Mar 30 2020 10:28 PM
Has anyone had any experience with getting Okta events ingesting into Sentinel?
Mar 31 2020 01:51 PM
@Dev_Choudhary Have you had a chance to look at the Okta integration information here?
Apr 08 2020 09:35 PM
Hey @Rod_Trent
Thanks for sharing this. Initially I was looking for some connector but Now I have configured the logstash and able to ingest the okta events.
May 26 2020 10:48 AM - edited May 26 2020 10:49 AM
@Dev_Choudharycan you please share insights in how to configure this integration? We are stuck on getting the "gem" plugins to install in logstash. Thank you so much, John (@ howdy @Rod_Trent !)
May 27 2020 11:01 AM
Hi @John_Joyner
Please refer below link for okta plugin.
https://rubygems.org/gems/logstash-input-okta_system_log
Install this okta input plugin for Logstash and also install below output plugin for Sentinel
https://github.com/yokawasa/logstash-output-azure_loganalytics
May 27 2020 12:35 PM - edited May 29 2020 03:59 PM
So appreciate your reply @Dev_Choudhary we know about those two URLs, but are unsuccessful at installing the plugins. The good news is that a recent Playbook was made available with works perfectly and is so simple to get working compared to the logstash method:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/OktaRawLog