RSA ID Plus Admin Logs Connector
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | RSAIDPlus_AdmingLogs_Connector |
| Publisher | RSA |
| Used in Solutions | RSAIDPlus_AdminLogs_Connector |
| Collection Method | CCF |
| Connector Definition Files | RSAIDPlus_AdminLogs_ConnectorDefinition.json |
| DCR Definition Files | RSAIDPlus_AdminLogs_DCR.json |
| CCF Configuration | RSAIDPlus_AdminLogs_Poller.json |
| CCF Capabilities | APIKey |
| Microsoft Learn | View on Learn |
The RSA ID Plus AdminLogs Connector provides the capability to ingest Cloud Admin Console Audit Events into Microsoft Sentinel using Cloud Admin APIs.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
RSAIDPlus_AdminLogs_CL |
✗ | ✓ | ✗ |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions:
- Workspace (Workspace): Read and Write permissions are required.
Custom Permissions:
- RSA ID Plus API Authentication: To access the Admin APIs, a valid Base64URL encoded JWT token, signed with the client's Legacy Administration API key is required.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
NOTE: This connector uses Codeless Connector Framework (CCF) to connect to the RSA ID Plus Cloud Admin APIs to pull logs into Microsoft Sentinel.
1. **STEP 1 - Create Legacy Admin API Client in Cloud Admin Console.**
Follow steps mentioned in this page.
2. **STEP 2 - Generate the Base64URL encoded JWT Token.**
Follow the steps mentioned in this page under the header 'Legacy Administration API'.
3. **STEP 3 - Configure the Cloud Admin API to start ingesting Admin event logs into Microsoft Sentinel.**
Provide the required values below:
- Admin API URL: https://
.access.securid.com/AdminInterface/restapi/v1/adminlog/exportLogs - JWT Token: (password field)
4. **STEP 4 - Click Connect**
Verify all the fields above were filled in correctly. Press Connect to start the connector.
- Click 'Connect' to establish connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊