Tines Logs
Panther supports pulling logs directly from Tines
Panther can fetch Tines logs by querying the Tines API. Specifically, Panther pulls Tines Audit logs, by querying the Audit logs API.
To set up Tines as a log source in Panther, you'll need to generate a Tines API key that Panther can use to access your Tines instance, then set up Tines as a log source in Panther.
- 2.Copy the API key and store it in a secure location, as you will need it to create the log source in Panther.
- 1.In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
- 2.Click Create New.
- 3.Select Tines from the list of available log sources. Click Start Source Setup.
- 4.On the next screen, enter a descriptive name for the source, e.g.,
My Tines Audit logs
. - 5.Click Setup.
- 6.On the Set Credentials page, fill in the form:
- Tines Domain: Enter your Tines tenant domain. As Tines's documentation outlines, Cloud deployments of Tines will have a domain similar to either
adjective-noun-1234.tines.io
oradjective-noun-1234.tines.com
- API Key: Enter the Tines API key you generated in the previous step of this documentation.
- 7.Click Setup. You will be directed to a success screen:
- The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.
Required fields in the schema are listed as "required:true" just below the "name" field.
These are audit logs of events in a Tines tenant. For more information, see Tines's Audit logs documentation.
schema: Tines.Audit
description: Audit logs from the Tines Audit Logs API
referenceURL: https://www.tines.com/api/audit-logs
fields:
- name: created_at
required: true
description: The date/time at which the audit log was created.
type: timestamp
timeFormats:
- rfc3339
isEventTime: true
- name: id
description: The ID of the audit log.
type: int
- name: inputs
description: JSON Inputs passed to the operation.
type: json
- name: operation_name
required: true
description: The name of the operation.
type: string
- name: request_ip
required: true
description: The IP Address the operation was triggered from.
type: string
indicators:
- ip
- name: request_user_agent
description: The user agent that the operation was triggered with.
type: string
- name: tenant_id
required: true
description: The ID of the tenant the operation was triggered on.
type: string
- name: user_email
description: The email of the user who triggered the operation.
type: string
indicators:
- email
- name: user_id
required: true
description: The ID of the user who triggered the operation.
type: string
- name: user_name
description: The name of the user who triggered the operation.
type: string
indicators:
- username
Last modified 24d ago