Forum Discussion
Apply metadata to logs to distinguish source
Hi - I've added two Okta environments to Sentinel but there isnt anything in the log themselves to identify the source environment. Is there not some way in Sentinel to tag some metadata to the log so you can identify the source environment when you have multiples using the same connector?
On a side note, I just see in Sentinel that the Okta connector is "connected", not even totally sure how to confirm logs from both are being ingested.
Thanks in advance.
- GaryBusheyBronze Contributor
shay126 As this connector uses a Function app to make a call to the Okta's System log API and then saves all the information returned into the Log Analytics table, Okta_CL, it appears the only way for this to happen is if there is a way to change what Okta itself pushes to its logs.
I would talk with your Okta Admin or Okta to see if this is possible.
- shay126Copper Contributor
Thanks Gary - is there an easy way to confirm both Okta environments are being ingested into Sentinel? I added both but not totally sure how to confirm they are both working...
Shay
- GaryBusheyBronze Contributor
shay126 Not being an Okta expert I don't know. I don't have access to the table that Okta writes to in order to see what the fields look like.