Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Apono outbound webhooks integrations with Logs and Security information and event management tools
Create an outgoing webhook to send logs to Datadog triggered by Apono access request events
Datadog monitors your servers, databases, tools, and services, through a SaaS-based data analytics platform.
This guide shows you how to configure and test outbound webhooks for Datadog.
Follow these steps to configure a webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
The webhook URL must adhere to the following requirements:
Uses the HTTPS protocol
Does not specify any custom ports
In the Body Template field, paste the following JSON body for the webhook payload. Replace LOGS_TAGS with a comma-separated list of tags you want to associate with your logs. For example env:staging,version:5.1.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
For Headers, enter the following authorization headers. Replace the placeholder values with the API key and key ID that you .
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to .
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request logs will be sent to Datadog based on the triggers you have selected.
From the Method dropdown menu, select POST.
For the webhook URL, enter https://<DATADOG_LOG_COLLECTOR_URL>/api/v2/logs.
Be sure to replace <DATADOG_LOG_COLLECTOR_URL> with your Datadog organization location. For example, for the US5 region, enter: https://http-intake.logs.us5.datadoghq.com
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
Datadog API key
Key for accessing the Datadog REST API
DD-API-KEY
<API KEY>
DD-APPLICATION-KEY
<KEY ID>
[
{
"ddsource": "apono",
"ddtags": "<LOGS_TAGS>",
"hostname": "apono",
"message": "{ "event_type": "{{ event_type }}", "event_time": "{{ event_time }}", "id": "{{ data.id }}", "friendly_id": "{{ data.friendly_id }}", "requester_id": "{{ data.requester.id }}", "requester_name": "{{ data.requester.name }}", "requester_email": "{{ data.requester.email }}", "justification": "{{ data.justification }}", "creation_date": "{{ data.creation_date }}", "access_flow_id": "{{ data.access_flow.id }}", "access_flow_name": "{{ data.access_flow.name }}", "access_bundle_id": "{{ data.access_bundle.id }}", "access_bundle_name": "{{ data.access_bundle.id }}", "access_groups_integration_name": "{{ data.access_groups.[0].integration.name }}", "access_groups_integration_type": "{{ data.access_groups.[0].integration.type }}"}",
"alert_type": "info",
"service": "apono"
}
]Create an outgoing webhook to send logs to Coralogix triggered by Apono access request events.
Coralogix is a log analytics platform that uses machine learning and real-time streaming to provide insights into log data, helping with monitoring, troubleshooting, and optimization. It offers features like dynamic data parsing, alerting, and anomaly detection, allowing teams to efficiently manage and analyze large volumes of log data. Coralogix is known for its scalability and robust analytics capabilities.
Use the instructions in to create a Coralogix incoming webhook, to generate a webhook URL to connect Apono to Coralogix.
Follow these steps to configure a webhook:
On the Webhooks page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active.
From the Method dropdown menu, select POST.
In the URL field, enter https://<GENERATED_INCOMING_WEBHOOK_URL>.
Be sure to replace <GENERATED_INCOMING_WEBHOOK_URL> with the Coralogix incoming webhook URL.
The webhook URL must adhere to the following requirements:
Uses the HTTPS protocol
Does not specify any custom ports
In the Body Template field, construct a JSON body for the webhook payload.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the Webhook Payload Schema Reference to read the descriptions of each data field.
Under Headers, use the following Key and Value to set the header. Be sure to replace <API_KEY> with the Coralogix API key.
Authorization
Bearer <API_KEY>
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with $.data., enter the Json Path of the JSON parameter.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to troubleshoot your webhook.
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request logs will be sent to Coralogix based on the triggers you have selected.
Your webhook should now start sending new logs to Coralogix once triggered:
Create Generic Incoming Webhook for the Apono app
Create an outgoing webhook to send events to Splunk triggered by Apono access request events
{
"alias":"apono-webhook",
"integration_type_fields":"{"event_type": "{{ event_type }}", "event_time": "{{ event_time }}", "id": "{{ data.id }}", "friendly_id": "{{ data.friendly_id }}", "requester_id": "{{ data.requester.id }}", "requester_name": "{{ data.requester.name }}", "requester_email": "{{ data.requester.email }}", "justification": "{{ data.justification }}", "creation_date": "{{ data.creation_date }}", "access_flow_id": "{{ data.access_flow.id }}", "access_flow_name": "{{ data.access_flow.name }}", "access_bundle_id": "{{ data.access_bundle.id }}", "access_bundle_name": "{{ data.access_bundle.id }}", "access_groups_integration_name": "{{ data.access_groups.[0].integration.name }}", "access_groups_integration_type": "{{ data.access_groups.[0].integration.type }}"}",
"url":"<https://api.coralogix.us/api/v1/logs>"
}
Follow these steps to configure a webhook:
On the Webhooks page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active.
From the Method dropdown menu, select POST.
For the webhook URL, enter https://<host>:<port>/services/collector.
In the Body Template field, construct a JSON body for the webhook payload.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the Webhook Payload Schema Reference to read the descriptions of each data field.
For Headers, use the following Key and Value to set the authorization.
Authorization
Bearer <TOKEN>
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with $.data., enter the Json Path of the JSON parameter.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to troubleshoot your webhook.
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request events will be sent Splunk based on the triggers you have selected.
Create an outgoing webhook to send logs to Logz.io triggered by Apono access request events
Logz.io collects and analyze logs, metrics, and traces, combined with human-powered AI/ML features through a SaaS-based data analytics platform.
Permissions
Logz.io Listener URL location:
Follow these steps to configure an Apono webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
The webhook URL must adhere to the following requirements:
Uses the HTTPS protocol
Does not specify any custom ports
In the Body Template field, construct a JSON body for the webhook payload.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to .
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request logs will be sent to Logz.io based on the triggers you have selected.
Your webhook should now start sending logs to Logz.io in the relevant account once triggered:
{"event": "something happened", "fields": {"severity": "INFO", "category": ["Apono"]}}From the Method dropdown menu, select POST.
In the URL field, enter https://<LISTENER_URL>?token=<LOG_SHIPPING_TOKEN>.
Be sure to replace the <LISTENER_URL> and <LOG_SHIPPING_TOKEN> placeholders.
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
Admin user for Logz.io account
Logz.io log shipping token
Used in shipper configurations to direct data to the relevant Logz.io account. Get your Logz.io log shipping token in the ADMIN ZONE section of the side navigation menu Settings > Manage tokens > Data shipping tokens tab
Logz.io Listener URL
The Listener URL for your account is displayed above the token table.
{"message": "{ "event_type": "{{ event_type }}", "event_time": "{{ event_time }}", "id": "{{ data.id }}", "friendly_id": "{{ data.friendly_id }}", "requester_id": "{{ data.requester.id }}", "requester_name": "{{ data.requester.name }}", "requester_email": "{{ data.requester.email }}", "justification": "{{ data.justification }}", "creation_date": "{{ data.creation_date }}", "access_flow_id": "{{ data.access_flow.id }}", "access_flow_name": "{{ data.access_flow.name }}", "access_bundle_id": "{{ data.access_bundle.id }}", "access_bundle_name": "{{ data.access_bundle.id }}", "access_groups_integration_name": "{{ data.access_groups.[0].integration.name }}", "access_groups_integration_type": "{{ data.access_groups.[0].integration.type }}"}", "type": "Apono"}
Create an outgoing webhook to create incidents on Logpoint triggered by Apono access request events
Logpoint collects real-time data from multiple sources and centralizes it for comprehensive analysis. You can search, analyze, generate reports, detect vulnerabilities, and configure alerts to enhance threat detection capabilities. You can also automate threat response based on specific security incidents.
Logpoint API requires two request parameters:
username, which includes a Logpoint username. Your access control for using the APIs is the same as your user roles in the system
secret_key, which is the access key to uniquely identify you as an authorized user.
Follow these steps to configure a webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to .
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request incident will be created on Logpoint based on the triggers you have selected.
Create an outgoing webhook to send logs to Sumo Logic triggered by Apono access request events
Sumo Logic is a cloud-native, secure, centralized log analytics service that provides insights into logs through pre-built applications, identifying patterns to show outliers in the behaviors of applications and systems.
This guide shows you how to configure and test outbound webhooks for Sumo Logic.
From the Method dropdown menu, select POST.
For the webhook URL, enter https://Logpoint-IP/reopen_incident.
In the Body Template field, construct a JSON body for the webhook payload.
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
{
"username": "<username>",
"secret_key": "<secret_key>",
"requestData": {
"version": "0.1",
"incident_ids": [
"5a62bd8cce983de89085429c",
"5a62bd8cce983de89085429b",
"5a62bd8cce983de89085429e"
]
}
}Set Message Processing to One Message Per Request:
Copy the Apono app collection JSON configuration
Follow these steps to configure a webhook:
On the Webhooks page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active.
From the Method dropdown menu, select POST.
For the webhook URL, enter the HTTP Source Address.
In the Body Template field, paste the for the webhook payload.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the Webhook Payload Schema Reference to read the descriptions of each data field.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filters from the listed dropdown menus.
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with $.data., enter the Json Path of the JSON parameter.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
For more information about the test, click View Invocation Data. A panel opens, revealing the request, response, and other relevant details.
Should your test fail, view these tips to troubleshoot your webhook.
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request logs will be sent to Sumo Logic based on the triggers you have selected.
Your webhook should now start sending new logs to Sumo Logic once triggered:
Send logs to SolarWinds triggered by Apono access requests events
SolarWinds' flagship product, Orion platform, is a comprehensive network management solution offering real-time monitoring and performance optimization for IT infrastructures. It enables IT professionals to quickly identify and resolve issues, optimize resource utilization, and ensure smooth network operation.
Follow these steps to configure a webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
The webhook URL must adhere to the following requirements:
Uses the HTTPS protocol
Does not specify any custom ports
In the Body Template field, construct a JSON body for the webhook payload.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
Under Headers, use the following Key and Value to set the headers. Be sure to replace the <TOKEN> and <X-OTEL-RESOURCE-ATTR> placeholders.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to .
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request logs will be sent to SolarWinds based on the triggers you have selected.
Your webhook should now start sending logs in the webhook SolarWinds account once triggered:
From the Method dropdown menu, select POST.
In the URL field, enter the data source endpoint.
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
SolarWinds Account
Account with the Administrator role
Set up SolarWinds over HTTPS data source
Follow these steps to set up SolarWinds over HTTPS data source:
In SolarWinds Observability, click Add Data at the top.
In the Add Data dialog, click Logs.
Click Manual Configuration.
Create or select an API ingestion token to use when sending your logs by doing either of the following:
Select Generate New Token and enter an Ingestion Token Name, and then click Next.
Select Use Existing Token and select an ingestion token from the list, and then click Next.
Select HTTPS and click Next.
Copy the Endpoint and Token.
Authorization
Bearer <TOKEN>
X-Otel-Resource-Attr
<X-OTEL-RESOURCE-ATTR> This is part of the subdomain of the SolarWinds account preceding cloud.solarwinds.com.
{
"apono_event":"{{event_type}} request event from Apono made by {{data.requester.name}} - {{data.requester.email}}"
}
Create an outgoing webhook to create custom event on Cortex triggered by Apono access request events
Cortex makes it easy for engineering organizations to gain visibility into their services and deliver high quality software.
This guide shows you how to configure and test outbound webhooks for Cortex.
Cortex API key and assigned User role to it. Copy the API key to use it later.
. Use Create an entity manually for Apono access request events.
Follow these steps to configure a webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
For Headers, use the following Key and Value to set the authorization.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to .
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request custom event will be created on Cortex Apono entity based on the triggers you have selected.
From the Method dropdown menu, select POST.
For the webhook URL, enter https://api.getcortexapp.com/api/v1/catalog/<entity-tagOrId>/custom-events.
In the Body Template field, construct a JSON body for the webhook payload.
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
Authorization
Bearer <BASE64-API-KEY>
{
"customData": {...},
"description": "New {{event_type}} request made by {{data.requester.name}}",
"timestamp": "{{event_time}}",
"title": "New {{event_type}} request made by {{data.requester.name}}",
"type": "{{event_type}}"
}
Create an outgoing webhook to create incidents on Sentinel triggered by Apono access request events
Microsoft Sentinel is a scalable, cloud-native security information and event management (SIEM) that delivers an intelligent and comprehensive solution for SIEM and security orchestration, automation, and response (SOAR). Microsoft Sentinel provides cyberthreat detection, investigation, response, and proactive hunting, with a bird's-eye view across your enterprise.
Configure logs ingestion API in Azure Monitor to send Apono's access request events data to a Log Analytics workspace with a REST API by using the following .
You can use the following sample JSON as the table schema file on the parse and filter sample data step:
Azure JWT token.
Get your JWT token using Postman:
Set up the Token Request:
Method:
Microsoft incident creation rule in your Sentinel Analytics.
Microsoft incident creation rule example:
Under General set the following:
Follow these steps to configure a webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
For Headers, use the following Key and Value to set the authorization.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to .
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request incident will be created on Sentinel based on the triggers you have selected.
Your webhook should now start creating new incidents on Sentinel once triggered:
POSTURL: https://login.microsoftonline.com/<TenantId>/oauth2/v2.0/token
Replace TenantId with your Azure AD Tenant ID.
Add the Body parameters:
Go to the Body tab and select x-www-form-urlencoded.
Add the following key-value pairs:
grant_type: client_credentials
client_id: Your application's Client ID.
client_secret: Your application's Client Secret.
scope: https://monitor.azure.com/.default
The scope should target the Azure Monitor API, represented by https://monitor.azure.com/.default.
Send the Request:
Click Send and copy the access_token value. If the credentials are correct, you will receive a response similar to this:
InformationMITRE ATT&CK: T1650 - Acquire Access
Under Set rule logic set the following:
Rule query: <Log-Analytics-table-name>
Custom details:
Alert details:
From the Method dropdown menu, select POST.
For the webhook URL, enter <Data Collection Endpoint URI>/dataCollectionRules/<DCR Immutable ID>/streams/<Stream Name>?api-version=2023-01-01.
In the Body Template field, construct a JSON body for the webhook payload.
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
Authorization
Bearer <JWT-TOKEN>
[
{
"TimeGenerated": "{{event_time}}",
"event_type": "{{event_type}}",
"requester_id": "{{data.requester.id}}",
"requester_name": "{{data.requester.name}}",
"requester_email": "{{data.requester.email}}",
"justification": "{{data.justification}}",
"resource_id": "{{data.access_groups.[0].access_units.[0].resource.type.name}}",
"resource_name": "{{data.access_groups.[0].access_units.[0].resource.name}}",
"permission": "{{data.access_groups.[0].access_units.[0].permission.name}}"
}
][
{
"event_type": "string",
"requester_id": "string",
"requester_name": "string",
"requester_email": "string",
"justification": "string",
"resource_id": "string",
"resource_name": "string",
"permission": "string"
}
]{
"token_type": "Bearer",
"expires_in": 3600,
"ext_expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJI..."
}
Create an outgoing webhook to send logs to New Relic triggered by Apono access request events
New Relic browser monitoring helps you understand website performance and user behavior by monitoring real user data. It tracks page load times, network requests, JavaScript errors, user interactions, and more. Analyzing navigation timing helps you find issues that hurt your web app's performance or backend errors.
New Relic license location:
Follow these steps to configure a webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
The webhook URL must adhere to the following requirements:
Uses the HTTPS protocol
Does not specify any custom ports
In the Body Template field, construct a JSON body for the webhook payload.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
For more information about the test, click View Invocation Data. A panel opens revealing the request, response, and other relevant details.
Should your test fail, view these tips to .
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request logs will be sent to New Relic based on the triggers you have selected.
Your webhook should now start sending logs to New Relic in the relevant account once triggered:
From the Method dropdown menu, select POST.
In the URL field, enter https://log-api.newrelic.com/log/v1?Api-Key=<LICENSE_TOKEN>.
Be sure to replace the <LICENSE_TOKEN> placeholder.
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
Permissions
Admin user for New Relic Admin account
New Relic license token
From New Relic Admin portal click on your user logo on the left navigator bottom and choose API Keys. find your License Key for Account <YOUR_ACCOUNT_ID>, from the ... click on Copy key.
{
"timestamp": {{event_time}},
"attributes": {
"error.message": "New {{event_type}} by {{data.requester.name}} - {{data.requester.email}}",
"user.id": "{{data.requester.id}}",
"transaction.id": "{{event_type}}"
},
"message": "New {{event_type}} by {{data.requester.name}}/{{data.requester.id}} - {{data.requester.email}}, for {{data.access_groups.integration.name}} - {{data.access_groups.resource_types.name}} "
}Create an outgoing webhook to create incidents to Grafana triggered by Apono access request events
Grafana allows you to query, visualize, alert on, and understand your metrics no matter where they are stored. Create, explore, and share dashboards with your team and foster a data-driven culture.
Follow these steps to configure an Apono webhook:
On the page, click Add Webhook. The Add Webhook page appears.
Click Request Webhook.
Enter a unique, alphanumeric, user-friendly Request Webhook Name for identifying this webhook.
Click the Status toggle to Active
The webhook URL must adhere to the following requirements:
Uses the HTTPS protocol
Does not specify any custom ports
In the Body Template field, construct a JSON body for the webhook payload.
Click View event's payload schema to reveal the payload schema and available data fields. You can also refer to the to read the descriptions of each data field.
Under Headers, use the following Key and Value to set the header. Be sure to replace the <INCOMING_WEBHOOK_TOKEN> placeholder.
From the Triggers dropdown menu, select one or more of the following event triggers, which correspond to Apono access request statuses:
RequestCreated
RequestApproved
RequestExpired
(Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.
(Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:
Click + Add. A row of settings appears.
Starting with
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are preceded by a green dot. Inactive webhooks are preceded by a white dot.
Apono access request logs will be sent to Grafana based on the triggers you have selected.
Your webhook should now start creating new incidents to Grafana once triggered:
From the Method dropdown menu, select POST.
In the URL field, enter https://<INCOMING_WEBHOOK_URL>?title=json(title).
Be sure to replace the <INCOMING_WEBHOOK_URL> placeholder.
RequestFailed
RequestGranted
RequestRejected
Under Filters, define one or several filter from the listed dropdown menus.
Open a ticket in Jira or ServiceNow for manually approved requests.
In the Expected Values field, enter a value and press the Enter key on your keyboard.
Repeat step c to add several expected values.
Repeat steps a-d to add multiple response validators.
Click Test to generate a test event to trigger your webhook. A Test successful or Test failed response status will appear at the bottom of the page. A successful test will send mock data to the target system.
Permissions
Admin user for Grafana account
Enable Incoming Webhooks
In the Grafana Incident web app, an admin can go to Integrations to enable incoming webhooks. Installing the Incoming Webhooks integration will generate a token which you will use to authorize the requests.
Go to Alerts & Incidents and under Incident choose Integrations.
Select the Incoming Webhooks integration.
Click Install integration.
Make note of the Token and URL fields as shown below.
Authorization
Bearer <INCOMING_WEBHOOK_TOKEN>
{
"title":"Apono - New {{event_type}} made by {{data.requester.name}}",
"message": {
"shortMessage": "{ "event_type": "{{ event_type }}", "event_time": "{{ event_time }}", "id": "{{ data.id }}", "friendly_id": "{{ data.friendly_id }}", "requester_id": "{{ data.requester.id }}", "requester_name": "{{ data.requester.name }}", "requester_email": "{{ data.requester.email }}", "justification": "{{ data.justification }}", "creation_date": "{{ data.creation_date }}", "access_flow_id": "{{ data.access_flow.id }}", "access_flow_name": "{{ data.access_flow.name }}", "access_bundle_id": "{{ data.access_bundle.id }}", "access_bundle_name": "{{ data.access_bundle.id }}", "access_groups_integration_name": "{{ data.access_groups.[0].integration.name }}", "access_groups_integration_type": "{{ data.access_groups.[0].integration.type }} "}"
}
}
