Entrust IDaaS 的来源配置
与委托 IDaas 集成
Entrust Identity as a Service(IDaaS)是一个基于云的身份和访问管理(IAM)平台,可提供多重身份验证(MFA)、单点登录(SSO)、基于风险的自适应身份验证以及跨员工、消费者和公民使用案例的全面审计日志记录。CloudWatch 管道使用 Entrust IDaaS 管理 REST API,从 IDaaS 租户检索身份和访问事件。管理 REST API 提供对两个主要日志类别的访问权限:身份验证日志(跨多种事件类型捕获用户身份验证事件,包括 MFA、SSO、SAML、OIDC 和无密码身份验证方法)和管理日志(跟踪在用户、群组、应用程序、令牌和策略等各种实体类型上执行的管理操作和更改)。
使用 Entrust IDaaS 进行身份验证
要读取日志,该管道需要通过 Entrust IDaaS 租户进行身份验证。该插件支持使用 applicationId 和 sharedSecret 进行管理 API 身份验证。
创建管理 API 应用程序
前往 IDaaS 管理门户并导航到“安全”→“应用程序”。
选择“+”,然后从可用应用程序列表中选择“管理 API”。
在“常规”选项卡中,输入应用程序的名称和描述,然后选择“下一步”。
在“设置”选项卡中,为角色分配应用程序所需的权限,然后选择“提交”。Entrust IDaaS 管理 API 需要超级管理员角色才能访问审计日志端点。
在“完成”选项卡中,选择“复制”以复制您的
applicationId和sharedSecret,或下载 JSON 文件。在 AWS Secrets Manager 中创建密钥,将
applicationId存储在client_id键下,将sharedSecret存储在client_secret键下。您的 IDaaS API 基本 URL 是
https://<hostname>,其中可从凭证获取hostname(例如https://entrust.us.trustedauth.com)。
配置 CloudWatch 管道
要将管道配置为从 Entrust IDaaS 读取审计日志,请选择 entrust_idaas 作为数据来源。填写所需信息,例如您的租户 hostname 以及存储 client_id 和 client_secret 的凭证的 AWS Secrets Manager 密钥 ARN。创建管道后,数据将在选定的 CloudWatch Logs 日志组中可用。
支持的开放式网络安全架构框架事件类
此集成支持 OCSF 架构版本 1.5.0 和映射到“身份验证”(3002)和“实体管理”(3004)的事件。
身份验证包含以下事件:
AuthenticationAdminApiSuccessEvent
AuthenticationDeniedEvent
AuthenticationExternalSecondFactorBypassEvent
AuthenticationExternalSuccessEvent
AuthenticationFaceSuccessEvent
AuthenticationFidoSuccessEvent
AuthenticationFirstFactorExternalSuccessEvent
AuthenticationFirstFactorIdpSuccessEvent
AuthenticationFirstFactorPasswordSuccessEvent
AuthenticationGridSuccessEvent
AuthenticationGridWithTempAccessCodeSuccessEvent
AuthenticationIdpSuccessEvent
AuthenticationKbaSuccessEvent
AuthenticationLockedEvent
AuthenticationMagicLinkSuccessEvent
AuthenticationOtpCreatedEvent
AuthenticationOtpEmailSentEvent
AuthenticationOtpNoCreditEvent
AuthenticationOtpSentToAllEvent
AuthenticationOtpSmsSentEvent
AuthenticationOtpSuccessEvent
AuthenticationOtpUnavailableEvent
AuthenticationOtpVoiceSentEvent
AuthenticationOtpWithTempAccessCodeSuccessEvent
AuthenticationPasskeySuccessEvent
AuthenticationPasswordSuccessEvent
AuthenticationSecondFactorFaceSuccessEvent
AuthenticationSecondFactorFIDOSuccessEvent
AuthenticationSecondFactorGridSuccessEvent
AuthenticationSecondFactorGridWithTempAccessCodeSuccessEvent
AuthenticationSecondFactorKbaSuccessEvent
AuthenticationSecondFactorMagicLinkSuccessEvent
AuthenticationSecondFactorOtpSuccessEvent
AuthenticationSecondFactorOtpWithTempAccessCodeSuccessEvent
AuthenticationSecondFactorSmartCredentialPushSuccessEvent
AuthenticationSecondFactorTempAccessCodeSuccessEvent
AuthenticationSecondFactorTokenSuccessEvent
AuthenticationSecondFactorTokenWithTempAccessCodeSuccessEvent
AuthenticationSecondFactorUserCertificateSuccessEvent
AuthenticationSmartCredentialPushSuccessEvent
AuthenticationSmartLoginSuccessEvent
AuthenticationTempAccessCodeSuccessEvent
AuthenticationTokenPushSuccessEvent
AuthenticationTokenSuccessEvent
AuthenticationTokenWithTempAccessCodeSuccessEvent
AuthenticationUserCertificateSuccessEvent
MachineLockedEvent
OidcAuthenticationFailedEvent
OidcAuthenticationSuccessEvent
SamlAuthenticationFailedEvent
SamlAuthenticationSuccessEvent
UserPasswordChangeFailedEvent
UserPasswordChangeLockedEvent
UserStepUpAuthenticationSuccessEvent
VerificationDeniedEvent
VerificationIdpSuccessEvent
实体管理包含以下事件:
ACTIVESYNC
AD_CONNECTOR_DIRECTORIES
AGENTS
APPLICATIONS
ARCHIVES
AUTHENTICATIONFLOWS
AUTHORIZATIONGROUPS
AZURE_DIRECTORIES
BLACKLISTEDPASSWORDS
BULKENROLLMENTS
BULKGROUPS
BULKHARDWARETOKENS
BULKIDENTITYGUARD
BULKSMARTCARDS
BULKUSERS
CAS
CERTIFICATES
CLAIMS
CONTACTVERIFICATION
CONTEXTRULES
CREATETENANT
CREDENTIALDESIGNS
CUSTOMIZATIONVARIABLES
DIGITALIDCERTIFICATES
DIGITALIDCONFIGCERTTEMPS
DIGITALIDCONFIGS
DIGITALIDCONFIGSAN
DIGITALIDCONFIGVARIABLES
DIRECTORIES
DIRECTORYATTRIBUTES
DIRECTORYCONNECTIONS
DIRECTORYPASSWORD
DIRECTORYSEARCHATTRIBUTES
DIRECTORYSYNC
DOMAINCONTROLLERCERTS
EMAILTEMPLATES
EMAILVARIABLES
ENROLLMENTDESIGNS
ENROLLMENTS
ENTITLEMENTS
EXPECTEDLOCATIONS
EXPORTREPORTS
FACE
FIDOTOKENS
GATEWAYCSRS
GATEWAYS
GRIDCONTENTS
GRIDS
GROUPPOLICIES
GROUPS
HIGH_AVAILABILITY_GROUPS
HOSTNAMESETTINGS
IDENTITYPROVIDERS
IDPROOFING
IDPROOFINGLICENSE
INTELLITRUSTDESKTOPS
IPLISTS
ISSUANCE
MAGICLINKCONTENTS
MAGICLINKS
OAUTHROLES
ORGANIZATIONS
OTPPROVIDERS
OTPS
PIVCONTENTSIGNER
PKIAASCREDENTIALS
POLICYOVERRIDE
PREFERREDOTPPROVIDERS
PRINTERS
PUSHCREDENTIALS
QUESTIONS
RATELIMITING
REPORTS
RESOURCESERVERAPIS
RESOURCESERVERSCOPES
RISKENGINES
ROLES
SCDEFNPIVAPPLETCONFIGS
SCDEFNS
SCDEFNVARIABLES
SCHEDULEDTASKS
SCIMPROVISION
SENDAZUREAD
SENDEMAIL
SENDSCIM
SERVICEPROVIDERACCOUNTS
SERVICEPROVIDERS
SETTINGS
SMARTCARDS
SMARTCREDENTIALS
SMARTCREDENTIALSSIGNATURE
SPCLIENTCREDENTIALS
SPENTITLEMENTS
SPIDENTITYPROVIDERS
SPMANAGEMENTPLATFORM
SPROLES
SPUSERMGMT
SUBSCRIBERS
TEMPACCESSCODECONTENTS
TEMPACCESSCODES
TEMPLATES
TENANTS
TOKENACTIVATIONCONTENTS
TOKENS
TRANSACTIONITEMS
TRANSACTIONRULES
USERATTRIBUTES
USERATTRIBUTEVALUES
USERKBACHALLENGES
USERLOCATIONS
USERMACHINES
USEROAUTHTOKENS
USERPASSWORDS
USERQUESTIONANSWERS
USERQUESTIONS
USERBASETTINGS
USERS
USERSITEROLES
USERSPROLES
WORDSYNONYMS
