# Asana Logs ## Overview Panther has the ability to fetch Asana audit logs by querying the [Asana Audit Log API](https://asana.com/guide/help/api/audit-log-api). The below steps outline how to connect your Asana logs to the Panther Console. ## How to onboard Asana logs to Panther ### Prerequisites To connect your Asana logs to Panther, you will need: * Your organization's Asana Domain ID * A new Service Account in Asana and its Token ### Configure your Asana log source 1. In the left-hand navigation bar of your Panther Console, click **Configure** > **Log Sources**. 2. Click **Create New**. 3. Search for “Asana,” then click its tile. 4. In the slide-out panel, click **Start Setup**. 5. On the **Configuration** page, enter a descriptive name for the source, e.g., `My Asana logs`. 6. Click **Setup**. 7. Enter the credentials required for the integration. 1. Open a new browser tab and [Sign in](https://app.asana.com/-/login) to your Asana account as an administrator. 2. In the upper-right corner, click your profile picture. Click **Admin Console**, then click **Settings** on the left. 3. At the bottom of the page you'll find the **Domain ID**. Copy and paste it into the **Organization Id** field in Panther. 4. In your Asana account, click **Apps** on the left sidebar. 5. At the bottom of the page, click **Add Service Account** and specify a name. 6. In the **Permission scopes** section, select **Scoped permissions** and check the **Audit Logs** option. Click **Save changes**. 7. Copy the token, then click **Save changes**. 8. Navigate back to the Panther Console and paste the Asana token into the **Service Account Token** field in Panther. 9. Click **Setup**. You will be directed to a success screen:\\

The success screen reads, "Everything looks good! Panther will now automatically pull & process logs from your account"

* You can optionally enable one or more [Detection Packs](https://docs.panther.com/detections/panther-managed/packs). * The **Trigger an alert when no events are processed** setting defaults to **YES**. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.\\

The "Trigger an alert when no events are processed" toggle is set to YES. The "How long should Panther wait before it sends you an alert that no events have been processed" setting is set to 1 Day

## Panther-managed detections See [Panther-managed](https://docs.panther.com/detections/panther-managed) rules for Asana in the [panther-analysis GitHub repository](https://github.com/panther-labs/panther-analysis/tree/master/rules/asana_rules). ## Supported log types ### Asana.Audit The Audit Logs allow you to monitor and act upon critical events in your organization's Asana instance. For more information, see the [Asana Documentation on Audit Log Events.](https://developers.asana.com/docs/audit-log-events) ```yaml schema: Asana.Audit parser: native: name: Asana.Audit fields: - name: gid required: true description: Global unique identifier of the AuditLogEvent. type: string - name: actor required: true description: User that triggered the event. type: object fields: - name: actor_type description: Type of actor. type: string - name: email description: Email of the actor, if it is a user. type: string indicators: - email - name: gid description: Global unique identifier of the actor, if it is a user. type: string - name: name description: Name of the actor, if it is a user. type: string indicators: - username - name: context description: Context from which this event originated. type: object fields: - name: api_authentication_method description: Authentication method used in the context of an API request. type: string - name: client_ip_address description: IP address of the client that initiated the event. type: string indicators: - ip - name: context_type description: Type of context. type: string - name: oauth_app_name description: Name of the OAuth App that initiated the event. type: string - name: user_agent description: User agent of the client that initiated the event. type: string - name: created_at required: true description: The time the event was created. type: timestamp timeFormat: rfc3339 isEventTime: true - name: details description: Event specific details. The schema depends on event type. type: json - name: event_category description: Category that this event type belongs to. type: string - name: event_type required: true description: Type of the event. type: string - name: resource description: The primary object that was affected by this event. type: object fields: - name: email description: The email of the resource, if applicable. type: string indicators: - email - name: gid description: Global unique identifier of the resource. type: string - name: name description: The name of the resource. type: string - name: resource_subtype description: The subtype of resource. type: string - name: resource_type description: The type of resource. type: string ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/data-onboarding/supported-logs/asana.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.