Forum Discussion
Okta integration with Sentinel
Has anyone had any experience with getting Okta events ingesting into Sentinel?
Hey Rod_Trent
Thanks for sharing this. Initially I was looking for some connector but Now I have configured the logstash and able to ingest the okta events.
Dev_Choudharycan you please share insights in how to configure this integration? We are stuck on getting the "gem" plugins to install in logstash. Thank you so much, John (@ howdy Rod_Trent !)
Hi John_Joyner
Please refer below link for okta plugin.
https://rubygems.org/gems/logstash-input-okta_system_log
Install this okta input plugin for Logstash and also install below output plugin for Sentinel
https://github.com/yokawasa/logstash-output-azure_loganalytics
So appreciate your reply Dev_Choudhary we know about those two URLs, but are unsuccessful at installing the plugins. The good news is that a recent Playbook was made available with works perfectly and is so simple to get working compared to the logstash method:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/OktaRawLog
#GoServerless!John