# Asana Logs

## Overview

Panther has the ability to fetch Asana audit logs by querying the [Asana Audit Log API](https://asana.com/guide/help/api/audit-log-api). The below steps outline how to connect your Asana logs to the Panther Console.

## How to onboard Asana logs to Panther

### Prerequisites

To connect your Asana logs to Panther, you will need:

* Your organization's Asana Domain ID
* A new Service Account in Asana and its Token

### Configure your Asana log source

1. In the left-hand navigation bar of your Panther Console, click **Configure** > **Log Sources**.
2. Click **Create New**.
3. Search for “Asana,” then click its tile.
4. In the slide-out panel, click **Start Setup**.
5. On the **Configuration** page, enter a descriptive name for the source, e.g., `My Asana logs`.
6. Click **Setup**.
7. Enter the credentials required for the integration.
   1. Open a new browser tab and [Sign in](https://app.asana.com/-/login) to your Asana account as an administrator.
   2. In the upper-right corner, click your profile picture. Click **Admin Console**, then click **Settings** on the left.
   3. At the bottom of the page you'll find the **Domain ID**. Copy and paste it into the **Organization Id** field in Panther.
   4. In your Asana account, click **Apps** on the left sidebar.
   5. At the bottom of the page, click **Add Service Account** and specify a name.
   6. In the **Permission scopes** section, select **Scoped permissions** and check the **Audit Logs** option. Click **Save changes**.
   7. Copy the token, then click **Save changes**.
8. Navigate back to the Panther Console and paste the Asana token into the **Service Account Token** field in Panther.
9. Click **Setup**. You will be directed to a success screen:\\

   <figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-e55cedf82c6a6adc66ec5c14ebdcb164c3b1dcca%2FScreenshot%202023-08-03%20at%204.33.30%20PM.png?alt=media" alt="The success screen reads, &#x22;Everything looks good! Panther will now automatically pull &#x26; process logs from your account&#x22;" width="281"><figcaption></figcaption></figure>

   * You can optionally enable one or more [Detection Packs](https://docs.panther.com/detections/panther-managed/packs).
   * The **Trigger an alert when no events are processed** setting defaults to **YES**. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.\\

     <figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-c48119abd559990173004bde99ff4907fdd2ded2%2FScreenshot%202023-08-03%20at%204.26.54%20PM.png?alt=media" alt="The &#x22;Trigger an alert when no events are processed&#x22; toggle is set to YES. The &#x22;How long should Panther wait before it sends you an alert that no events have been processed&#x22; setting is set to 1 Day" width="320"><figcaption></figcaption></figure>

## Panther-managed detections

See [Panther-managed](https://docs.panther.com/detections/panther-managed) rules for Asana in the [panther-analysis GitHub repository](https://github.com/panther-labs/panther-analysis/tree/master/rules/asana_rules).

## Supported log types

### Asana.Audit

The Audit Logs allow you to monitor and act upon critical events in your organization's Asana instance.

For more information, see the [Asana Documentation on Audit Log Events.](https://developers.asana.com/docs/audit-log-events)

```yaml
schema: Asana.Audit
parser:
    native:
        name: Asana.Audit
fields:
    - name: gid
      required: true
      description: Global unique identifier of the AuditLogEvent.
      type: string
    - name: actor
      required: true
      description: User that triggered the event.
      type: object
      fields:
        - name: actor_type
          description: Type of actor.
          type: string
        - name: email
          description: Email of the actor, if it is a user.
          type: string
          indicators:
            - email
        - name: gid
          description: Global unique identifier of the actor, if it is a user.
          type: string
        - name: name
          description: Name of the actor, if it is a user.
          type: string
          indicators:
            - username
    - name: context
      description: Context from which this event originated.
      type: object
      fields:
        - name: api_authentication_method
          description: Authentication method used in the context of an API request.
          type: string
        - name: client_ip_address
          description: IP address of the client that initiated the event.
          type: string
          indicators:
            - ip
        - name: context_type
          description: Type of context.
          type: string
        - name: oauth_app_name
          description: Name of the OAuth App that initiated the event.
          type: string
        - name: user_agent
          description: User agent of the client that initiated the event.
          type: string
    - name: created_at
      required: true
      description: The time the event was created.
      type: timestamp
      timeFormat: rfc3339
      isEventTime: true
    - name: details
      description: Event specific details. The schema depends on event type.
      type: json
    - name: event_category
      description: Category that this event type belongs to.
      type: string
    - name: event_type
      required: true
      description: Type of the event.
      type: string
    - name: resource
      description: The primary object that was affected by this event.
      type: object
      fields:
        - name: email
          description: The email of the resource, if applicable.
          type: string
          indicators:
            - email
        - name: gid
          description: Global unique identifier of the resource.
          type: string
        - name: name
          description: The name of the resource.
          type: string
        - name: resource_subtype
          description: The subtype of resource.
          type: string
        - name: resource_type
          description: The type of resource.
          type: string
```