Skip to content

Entity Analytics Okta: add support for ECS entity fields #18525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
chemamartinez wants to merge 10 commits into
base: main
Choose a base branch
from
Draft

Entity Analytics Okta: add support for ECS entity fields #18525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
90ba735
Add host.os.version field support
chemamartinez Apr 17, 2026
a50575a
Add user.entity.lifecycle.last_activity field support
chemamartinez Apr 17, 2026
f7864e8
Add user.entity.relationships.administered_by field support
chemamartinez Apr 17, 2026
8d4a77d
Add support for factor enrichment
chemamartinez Apr 17, 2026
816bcfc
Add host.entity.attributes.managed field support
chemamartinez Apr 17, 2026
db8da45
Add user.entity.attributes.permissions field support
chemamartinez Apr 17, 2026
c5fa3e7
Add user.entity.relationships.owns field support
chemamartinez Apr 17, 2026
af7f18a
Add user.entity.relationships.supervises field support
chemamartinez Apr 17, 2026
232c1fa
Bump version, constraint and add changelog
chemamartinez Apr 20, 2026
e9505a6
Update changelog
chemamartinez Apr 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions packages/entityanalytics_okta/_dev/deploy/docker/files/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,96 @@ rules:
"href": "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
}
}
},
{
"id": "cr0Yq6IJxGIr0ouum0g3",
"role": "cr0Yq6IJxGIr0ouum0g3",
"label": "Custom role",
"type": "CUSTOM",
"status": "ACTIVE",
"created": "2024-01-15T10:00:00.000Z",
"lastUpdated": "2024-01-15T10:00:00.000Z",
"assignmentType": "USER",
"_links": {
"assignee": {
"href": "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
}
}
}
]
`}}
- path: /api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions
methods: ["GET"]
responses:
- status_code: 200
body: |
{{ minify_json `
{
"permissions": [
{
"label": "okta.users.read",
"created": "2024-01-15T10:00:00.000Z",
"lastUpdated": "2024-01-15T10:00:00.000Z"
},
{
"label": "okta.apps.read",
"created": "2024-01-15T10:00:00.000Z",
"lastUpdated": "2024-01-15T10:00:00.000Z"
}
]
}
`}}
- path: /api/v1/users/00ub0oNGTSWTBKOLGLNR/factors
methods: ["GET"]
responses:
- status_code: 200
body: |
{{ minify_json `
[
{
"id": "ufs2bysphxKODSZKWVCT",
"factorType": "question",
"provider": "OKTA",
"vendorName": "OKTA",
"status": "ACTIVE",
"created": "2014-04-15T18:10:06.000Z",
"lastUpdated": "2014-04-15T18:10:06.000Z",
"profile": {
"question": "favorite_art_piece",
"questionText": "What is your favorite piece of art?"
}
},
{
"id": "sms2gt8gzgEBPUWBIFHN",
"factorType": "sms",
"provider": "OKTA",
"status": "ACTIVE",
"created": "2014-06-27T20:27:26.000Z",
"lastUpdated": "2014-06-27T20:27:26.000Z",
"profile": {
"phoneNumber": "+1-555-415-1337"
}
}
]
`}}
- path: /api/v1/users/00ub0oNGTSWTBKOLGLNR/devices
methods: ["GET"]
responses:
- status_code: 200
body: |
{{ minify_json `
[
{
"id": "guo4a5uyerdpvAiJT0h7",
"status": "ACTIVE",
"created": "2024-01-01T00:00:00.000Z",
"lastUpdated": "2024-01-01T00:00:00.000Z",
"profile": {
"displayName": "Dave's MacBook Pro",
"platform": "MACOS",
"osVersion": "14.2.1",
"serialNumber": "C02ZW1XKMD6T"
}
}
]
`}}
Expand Down
5 changes: 5 additions & 0 deletions packages/entityanalytics_okta/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.1.0"
changes:
- description: Add support for ECS entity fields.
type: enhancement
link: https://github.com/elastic/integrations/pull/18525
Comment thread
macroscopeapp[bot] marked this conversation as resolved.
- version: "3.0.0"
changes:
- description: |
Expand Down
11 changes: 11 additions & 0 deletions packages/entityanalytics_okta/data_stream/device/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,17 @@
type: keyword
- name: type
type: keyword
- name: host
type: group
fields:
- name: entity
type: group
fields:
- name: attributes
type: group
fields:
- name: managed
type: boolean
- name: device.serial_number
type: keyword
description: The unique serial number serves as a distinct identifier for each device, aiding in inventory management and device authentication.
29 changes: 29 additions & 0 deletions packages/entityanalytics_okta/data_stream/entity/_dev/test/pipeline/test-device.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,35 @@
"ecs": {
"version": "8.0.0"
}
},
{
"@timestamp": "2022-05-14T13:37:20.000Z",
"okta": {
"id": "guo4a5uyerdpvAiJT0h7",
"status": "ACTIVE",
"profile": {
"displayName": "DESKTOP-XXXX",
"platform": "WINDOWS",
"manufacturer": "LENOVO",
"model": "20BH002DUS",
"osVersion": "10.0.19043",
"serialNumber": "1XXXX0X0X",
"registered": true,
"secureHardwarePresent": false,
"diskEncryptionType": "ALL_INTERNAL_VOLUMES",
"managed": true
}
},
"okta_domain": "trial-xxxxxxx-admin.okta.com",
"device": {
"id": "guo4a5uyerdpvAiJT0h7"
},
"input": {
"type": "entity-analytics"
},
"ecs": {
"version": "8.0.0"
}
}
]
}
65 changes: 65 additions & 0 deletions ...entityanalytics_okta/data_stream/entity/_dev/test/pipeline/test-device.json-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,71 @@
"preserve_original_event",
"preserve_duplicate_custom_fields"
]
},
{
"@timestamp": "2022-05-14T13:37:20.000Z",
"asset": {
"category": "entity",
"id": "guo4a5uyerdpvAiJT0h7",
"name": "DESKTOP-XXXX",
"status": "ACTIVE",
"type": "okta_device"
},
"data_stream": {
"dataset": "entityanalytics_okta.device",
"namespace": "default",
"type": "logs"
},
"device": {
"id": "guo4a5uyerdpvAiJT0h7",
"serial_number": "1XXXX0X0X"
},
"ecs": {
"version": "8.11.0"
},
"entityanalytics_okta": {
"device": {
"id": "guo4a5uyerdpvAiJT0h7",
"profile": {
"disk_encryption_type": "ALL_INTERNAL_VOLUMES",
"display_name": "DESKTOP-XXXX",
"registered": true,
"secure_hardware_present": false
},
"status": "ACTIVE"
}
},
"event": {
"category": [
"host"
],
"kind": "asset",
"original": "{\"input\":{\"type\":\"entity-analytics\"},\"@timestamp\":\"2022-05-14T13:37:20.000Z\",\"ecs\":{\"version\":\"8.11.0\"},\"okta_domain\":\"trial-xxxxxxx-admin.okta.com\",\"event\":{\"kind\":\"asset\"},\"device\":{\"id\":\"guo4a5uyerdpvAiJT0h7\"},\"okta\":{\"profile\":{\"serialNumber\":\"1XXXX0X0X\",\"osVersion\":\"10.0.19043\",\"displayName\":\"DESKTOP-XXXX\",\"managed\":true,\"registered\":true,\"diskEncryptionType\":\"ALL_INTERNAL_VOLUMES\",\"model\":\"20BH002DUS\",\"secureHardwarePresent\":false,\"platform\":\"WINDOWS\",\"manufacturer\":\"LENOVO\"},\"id\":\"guo4a5uyerdpvAiJT0h7\",\"status\":\"ACTIVE\"},\"tags\":[\"preserve_original_event\",\"preserve_duplicate_custom_fields\"],\"_index\":\"logs-entityanalytics_okta.entity-default\",\"_id\":\"_id\",\"_version\":-3}",
"type": [
"info"
]
},
"host": {
"entity": {
"attributes": {
"managed": true
}
},
"name": "trial-xxxxxxx-admin.okta.com",
"os": {
"version": "10.0.19043"
}
},
"input": {
"type": "entity-analytics"
},
"os": {
"platform": "windows"
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields"
]
}
]
}
Loading
Loading