Asana Logs

Panther supports pulling logs directly from Asana

Overview

Panther has the ability to fetch Asana audit logs by querying the Asana Audit Log API. The below steps outline how to connect your Asana logs to the Panther Console.

How to onboard Asana logs to Panther

Prerequisites

To connect your Asana logs to Panther, you will need:

Your organization's Asana Domain ID
A new Service Account in Asana and its Token

Configure your Asana log source

In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Asana,” then click its tile.
In the slide-out panel, click Start Setup.
On the Configuration page, enter a descriptive name for the source, e.g., My Asana logs.
Click Setup.
Enter the credentials required for the integration.
1. Open a new browser tab and Sign in to your Asana account as an administrator.
2. In the upper-right corner, click your profile picture. Click Admin Console, then click Settings on the left.
3. At the bottom of the page you'll find the Domain ID. Copy and paste it into the Organization Id field in Panther.
4. In your Asana account, click Apps on the left sidebar.
5. At the bottom of the page, click Add Service Account and specify a name.
6. In the Permission scopes section, select Scoped permissions and check the Audit Logs option. Click Save changes.
7. Copy the token, then click Save changes.
Navigate back to the Panther Console and paste the Asana token into the Service Account Token field in Panther.
Click Setup. You will be directed to a success screen:
- You can optionally enable one or more Detection Packs.
- The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.

Panther-managed detections

See Panther-managed rules for Asana in the panther-analysis GitHub repository.

Supported log types

Asana.Audit

The Audit Logs allow you to monitor and act upon critical events in your organization's Asana instance.

For more information, see the Asana Documentation on Audit Log Events.

schema: Asana.Audit
parser:
    native:
        name: Asana.Audit
fields:
    - name: gid
      required: true
      description: Global unique identifier of the AuditLogEvent.
      type: string
    - name: actor
      required: true
      description: User that triggered the event.
      type: object
      fields:
        - name: actor_type
          description: Type of actor.
          type: string
        - name: email
          description: Email of the actor, if it is a user.
          type: string
          indicators:
            - email
        - name: gid
          description: Global unique identifier of the actor, if it is a user.
          type: string
        - name: name
          description: Name of the actor, if it is a user.
          type: string
          indicators:
            - username
    - name: context
      description: Context from which this event originated.
      type: object
      fields:
        - name: api_authentication_method
          description: Authentication method used in the context of an API request.
          type: string
        - name: client_ip_address
          description: IP address of the client that initiated the event.
          type: string
          indicators:
            - ip
        - name: context_type
          description: Type of context.
          type: string
        - name: oauth_app_name
          description: Name of the OAuth App that initiated the event.
          type: string
        - name: user_agent
          description: User agent of the client that initiated the event.
          type: string
    - name: created_at
      required: true
      description: The time the event was created.
      type: timestamp
      timeFormat: rfc3339
      isEventTime: true
    - name: details
      description: Event specific details. The schema depends on event type.
      type: json
    - name: event_category
      description: Category that this event type belongs to.
      type: string
    - name: event_type
      required: true
      description: Type of the event.
      type: string
    - name: resource
      description: The primary object that was affected by this event.
      type: object
      fields:
        - name: email
          description: The email of the resource, if applicable.
          type: string
          indicators:
            - email
        - name: gid
          description: Global unique identifier of the resource.
          type: string
        - name: name
          description: The name of the resource.
          type: string
        - name: resource_subtype
          description: The subtype of resource.
          type: string
        - name: resource_type
          description: The type of resource.
          type: string

PreviousAppOmni Logs NextAtlassian Logs

Last updated 2 months ago

How to onboard Asana logs to Panther

Prerequisites

To connect your Asana logs to Panther, you will need:

Your organization's Asana Domain ID

A new Service Account in Asana and its Token

Configure your Asana log source

In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

Click Create New.

Search for “Asana,” then click its tile.

In the slide-out panel, click Start Setup.

On the Configuration page, enter a descriptive name for the source, e.g., My Asana logs.

Click Setup.

Enter the credentials required for the integration.

Open a new browser tab and Sign in to your Asana account as an administrator.
In the upper-right corner, click your profile picture. Click Admin Console, then click Settings on the left.
At the bottom of the page you'll find the Domain ID. Copy and paste it into the Organization Id field in Panther.
In your Asana account, click Apps on the left sidebar.
At the bottom of the page, click Add Service Account and specify a name.
In the Permission scopes section, select Scoped permissions and check the Audit Logs option. Click Save changes.
Copy the token, then click Save changes.

Navigate back to the Panther Console and paste the Asana token into the Service Account Token field in Panther.

Click Setup. You will be directed to a success screen:

You can optionally enable one or more Detection Packs.
The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.

Supported log types

Asana.Audit

The Audit Logs allow you to monitor and act upon critical events in your organization's Asana instance.

schema: Asana.Audit
parser:
    native:
        name: Asana.Audit
fields:
    - name: gid
      required: true
      description: Global unique identifier of the AuditLogEvent.
      type: string
    - name: actor
      required: true
      description: User that triggered the event.
      type: object
      fields:
        - name: actor_type
          description: Type of actor.
          type: string
        - name: email
          description: Email of the actor, if it is a user.
          type: string
          indicators:
            - email
        - name: gid
          description: Global unique identifier of the actor, if it is a user.
          type: string
        - name: name
          description: Name of the actor, if it is a user.
          type: string
          indicators:
            - username
    - name: context
      description: Context from which this event originated.
      type: object
      fields:
        - name: api_authentication_method
          description: Authentication method used in the context of an API request.
          type: string
        - name: client_ip_address
          description: IP address of the client that initiated the event.
          type: string
          indicators:
            - ip
        - name: context_type
          description: Type of context.
          type: string
        - name: oauth_app_name
          description: Name of the OAuth App that initiated the event.
          type: string
        - name: user_agent
          description: User agent of the client that initiated the event.
          type: string
    - name: created_at
      required: true
      description: The time the event was created.
      type: timestamp
      timeFormat: rfc3339
      isEventTime: true
    - name: details
      description: Event specific details. The schema depends on event type.
      type: json
    - name: event_category
      description: Category that this event type belongs to.
      type: string
    - name: event_type
      required: true
      description: Type of the event.
      type: string
    - name: resource
      description: The primary object that was affected by this event.
      type: object
      fields:
        - name: email
          description: The email of the resource, if applicable.
          type: string
          indicators:
            - email
        - name: gid
          description: Global unique identifier of the resource.
          type: string
        - name: name
          description: The name of the resource.
          type: string
        - name: resource_subtype
          description: The subtype of resource.
          type: string
        - name: resource_type
          description: The type of resource.
          type: string