Asana Logs
Panther supports pulling logs directly from Asana
Panther has the ability to fetch Asana audit logs by querying the Asana Audit Log API. The below steps outline how to connect your Asana logs to the Panther Console.
To connect your Asana logs to Panther, you will need:
- Your organization's Asana Domain ID
- A new Service Account in Asana and its Token
- 1.In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
- 2.Click Create New.
- 3.Search for “Asana,” then click its tile.
- 4.Click Start Setup.
- 5.On the next screen, enter a descriptive name for the source, e.g.,
My Asana logs. - 6.Click Setup.
- 7.Enter the credentials required for the integration.
- 1.
- 2.Click your profile picture at the top right. Click Admin Console and then click Settings on the left.
- 3.At the bottom of the page you'll find the Domain ID. Copy and paste it into the Organization Id field in Panther.
- 4.In your Asana account, click Apps on the left sidebar.
- 5.At the bottom of the page, click Add Service Account and specify a name.
- 6.Copy the token and then click Save changes.
- 8.Navigate back to the Panther Console and paste the Asana token into the Service Account Token field in Panther.
- 9.Click Setup. You will be directed to a success screen:
- The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.
Required fields in the schema are listed as "required: true" just below the "name" field.
The Audit Logs allow you to monitor and act upon critical events in your organization's Asana instance.
schema: Asana.Audit
parser:
native:
name: Asana.Audit
fields:
- name: gid
required: true
description: Global unique identifier of the AuditLogEvent.
type: string
- name: actor
required: true
description: User that triggered the event.
type: object
fields:
- name: actor_type
description: Type of actor.
type: string
- name: email
description: Email of the actor, if it is a user.
type: string
indicators:
- email
- name: gid
description: Global unique identifier of the actor, if it is a user.
type: string
- name: name
description: Name of the actor, if it is a user.
type: string
indicators:
- username
- name: context
description: Context from which this event originated.
type: object
fields:
- name: api_authentication_method
description: Authentication method used in the context of an API request.
type: string
- name: client_ip_address
description: IP address of the client that initiated the event.
type: string
indicators:
- ip
- name: context_type
description: Type of context.
type: string
- name: oauth_app_name
description: Name of the OAuth App that initiated the event.
type: string
- name: user_agent
description: User agent of the client that initiated the event.
type: string
- name: created_at
required: true
description: The time the event was created.
type: timestamp
timeFormat: rfc3339
isEventTime: true
- name: details
description: Event specific details. The schema depends on event type.
type: json
- name: event_category
description: Category that this event type belongs to.
type: string
- name: event_type
required: true
description: Type of the event.
type: string
- name: resource
description: The primary object that was affected by this event.
type: object
fields:
- name: email
description: The email of the resource, if applicable.
type: string
indicators:
- email
- name: gid
description: Global unique identifier of the resource.
type: string
- name: name
description: The name of the resource.
type: string
- name: resource_subtype
description: The subtype of resource.
type: string
- name: resource_type
description: The type of resource.
type: string
Last modified 1mo ago