Obtaining logging data from PingOne
Steps
-
Sign on to PingOne and select your environment.
-
In the left navigation pane, click Audit.
-
In the Audit Parameters section, adjust the audit parameters fields as needed.
-
To update the report, click Run.
Result:
The audit report is created.
If no fields are selected, the audit report only contains an empty Details column.
Example
The Details column contains a View link showing the JSON representation of the audit entry, as shown in the following example.
All unique identifiers in this example are intentionally blocked. |
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/429f5783-0f16-432f-b726-88223c380ab0/activities/979c1096-a693-4920-a2c6-62e34ff74dfe"
}
},
"id": "9*******-a***-4***-a***-6**********",
"recordedAt": "2021-04-06T16:27:34.783Z",
"createdAt": "2021-04-06T16:27:34.803Z",
"correlationId": "f******-2***-4***-9***-6***********",
"actors": {
"client": {
"id": "b*******-4***-4***-9***-0************",
"name": "PingOne Admin Console",
"environment": {
"id": "4*******-0***-4***-b***-8***********"
},
"href": "https://api.pingone.com/v1/environments/4*******-4*******-0***-4***-b***-8***********/applications/b*******-4***-4***-9***-0***********",
"type": "CLIENT"
},
"user": {
"id": "7*******-5***-4***-9***-d***********",
"name": "m******p********@pingidentity.com",
"environment": {
"id": "4*******-0***-4***-b***-8***********"
},
"population": {
"id": "4*******-0***-4***-b***-8***********"
},
"href": "https://api.pingone.com/v1/environments/4*******-0***-4***-b***-8***********/users/7*******-5***-4***-9***-d***********",
"type": "USER"
}
},
"action": {
"type": "USER.ACCESS_ALLOWED",
"description": "User Access Allowed"
},
"resources": [
{
"type": "USER",
"id": "7*******-5***-4***-9***-d***********",
"name": "matthewpollicove@pingidentity.com",
"environment": {
"id": "4*******-0***-4***-b***-8***********"
},
"population": {
"id": "4*******-0***-4***-b***-8***********"
},
"href": "https://api.pingone.com/v1/environments/4*******-0***-4***-b***-8***********/users/7*******-5***-4***-9***-d***********"
}
],
"result": {
"status": "SUCCESS",
"description": "Passed role access control"
}
}
Next steps
If you need to connect the audit data to an external application, such as Splunk, learn more in Monitoring activity with Splunk.
Audit parameter fields
The following table describes the fields and options available in the Audit Parameters section of PingOne.
Field | Option | Description | ||
---|---|---|---|---|
Time Range |
Specific |
Set the time range to a specific date range. |
||
Relative |
Set the time range to a period relative to the current time. |
|||
Filter Type
|
Resource ID |
Find activities by resource ID. |
||
Correlation ID |
Find activities by correlation ID. When an HTTP request is received by PingOne, it is assigned a correlation ID. You can use the correlation ID to associate HTTP responses with messages in the event log. |
|||
Event type |
Find activities by event type. Select an event type. If Risk is enabled, the following parameters are available:
|
|||
User ID (Actor) |
Find activities that were performed by a particular user by user ID. |
|||
Username (Actor) |
Find activities that were performed by a particular user by username. |
|||
Client (Actor) |
Select a client to find activities that were performed by that client. The list of clients can vary depending on your configuration. |
|||
Resource population |
Select a population to find activities that were performed in resources within a particular population. |
|||
Resource type |
Select a resource to find activities that were performed on a particular type of resource. |
|||
Population |
Find activities that were performed on a particular population. |
|||
User |
Find activities that were performed on a particular user. |
|||
Application |
Find activities that were performed by a particular client application. |
|||
Selected Fields |
Timestamp |
The date and time of the event. The format is: MM/DD/YYYY HH:mm:ss. |
||
Event name |
A unique identifier for the event. |
|||
Description |
A brief description of the event. |
|||
Client |
The client that performed the event. |
|||
User identity |
The user for which the event was performed. |
|||
Population |
The population in which the event was performed. |
|||
Resource type |
The type of resource for which the event was performed. |