- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Ping Identity Cloud Connector
Prerequisites to Configure the Ping Identity Cloud Connector
Before you configure the Ping Identity connector you must complete the following prerequisites:
Create a new Ping Identity administrator user for the Exabeam cloud connector configuration
Assign Audit and Report administrator role to the administrator
Note the username, account ID, and password of the administrator that you created
Obtain subscription IDs for the required endpoints
Create an Administrator
To create an administrator:
Log in to the PingOne administrator portal as an administrator.
Navigate to Account > Administrators.
Click Add Administrator.
Enter the required information such as name and email address, then select Audit & Report Administrator in the Role list.
Click Save. PingOne sends an email with a link to set a password to the user. After the user sets a password as prompted, and logs in for the first time via SSO, the user is added to the list of administrators.
Assign Audit and Report Administrator Role
Administrators with the Audit and Report role can manage subscription for audit events, run reports, and access PingOne Dashboard and the Reporting and Subscription pages. Additionally, the administrator can access the API for polling audit events.
If you have created an administrator user with a role other than Audit & Report Administrator, to assign the Audit and Report Administrator role:
Log in to the PingOne administrator portal as an administrator.
Navigate to Account > Administrators.
In the Search box, enter the administrator’s user name for whom you want to assign the role.
Click the administrator’s name whose role you want to change to expand details, then click the edit icon.
In the Role list containing PingOne administrative roles, select Audit & Report Administrator.
Click Save. The role is assigned. For more information see Assign Administrative Roles.
Obtain Subscription IDs
To manage subscriptions for the audit events, you must create poll subscriptions for the administrator. For poll subscriptions, the audit events of a specific type are accumulated and provided to a client pulling those events.
To get the audit events for a Poll subscription and obtain subscription ID:
Log in to the PingOne administrator portal as an administrator.
On the PingOne dashboard, navigate to Reporting > Subscriptions.
Click Add Subscription.
Specify a name for the subscription.
Select the type of event that you want to poll for this subscription.
In Subscription Type area, select Poll, then select a batch size to indicate maximum number of audit events for the polling subscription to retrieve.
Click Done. The Subscriptions page displays the new Poll subscription listed.
On the Subscriptions page, select the Poll subscription that you created, then click the expand icon to view details.
Copy the Poll URL. This URL contains account ID and the poll subscription ID. The poll URL has the following syntax: https://admin-api.pingone.com/v3/reports/<account-Id>/poll-subscriptions/<subscriptionID>/events
Note the account ID and the subscription ID represented by a string of letters and numbers. For example, in the URL https://admin-api.pingone.com/v3/reports/5733a0b1-ff99-4e59-95e6-58c14831xxxx/poll-subscriptions/8ae7c229-5198-40ae-bb68-b67bb46exxxx/events, the account ID is 5733a0b1-ff99-4e59-95e6-58c14831xxxx and the subscription ID is 8ae7c229-5198-40ae-bb68-b67bb46exxxx. Use the account ID and the subscription ID to configure the Ping Identity cloud connector.
Configure the Ping Identity Cloud Connector
Ping Identity is a unified platform that provides identity services including multi-factor authentication (MFA), single sign-on (SSO), identity data management, access security, directory, data governance, and intelligent API cyber security. Ping Identity offers its customers intelligent and real-time access to resources to enable them to connect securely to cloud, mobile, devices, SaaS, and APIs. Ping Identity products help to manage sensitive data, prevent security breaches, and improve user engagement. For more information see the Ping Identity documentation.
The following table lists the audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered |
|---|---|
Administrator login | Provide admin login success and login failed events |
Administrator activity |
|
Ping ID administrative activity | Provide events such as updates in general settings updated, changes in authentication properties and account updates |
Directory | Provide user updates events such as delete, create, password changed, and password policy updates |
Provisioning | Provide group updates events and user updates events |
SSO | Provide SSO events such as init connection with SSO, successful connection, and failure of connection |
Ping ID | Provide device events such as device paired or unpaired, and device wipe success or time out |
To configure the Ping Identity connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the Ping Identity Cloud Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Ping Identity from the list.
Enter the required information. Required fields are indicated with a red bar.
Tenant – Select a tenant to attach to the connector if you are using a multi-tenant edition of Exabeam. Otherwise, select default.
Account Name – Specify a name for the Ping Identity connector. For example, Ping_Identity_MFA_SSO.
Description – Describe the Ping Identity connector (optional). For example, Ping access security through MFA and SSO.
Username – Enter the user name of Ping Identity administrator.
Account ID – Enter the account ID that you obtained while completing prerequisites.
Password – Enter the password for the Ping Identity administrator.
Subscription ID – Enter the appropriate subscription IDs for the endpoints that you want to use. You obtained the subscription IDs while completing prerequisites.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.