Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Configuration: Okta

 

Overview

We are providing you with the steps to integrate your Okta with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ).

Steps Of Configuration

Pre-requisite

Login to UI and navigate to Provisioning>> Add on devices>>Okta

To add the Okta support, follow the steps that are mentioned below.

  • Device: Select the name of the device 'Okta' in this section.

  • Name: We can take anything here according to our interest (mini. 3 character).

  • CCE Host: Enter the CCE IP

  • Password/Secret Key: Enter API Token

  • Config: Now in valid JSON Format in the last field enter your domain name in host (without https://)

{"host": "<domain_name>"}

  • Click on the Save button.

Verification of configuration

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Log in to UI >> SYSTEM

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

STEP 3:>>Inside SOURCE DEVICE IP, IP will reflect.

Using CCE SERVER

sudo tcpdump -i any host 514 (for logs) and 9995 (for flows) and host <IP address> -AAA” command should be running on the CCE server to check whether or not we are getting logs.

Seceon Inc. All rights reserved. https://www.seceon.com