Last active
March 27, 2022 12:09
-
-
Save tuckner/5f2caa233c494a29a5fe5c4f18e0cb08 to your computer and use it in GitHub Desktop.
A Tines Story to Grab The Last 90 Days of Okta Logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "schema_version": 4, | |
| "name": "Okta Logging", | |
| "description": "Grab logs from Okta for the past 90 days and upload to AWS S3\n\ntags: AWS, Okta, Logging\ncolor: orange\nicons: ☁️🕵️♂️📘\nvisibility: public", | |
| "guid": "2569d12e6207efe07398ab18b8fe4845", | |
| "exported_at": "2022-03-22T15:30:01Z", | |
| "agents": [ | |
| { | |
| "type": "Agents::HTTPRequestAgent", | |
| "name": "Get Okta Logs", | |
| "disabled": false, | |
| "guid": "fa45d4714cb254d9998674595753ab96", | |
| "options": { | |
| "url": "https://{{.RESOURCE.okta_tenant}}/api/v1/logs", | |
| "content_type": "json", | |
| "method": "get", | |
| "payload": { | |
| "since": "2021-12-01T16:22:18Z", | |
| "until": "{{\"now\" | date: '%s' | minus: 86400 | date: '%Y-%m-%dT%H:%M:%SZ'}}" | |
| }, | |
| "headers": { | |
| "Authorization": "SSWS {{ .CREDENTIAL.okta }}" | |
| } | |
| }, | |
| "schedule": null, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::EventTransformationAgent", | |
| "name": "Extract Next", | |
| "disabled": false, | |
| "guid": "1663a70c6becabecfd6df3e0a5d33974", | |
| "options": { | |
| "mode": "extract", | |
| "matchers": [ | |
| { | |
| "path": "{{.get_okta_logs.headers.link}}", | |
| "regexp": "(, )<(.*?)>; rel=\"next\"", | |
| "to": "link" | |
| } | |
| ] | |
| }, | |
| "schedule": null, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::TriggerAgent", | |
| "name": "If More Logs", | |
| "disabled": false, | |
| "guid": "aed714b056337a4b21b1c004fc08d842", | |
| "options": { | |
| "rules": [ | |
| { | |
| "type": "regex", | |
| "value": "next", | |
| "path": "{{.get_okta_logs.headers.link}}" | |
| } | |
| ] | |
| }, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::HTTPRequestAgent", | |
| "name": "Get Okta Logs", | |
| "disabled": false, | |
| "guid": "6563d81094aaef495e8eb3deeeb42f06", | |
| "options": { | |
| "url": "{{extract_next.link.first.last}}", | |
| "content_type": "json", | |
| "method": "get", | |
| "payload": {}, | |
| "headers": { | |
| "Authorization": "SSWS {{ .CREDENTIAL.okta }}" | |
| } | |
| }, | |
| "schedule": null, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::HTTPRequestAgent", | |
| "name": "Add an Object to an S3 Bucket", | |
| "disabled": false, | |
| "guid": "ba7babb19fcb29047d8e1bc8d80977a9", | |
| "options": { | |
| "url": "https://{{\"okta-logs-jt\"}}.s3.{{\"us-east-1\"}}.amazonaws.com/okta-logs-{{extract_after.link.first.last}}.zip", | |
| "content_type": "application/zip", | |
| "method": "put", | |
| "payload": "{{.get_okta_logs.body | json | zip}}", | |
| "headers": { | |
| "Authorization": "{{.CREDENTIAL.aws}}" | |
| } | |
| }, | |
| "schedule": null, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::EventTransformationAgent", | |
| "name": "Delay Event", | |
| "disabled": false, | |
| "guid": "5cbb7842902b93f8bfc890d1b549228b", | |
| "options": { | |
| "mode": "delay", | |
| "seconds": 1 | |
| }, | |
| "schedule": null, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::EventTransformationAgent", | |
| "name": "Extract After", | |
| "disabled": false, | |
| "guid": "33b723807f37f4751a7d4713ab8c48fd", | |
| "options": { | |
| "mode": "extract", | |
| "matchers": [ | |
| { | |
| "path": "{{.get_okta_logs.headers.link}}", | |
| "regexp": "after=(.*?)>", | |
| "to": "link" | |
| } | |
| ] | |
| }, | |
| "schedule": null, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::TriggerAgent", | |
| "name": "If Next", | |
| "disabled": false, | |
| "guid": "cd27345d5b0697125a25fa988091a3f1", | |
| "options": { | |
| "rules": [ | |
| { | |
| "type": "regex", | |
| "value": "(, )<(.*?)>; rel=\"next\"", | |
| "path": "{{.get_okta_logs.headers.link}}" | |
| } | |
| ] | |
| }, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::HTTPRequestAgent", | |
| "name": "Add an Object to an S3 Bucket", | |
| "disabled": false, | |
| "guid": "28e3daaeb424ceda02a57200763ff504", | |
| "options": { | |
| "url": "https://{{\"okta-logs-example\"}}.s3.{{\"us-east-1\"}}.amazonaws.com/okta-logs-last.zip", | |
| "content_type": "application/zip", | |
| "method": "put", | |
| "payload": "{{.get_okta_logs.body | json | zip}}", | |
| "headers": { | |
| "Authorization": "{{.CREDENTIAL.aws}}" | |
| } | |
| }, | |
| "schedule": null, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::TriggerAgent", | |
| "name": "No Next", | |
| "disabled": false, | |
| "guid": "b5cdbde7d674107055d0d33401c450e9", | |
| "options": { | |
| "rules": [ | |
| { | |
| "type": "!regex", | |
| "value": "(, )<(.*?)>; rel=\"next\"", | |
| "path": "{{.get_okta_logs.headers.link}}" | |
| } | |
| ] | |
| }, | |
| "keep_events_for": 0 | |
| }, | |
| { | |
| "type": "Agents::TriggerAgent", | |
| "name": "No More Logs", | |
| "disabled": false, | |
| "guid": "2a13545aa6df200d0016d346ba6c2e7d", | |
| "options": { | |
| "rules": [ | |
| { | |
| "type": "!regex", | |
| "value": "next", | |
| "path": "{{.get_okta_logs.headers.link}}" | |
| } | |
| ] | |
| }, | |
| "keep_events_for": 0 | |
| } | |
| ], | |
| "diagram_notes": [ | |
| { | |
| "content": "# Run Action\n\nRun the Action `Get Okta Logs` below to kickoff the workflow.", | |
| "position": [ | |
| 285.0, | |
| 270.0 | |
| ], | |
| "guid": "8097acbc3183198de3dc59d82b438827" | |
| }, | |
| { | |
| "content": "# Info Needed\n\n## Okta\n- Create a Resource named `okta_tenant` with the full URL of your Okta tenant\n- Create a Credential named `okta` with your [API token](https://developer.okta.com/docs/guides/create-an-api-token/main/).\n\n## AWS S3\n- Create a bucket in AWS\n- Fill in the bucket name in the Actions \"Add an Object to an S3 Bucket\" replacing the text 'okta-logs-example'\n- Fill in the region that the bucket is located in\n- Create a Credential named `aws` with an IAM key or role that has access to create bucket objects.\n", | |
| "position": [ | |
| 990.0, | |
| 225.0 | |
| ], | |
| "guid": "1dcb5691c21bd269750400f5706177fd" | |
| }, | |
| { | |
| "content": "# Storage Replacement\n\nOther storage providers can be used in place of AWS S3.", | |
| "position": [ | |
| 840.0, | |
| 705.0 | |
| ], | |
| "guid": "b8c13b49154c6af5773ceb221f3707a7" | |
| } | |
| ], | |
| "links": [ | |
| { | |
| "source": 0, | |
| "receiver": 2 | |
| }, | |
| { | |
| "source": 1, | |
| "receiver": 3 | |
| }, | |
| { | |
| "source": 2, | |
| "receiver": 1 | |
| }, | |
| { | |
| "source": 2, | |
| "receiver": 9 | |
| }, | |
| { | |
| "source": 2, | |
| "receiver": 7 | |
| }, | |
| { | |
| "source": 3, | |
| "receiver": 5 | |
| }, | |
| { | |
| "source": 5, | |
| "receiver": 10 | |
| }, | |
| { | |
| "source": 5, | |
| "receiver": 2 | |
| }, | |
| { | |
| "source": 6, | |
| "receiver": 4 | |
| }, | |
| { | |
| "source": 7, | |
| "receiver": 6 | |
| }, | |
| { | |
| "source": 9, | |
| "receiver": 8 | |
| }, | |
| { | |
| "source": 10, | |
| "receiver": 9 | |
| } | |
| ], | |
| "diagram_layout": "{\"fa45d4714cb254d9998674595753ab96\":[345.0,390.0],\"1663a70c6becabecfd6df3e0a5d33974\":[345.0,570.0],\"aed714b056337a4b21b1c004fc08d842\":[345.0,480.0],\"6563d81094aaef495e8eb3deeeb42f06\":[345.0,660.0],\"ba7babb19fcb29047d8e1bc8d80977a9\":[585.0,720.0],\"5cbb7842902b93f8bfc890d1b549228b\":[345.0,735.0],\"33b723807f37f4751a7d4713ab8c48fd\":[585.0,645.0],\"cd27345d5b0697125a25fa988091a3f1\":[585.0,555.0],\"28e3daaeb424ceda02a57200763ff504\":[810.0,630.0],\"b5cdbde7d674107055d0d33401c450e9\":[810.0,555.0],\"2a13545aa6df200d0016d346ba6c2e7d\":[810.0,465.0]}", | |
| "send_to_story_enabled": false, | |
| "entry_agent_guid": null, | |
| "exit_agent_guids": [], | |
| "exit_agent_guid": null, | |
| "send_to_stories": [], | |
| "form": { | |
| "name": "Okta Logging Form", | |
| "description": "", | |
| "fields": [], | |
| "visibility": "tenant", | |
| "agent_guid": null, | |
| "success_message": "Thank you for your submission" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment