Okta integration with Sentinel

Occasional Contributor

Has anyone had any experience with getting Okta events ingesting into Sentinel? 

5 Replies

@Dev_Choudhary Have you had a chance to look at the Okta integration information here?

 

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-syslog-cef-logstash-and-other-3...

Hey @rodtrent 

 

Thanks for sharing this. Initially I was looking for some connector but Now I have configured the logstash and able to ingest the okta events.

@Dev_Choudharycan you please share insights in how to configure this integration? We are stuck on getting the "gem" plugins to install in logstash. Thank you so much, John (@ howdy @rodtrent !)

 

Hi @John_Joyner 

 

Please refer below link for okta plugin.

https://rubygems.org/gems/logstash-input-okta_system_log 

 

Install this okta input plugin for Logstash and also install below output plugin for Sentinel 

https://github.com/yokawasa/logstash-output-azure_loganalytics

So appreciate your reply @Dev_Choudhary we know about those two URLs, but are unsuccessful at installing the plugins. The good news is that a recent Playbook was made available with works perfectly and is so simple to get working compared to the logstash method:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/OktaRawLog

#GoServerless!
John