- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Zoom Cloud Connector
Use Exabeam Cloud Connector for Zoom to ingest data about Zoom activity into Data Lake . Zoom is an enterprise video conferencing platform. When you connect Exabeam to Zoom, you can ingest operations logs reports to audit administrators and users, and sign-in/sign-out activity logs to monitor when a user signs in or out. For the cloud connector to retrieve Zoom data, Zoom must use Webhooks to push the data to an HTTPS endpoint in a public cloud environment like Amazon Web Services (AWS). The cloud connector pulls this data from the cloud environment using the Zoom REST API.
Zoom Audit Source and Event Support
Zoom offers a cloud-based communication platform for video and audio conferencing with real-time messaging and content sharing for enterprise users. Zoom enables users to virtually interact with each other securely. For more information see the Zoom documentation.
The following table displays the audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered |
|---|---|
Users’ and administrators’ activity | |
Sign-ins and Sign-outs of users |
Prerequisites to Configure the Zoom Cloud Connector
Zoom authenticates every HTTP request made to the Zoom API. Zoom supports two authentication methods: OAuth2.0 and JSON Web Token (JWT) for request authentication. You must determine the authentication method that you want to use.
Before you configure the Zoom connector you must complete the following prerequisites:
Obtain the values for client ID and client secret if you use the OAuth2.0 method.
Obtain the values for API key and API secret if you use the JWT method.
Ensure the https://api.zoom.us/v2/report service is open for communication with the Exabeam Cloud Connector platform.
Obtain Client ID and Client Secret for OAuth2.0
The OAuth2.0 protocol allows applications to obtain required access to user accounts via the HTTP service. For more information, see the Zoom documentation.
Note
To create the OAuth app, the user must be of the type Licensed, and the account role type must be of the type Owner.
To create the Zoom OAuth app:
Log in to Zoom App Marketplace with your registered credentials.
On the upper right corner, click Develop and select Build Legacy App.
On the Choose your app type page, for the OAuth app type click Create.
Specify a name for the app in the App Name box.
Select Account-level app as the app type.
Confirm that the option to publish the app on Zoom app marketplace is disabled.
Click Create.
The My App page displays the values for client ID and client secret for the app. Note these values, because you will use them to authenticate the API client while configuring the Zoom connector on the Exabeam Cloud Connector platform.
In the Redirect URL for OAuth and Whitelist URL field, enter the URL https://auth.skyformation.net/v1/oauth to have Zoom authenticate Exabeam cloud connector.
Click Continue.
In the left pane, navigate to Scopes > Add Scopes.
In the Add Scopes pop-up, set required permissions for the Zoom app to have Exabeam pull events.
Using the search box in the left pane, search for and select the following scopes:
report:read:user_activities:admin
report:read:operation_logs:admin
For example, refer to the following screenshot.
Click Done.
Obtain API Key and API Secret for JWT
The JSON Web Tokens (JWT) are strings of text used for verifying the authorization of the server. For more information, see https://jwt.io/. To build a server-server authenticated app that allows other users and apps to avail its services, you must create a JWT app. For more information, see the Zoom documentation.
Note
You can create only one JWT app for an organization. If your organization already has a JWT app, use the existing JWT app when configuring the Zoom cloud connector.
To create the Zoom JWT app:
Log in to Zoom App Marketplace with your registered credentials.
On the upper right corner, click Develop and select Build App.
On the Choose your app type page, for the JWT app type click Create.
Specify a name for the app in the App Name box.
In the Basic Information section, specify the required details such as company name, and developer contact information.
In the left pane, click App Credentials. The App Credentials section displays the values for API Key and API Secret for the app. Note these values because you will use them to authenticate the API client while configuring the Zoom connector on the Exabeam Cloud Connector platform.
Configure the Zoom Cloud Connector
To configure the Zoom connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the Zoom Cloud Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Zoom from the list.
In the Accounts section, enter the required information. Required fields are indicated with a red bar.
Tenant – Select a tenant to attach to the connector if you are using a multi-tenant edition of Exabeam. Otherwise, select default.
Account Name – Specify a name for the Zoom connector. For example, Zoom collaboration.
Description – (Optional) Describe the Zoom connector. For example, Zoom Web conferencing and collaboration.
Authentication Method – Select the authentication method that you want to use.
If you select JWT, enter the values for the API key and API secret.
API Key – Enter the value for the API key that you obtained while completing the prerequisites.
API Secret – Enter the value for the API secret that you obtained while completing the prerequisites.
If you select OAuth2, enter the values for the client ID and client secret.
Client ID – Enter the value for the client ID that you obtained while completing the prerequisites.
Client Secret – Enter the value for the client secret that you obtained while completing the prerequisites.
External Authentication – Click the Open External OAuth Window to log in to the Zoom account that you used for creating the Zoom OAuth app and click Authenticate.
Note
The External Authentication field is a required field although it is not indicated with a red bar.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.