpUserAgent = user_agent, SrcHostname = hostname, ActorUserId = user_id, ActorUsername = user_name, Audience = audience, Scope = scope, Strategy = strategy, StrategyType = strategy_type, LocationInfo = location_info, Details = details, LogId = log_id, TenantName = tenant_name, IsMobile = isMobile | project-away ['date'], type",
"outputStream": "Custom-Auth0Logs_CL"
}

],
"dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]"
}
}
116 changes: 116 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/DataConnectorDefinition.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
{
"name": "Auth0ConnectorCCPDefinition",
"apiVersion": "2022-09-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"location": "{{location}}",
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
"id": "Auth0ConnectorCCPDefinition",
"title": "Auth0 Logs",
"publisher": "Microsoft",
"descriptionMarkdown": "The [Auth0](https://auth0.com/docs/api/management/v2/logs/get-logs) data connector allows ingesting logs from Auth0 API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses Auth0 API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.",
"graphQueries": [
{
"metricName": "Total logs received",
"legend": "Auth0 Logs",
"baseQuery": "Auth0Logs_CL"
}
],
"sampleQueries": [
{
"description": "Get Sample of Auth0 logs",
"query": "Auth0Logs_CL | take 10"
}
],
"dataTypes": [
{
"name": "Auth0Logs_CL",
"lastDataReceivedQuery": "Auth0Logs_CL\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors",
"value": null
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"tenant": null,
"licenses": null,
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "Read and Write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"read": true,
"write": true,
"delete": true,
"action": false
}
}
]
},
"instructionSteps": [
{
"instructions": [
{
"type": "Markdown",
"parameters": {
"content": "#### STEP 1 - Configuration steps for the Auth0 Management API"
}
},
{
"type": "Markdown",
"parameters": {
"content": "Follow the instructions to obtain the credentials. \n 1. In Auth0 Dashboard, go to [**Applications > Applications**]\n 2. Select your Application. This should be a [**Machine-to-Machine**] Application configured with at least [**read:logs**] and [**read:logs_users**] permissions. \n 3. Copy [**Domain, ClientID, Client Secret**]"
}
},
{
"parameters": {
"label": "Base API URL",
"placeholder": "https://example.auth0.com",
"type": "text",
"name": "Domain"
},
"type": "Textbox"
},
{
"parameters": {
"label": "Client ID",
"placeholder": "Client ID",
"type": "text",
"name": "ClientId"
},
"type": "Textbox"
},
{
"type": "Textbox",
"parameters": {
"label": "Client Secret",
"placeholder": "API Token",
"type": "password",
"name": "ClientSecret"
}
},
{
"parameters": {
"label": "toggle",
"name": "toggle"
},
"type": "ConnectionToggleButton"
}
],
"innerSteps": null
}
],
"isConnectivityCriteriasMatchSome": false
}
}
}
49 changes: 49 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/PollingConfig.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"type": "Microsoft.SecurityInsights/dataConnectors",
"apiVersion": "2021-10-01-preview",
"name": "Auth0Logs",
"location": "{{location}}",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "Auth0ConnectorCCPDefinition",
"dataType": "Auth0Logs_CL",
"auth": {
"type": "OAuth2",
"ClientId": "{{ClientId}}",
"ClientSecret": "{{ClientSecret}}",
"GrantType": "client_credentials",
"TokenEndpoint": "[[concat(parameters('Domain'),'/oauth/token')]",
"TokenEndpointQueryParameters": {
"audience": "[[concat(parameters('Domain'),'/api/v2/')]"
}
},
"request": {
"apiEndpoint": "[[concat(parameters('Domain'),'/api/v2/logs')]",
"headers": {
"Accept": "application/json"
},
"httpMethod": "Get",
"QueryParameters": {
}
},
"response": {
"eventsJsonPaths": [
"$"
],
"format": "json"
},
"dcrConfig": {
"streamName": "Custom-Auth0Logs",
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
},
"Paging": {
"pagingType" : "PersistentToken",
"nextPageParaName" : "from",
"nextPageTokenJsonPath" : "$.[-1:].log_id",
"PageSizeParameterName": "take",
"PageSize": 100
}

}
}
102 changes: 102 additions & 0 deletions Solutions/Auth0/Data Connectors/Auth0_CCP/table.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
{
"name": "Auth0Logs_CL",
"apiVersion": "2021-03-01-privatepreview",
"type": "Microsoft.OperationalInsights/workspaces/tables",
"location": "{{location}}",
"kind": null,
"properties": {
"schema": {
"name": "Auth0Logs_CL",
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "event_date",
"type": "datetime"
},
{
"name": "EventType",
"type": "string"
},
{
"name": "Description",
"type": "string"
},
{
"name": "Connection",
"type": "string"
},
{
"name": "ConnectionId",
"type": "string"
},
{
"name": "ClientId",
"type": "string"
},
{
"name": "ClientName",
"type": "string"
},
{
"name": "SrcIpAddr",
"type": "string"
},
{
"name": "HttpUserAgent",
"type": "string"
},
{
"name": "SrcHostname",
"type": "string"
},
{
"name": "ActorUserId",
"type": "string"
},
{
"name": "ActorUsername",
"type": "string"
},
{
"name": "Audience",
"type": "string"
},
{
"name": "Scope",
"type": "string"
},
{
"name": "Strategy",
"type": "string"
},
{
"name": "StrategyType",
"type": "string"
},
{
"name": "LocationInfo",
"type": "dynamic"
},
{
"name": "Details",
"type": "dynamic"
},
{
"name": "LogId",
"type": "string"
},
{
"name": "TenantName",
"type": "string"
},
{
"name": "IsMobile",
"type": "boolean"
}
]
}
}
}
Loading

0 comments on commit d4f0dd2

Please sign in to comment.