Adding a Push subscription - PingOne for Enterprise - PingOne SSO for SaaS Apps

PingOne for Enterprise
bundle
pingoneforenterprise
ft:publication_title
PingOne for Enterprise
Product_Version_ce
PingOne for Enterprise
category
Product
pingone
ContentType_ce

Push subscriptions stream audit events of the selected type to the HTTPS URL you specify.

  1. Go to Dashboard > Reporting > Subscriptions > Add Subscription.
  2. In the Name field, enter a name for this subscription.
  3. In the Type list, select the type of audit event that will be pushed for this subscription.
    For more information, see PingOne for Enterprise report types.
  4. Select Push to create a Push subscription.
  5. In the Format list, select the format for the audit events.
    For Push subscriptions, this can be either:
    • Audit (the PingOne for Enterprise default format).
    • Splunk (a format compatible with Splunk processing).

    Both formats are JSON.

  6. In the URL field, enter the URL to stream audit events to.
    Note: The URL must be HTTPS.
  7. In the Authorization Header field, enter a request header that will be posted to the URL you specified.
    For example, "Authorization: Basic 80F4FC1D78C0F15627C9B95C".
  8. Click Upload to upload the public certificate registered to the URL you specified.
    Note: For Splunk subscriptions, you need to upload the endpoint certificate, not the entire certificate chain. You can get your endpoint certificate by going to your Splunk endpoint in a browser and downloading it.
  9. Click Done.
    You will find the new subscription listed on the Subscriptions page.

The audit events pushed to the URL you specified will look similar to these samples:

Audit format 
{
  "source": "ADMINISTRATOR_LOGIN",
  "id": "8fd3d92f-7af2-11e8-b80d-0ec0fbebxxxx",
  "recorded": "2018-28-06T16:44:44.849Z",
  "action": {
    "type": "Password"
  },
  "actors": [
    {
      "type": "user",
      "name": "pcasso@pingidentity.com"
    }
  ],
  "resources": [],
  "client": {
    "id": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
    "ipAddress": "192.168.10.1, 172.138.206.50"
  },
  "result": {
    "status": "SUCCESS",
    "message": "Password"
  }
}
Splunk format 
{
  "event": {
    "source": "ADMINISTRATOR_LOGIN",
    "id": "44990ce5-7af4-11e8-b80d-0ec0fbebxxxx",
    "recorded": "2018-28-06T16:56:57.627Z",
    "action": {
      "type": "Password"
    },
    "actors": [
      {
        "type": "user",
        "name": "pcasso@pingidentity.com"
      }
    ],
    "resources": [],
    "client": {
      "id": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36",
      "ipAddress": "24.222.35.218, 172.18.26.54"
    },
    "result": {
      "status": "SUCCESS",
      "message": "Password"
    }
  },
  "host": "pingidentity.com",
  "time": 1530205017627,
  "source": "ADMINISTRATOR_LOGIN"
}