Forum Discussion

Copper Contributor

Jul 26, 2020

Apply metadata to logs to distinguish source

Hi - I've added two Okta environments to Sentinel but there isnt anything in the log themselves to identify the source environment. Is there not some way in Sentinel to tag some metadata to the log s...

GaryBushey

Bronze Contributor

Jul 26, 2020

shay126 As this connector uses a Function app to make a call to the Okta's System log API and then saves all the information returned into the Log Analytics table, Okta_CL, it appears the only way for this to happen is if there is a way to change what Okta itself pushes to its logs.

I would talk with your Okta Admin or Okta to see if this is possible.

shay126

Copper Contributor

Jul 28, 2020

GaryBushey

Thanks Gary - is there an easy way to confirm both Okta environments are being ingested into Sentinel? I added both but not totally sure how to confirm they are both working...

Shay

GaryBushey
Bronze Contributor
Jul 29, 2020
shay126 Not being an Okta expert I don't know. I don't have access to the table that Okta writes to in order to see what the fields look like.
- shay126
  Copper Contributor
  Jul 29, 2020
  GaryBushey
  
  Thanks for the reply Gary. I think its more of a Sentinel thing though. Ideally under the Sentinel connector it would show its connected to X and Y Okta environments. I did look at logging in the function app and saw it listing an HTTP status of 200... so i think its working...
  - GaryBushey
    Bronze Contributor
    Jul 29, 2020
    shay126 There is nothing (yet) in Azure Sentinel that would do this.