# Supported applications in AppFabric for security
AWS AppFabric for security supports integration with the following applications. Choose the name of an application for more information about how to set up AppFabric for security to connect to it.
**Topics**
+ [
# Configure 1Password for AppFabric
](1password.md)
+ [
# Configure Asana for AppFabric
](asana.md)
+ [
# Configure Azure Monitor for AppFabric
](azure-monitor.md)
+ [
# Configure Atlassian Confluence for AppFabric
](confluence.md)
+ [
# Configure Atlassian Jira suite for AppFabric
](jira.md)
+ [
# Configure Box for AppFabric
](box.md)
+ [
# Configure Cisco Duo for AppFabric
](cisco-duo.md)
+ [
# Configure Dropbox for AppFabric
](dropbox.md)
+ [
# Configure Genesys Cloud for AppFabric
](genesys.md)
+ [
# Configure GitHub for AppFabric
](github.md)
+ [
# Configure Google Analytics for AppFabric
](google-analytics.md)
+ [
# Configure Google Workspace for AppFabric
](google-workspace.md)
+ [
# Configure HubSpot for AppFabric
](hubspot.md)
+ [
# Configure IBM Security® Verify for AppFabric
](ibm-security.md)
+ [
# Configure JumpCloud for AppFabric
](jumpcloud.md)
+ [
# Configure Microsoft 365 for AppFabric
](microsoft-365.md)
+ [
# Configure Miro for AppFabric
](miro.md)
+ [
# Configure Okta for AppFabric
](okta.md)
+ [
# Configure OneLogin by One Identity for AppFabric
](onelogin.md)
+ [
# Configure PagerDuty for AppFabric
](pagerduty.md)
+ [
# Configure Ping Identity for AppFabric
](pingidentity.md)
+ [
# Configure Salesforce for AppFabric
](salesforce.md)
+ [
# Configure ServiceNow for AppFabric
](servicenow.md)
+ [
# Configure Singularity Cloud for AppFabric
](singularity-cloud.md)
+ [
# Configure Slack for AppFabric
](slack.md)
+ [
# Configure Smartsheet for AppFabric
](smartsheet.md)
+ [
# Configure Terraform Cloud for AppFabric
](terraform.md)
+ [
# Configure Webex by Cisco for AppFabric
](webex.md)
+ [
# Configure Zendesk for AppFabric
](zendesk.md)
+ [
# Configure Zoom for AppFabric
](zoom.md)
# Configure 1Password for AppFabric
1Password is a password manager that helps you create, store, and use strong passwords for all your online accounts. It also protects your data with encryption, alerts you about breaches, and lets you share passwords.
You can use AWS AppFabric for security to audit logs and user data from 1Password, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for 1Password
](#1password-appfabric-support)
+ [
## Connecting AppFabric to your 1Password account
](#1password-appfabric-connecting)
## AppFabric support for 1Password
AppFabric supports receiving user information and audit logs from 1Password.
### Prerequisites
To use AppFabric to transfer audit logs from 1Password to supported destinations, you must meet the following requirements:
+ You must have an active paid 1Password Business or Enterprise subscription plan. For more information, see [1Password Enterprise](https://1password.com/business-pricing) on the 1Password website.
+ You must have an administrator role or team owner in the 1Password account. For more information, see [Groups](https://support.1password.com/groups/) in the 1Password support website.
### Rate limit considerations
The 1Password AuditLog Events API limits requests to 600 per minute and up to 30,000 per hour. Exceeding these limits returns an error. For more information, see [1Password API Rate limits](https://developer.1password.com/docs/events-api/reference/#rate-limits) in the *1Password Events API reference*.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your 1Password account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with 1Password. To find the information required to authorize 1Password with AppFabric, use the following steps.
### Create a personal 1Password access token
1Password supports personal access tokens for public clients. Complete the following steps to generate a personal access token.
1. Sign in to your 1Password account.
1. Choose **Integrations** in the navigation pane.
1. If existing integrations are present, choose **Directory**. Otherwise, continue to the next step.
1. Choose **Other** under **Events Reporting Integration**.
1. On the **Add integration** page, enter your security information and event management (SIEM) system name (e.g., AppFabric Secure)
1. Choose **Add Integration**, then complete the following steps in the **Set up token** page.
1. Provide the token name to be used in the AppFabric secure environment.
1. We recommend that you choose **Never** in the **Expires After** drop-down list. If any other value is selected then 1Password revokes the token after the expiration time elapses.
1. In the **Events to Report** section, choose **Sign-in attempts**, **Item usage events**, and **Audit events**.
1. Choose **Issue Token** to create the token.
1. Choose **Save in 1Password** and complete the following steps.
1. The title will be auto-populated based on your system and token names.
1. Choose **Private** under **Select A Vault**.
1. Choose **Save**.
For more information, see [Get started with 1Password Events Reporting](https://support.1password.com/events-reporting/) on the 1Password website.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric will be your 1Password sign-in address. Complete the following steps to find your tenant ID.
1. Sign in to your 1Password account.
1. Choose **Settings** in the navigation pane.
1. Your 1Password sign-in is listed on the page. For example, **example-account.1password.com**.
#### Tenant name
Enter a name that identifies this unique 1Password organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Service account token
You must have a service account token from an 1Password service account to enter into the AppFabric 1Password app authorization. If you don't have a service account token, use the following instructions:
AppFabric will request a service account token. The service account token in AppFabric is the personal access token you created. Complete the following steps in the **1Password** portal to find the personal access token.
1. Choose **Dashboard**.
1. Choose **People**.
1. Choose **Account Owner Name**.
1. Choose **Private**.
1. Choose **View Vault**.
1. Choose **Token Name**.
#### Client Authorization
Create an app authorization in AppFabric using the tenant ID, tenant name and service account token. Then choose **Connect** to activate the authorization.
# Configure Asana for AppFabric
Asana is a work management platform that helps individuals, teams, and organizations orchestrate work, from daily tasks to cross-functional strategic initiatives. It provides a living system of clarity where everyone can communicate, collaborate, and coordinate work. With Asana, teams integrate critical business tools into one place so work moves forward no matter where it happens.
You can use AWS AppFabric for security to audit logs and user data from Asana, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Asana
](#asana-appfabric-support)
+ [
## Connecting AppFabric to your Asana account
](#asana-appfabric-connecting)
## AppFabric support for Asana
AppFabric supports receiving user information and audit logs from Asana.
### Prerequisites
To use AppFabric to transfer audit logs from Asana to supported destinations, you must meet the following requirements:
+ You must have an **Enterprise account** with Asana. For more information about creating or upgrading to an Asana Enterprise account, see [Asana Enterprise](https://asana.com/enterprise) on the Asana website.
+ You must have a user with the **Super Admin** role in your Asana account. For more information about roles, see [Admin and super admin roles in Asana](https://help.asana.com/hc/en-us/articles/14141552580635-Admin-and-super-admin-roles-in-Asana) on the Asana website.
### Rate limit considerations
Asana imposes rate limits on the Asana API. For more information about the Asana API rate limits, see [Rate limits](https://developers.asana.com/docs/rate-limits) on the *Asana Developers Guide* website. If the combination of AppFabric and your existing Asana applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Asana account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Asana. To find the information required to authorize Asana with AppFabric, use the following steps.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is called the domain ID in Asana. To find the domain ID, use the following instructions from the Asana home screen:
1. Choose your account profile picture and select **Admin Console**.
1. Then select **Settings**.
1. Scroll to **Domain Settings**.
1. Enter the domain ID from this section into the AppFabric Tenant ID configuration.
#### Tenant name
Enter a name that identifies this unique Asana organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Service account token
You must have a service account token from an Asana service account to enter into the AppFabric Asana app authorization. If you don't have a service account token, use the following instructions:
1. To create a service account, follow the instructions in [Service Accounts](https://help.asana.com/hc/en-us/articles/14217496838427-Service-Accounts) on the *Asana Guide* website.
1. Copy and save the token from the bottom of the **Add service account** page the first time you view the **Add service account** page.
1. If you close the **Add service account** page before saving the token, you must edit your service account, generate a new token, and save it.
# Configure Azure Monitor for AppFabric
Azure Monitor is a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments. You can use Azure Monitor to maximize the availability and performance of your applications and services. It helps you understand how your applications are performing and allows you to manually and programmatically respond to system events.
Azure Monitor collects and aggregates the data from every layer and component of your system across multiple Azure and non-Azure subscriptions and tenants. It stores it in a common data platform for consumption by a common set of tools that can correlate, analyze, visualize, and/or respond to the data. You can also integrate other Microsoft and non-Microsoft tools. The Azure Monitor activity log is a platform log that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started.
You can use AWS AppFabric for security to audit logs and user data from Azure Monitor, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Azure Monitor
](#azure-monitor-appfabric-support)
+ [
## Connecting AppFabric to your Azure Monitor account
](#azure-monitor-appfabric-connecting)
## AppFabric support for Azure Monitor
AppFabric is capable of receiving user information and audit logs from the following Azure Monitor services:
+ Azure Monitor
+ API Management
+ Microsoft Sentinel
+ Security Center
### Prerequisites
To use AppFabric to transfer audit logs from Azure Monitor to supported destinations, you must meet the following requirements:
+ You need to have a Microsoft Azure account with either a free trial or pay-as-you-go subscription.
+ At least one subscription is required to fetch the events within that subscription.
### Rate limit considerations
Azure Monitor imposes rate limits to the security principal (user or application) making the requests and the subscription ID or tenant ID. For more information about the Azure Monitor API rate limits, see [Understand how Azure Resource Manager throttles requests](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling) on the *Azure Monitor Developer website*.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Azure Monitor account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Azure Monitor. To find the information required to authorize Azure Monitor with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Azure Monitor using OAuth2. Complete the following steps to create an OAuth2 application in Azure Monitor:
1. Navigate to the [Microsoft Azure Portal](https://portal.azure.com) and sign in.
1. Navigate to **Microsoft Entra ID**.
1. Choose **App Registrations**.
1. Choose on **New Registration**.
1. Enter a name for the client such as Azure Monitor OAuth Client. This will be the name of the registered application.
1. Verify the **Supported account types** is set to **Single Tenant**.
1. For the **Redirect URI**, select **Web** as the platform and add a redirect URI. Use the following format for the redirect URI:
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In that address, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
The authentication response will be sent to the provided URI after successfully authenticating the user. Providing this now is optional and it can be changed later, but a value is required for most authentication scenarios.
1. Choose **Register**.
1. In the registered app, choose on **Certificates & secrets** and then **New client secret**.
1. Add a description for the secret.
1. Select the secret expiration duration. You can select any preset duration from the drop-down or set a custom duration.
1. Choose **Add**. Client secret values can only be viewed immediately after creation. Be sure to save the secret somewhere safe before leaving the page.
### Required permissions
You must add the following permissions to your OAuth application. To add permissions, follow the instructions in the [Add permissions to access your web API](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#add-permissions-to-access-your-web-api) section of the *Microsoft Entra Developer Guide*.
+ Microsoft Graph User Access API > User.Read.All (Select Delegated Type)
+ Microsoft Graph User Access API > offline\$1access (Select Delegated Type)
+ Azure Service Management Audit Log API > user\$1impersonation (Select Delegated Type)
After you’ve added the permissions, to grant admin consent for the permissions, follow the instructions in the [Admin consent button](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#admin-consent-button) section of the *Microsoft Entra Developer Guide*.
### App authorizations
AppFabric supports receiving user information and audit logs from your Azure Monitor account. To receive both audit logs and user data from Azure Monitor, you must create two app authorizations, one that is named **Azure Monitor** in the app authorization drop-down list, and another that is named **Azure Monitor Audit Logs** in the app authorization drop-down list. You can use the same tenant ID, client ID and client secret for both app authorizations. To receive audit logs from Azure Monitor you need both the **Azure Monitor** and **Azure Monitor Audit Logs** app authorizations. To use the user access tool alone, only the **Azure Monitor** app authorization is required.
#### Tenant ID
AppFabric will request your tenant ID. Complete the following steps to find your client ID in **Azure Monitor**:
1. Navigate to the [Microsoft Azure Portal](https://portal.azure.com/).
1. Navigate to **Azure Active Directory**.
1. In the **App Registrations** section, choose the app that was previously created.
1. In the **Overview** section, copy the tenant ID from the **Directory (tenant) ID** field.
#### Tenant name
Enter a name that identifies this unique Azure Monitor subscription. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
**Note**
The tenant name should be maximum 2,048 characters consisting of numbers, lower/upper case letters, and the following special characters: period (.), underscore (\$1), dash (-) and empty space.
#### Client ID
AppFabric will request a client ID. Complete the following procedure to find your client ID in Azure Monitor:
1. Navigate to the [Microsoft Azure Portal](https://portal.azure.com/).
1. Navigate to **Azure Active Directory**.
1. In the **App Registrations** section, choose the app that was previously created.
1. In the **Overview** section, copy the client ID from the **Application (client) ID** field.
#### Client secret
AppFabric will request a client secret. Client secret for the registered OAuth app is what you generated in Step 11 of the OAuth App creation section. If you misplace the client secret generated during the OAuth app creation, repeat the steps 8-11 in the OAuth App creation section to regenerate a new one.
#### App authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Microsoft Azure to approve the authorization. Sign in to your account from the window and approve the AppFabric authorization by choosing **Allow**.
# Configure Atlassian Confluence for AppFabric
Create, collaborate, and organize all your work in one place. Confluence is a team workspace where knowledge and collaboration meet. Dynamic pages give your team a place to create, capture, and collaborate on any project or idea. Spaces help your team structure, organize, and share work, so every team member has visibility into institutional knowledge and access to the information they need to do their best work.
You can use AWS AppFabric for security to receive audit logs and user data from Confluence, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Atlassian Confluence
](#confluence-appfabric-support)
+ [
## Connecting AppFabric to your Atlassian Confluence account
](#confluence-appfabric-connecting)
## AppFabric support for Atlassian Confluence
AppFabric supports receiving audit logs from Atlassian Confluence.
### Prerequisites
To use AppFabric to transfer audit logs from Atlassian Confluence to supported destinations, you must meet the following requirements:
+ To access the Audit logs, you need to have an standard, premium, or enterprise account. For more information about creating or upgrading to the applicable Confluence plan type, see [Confluence Pricing](https://www.atlassian.com/software/confluence/pricing.html) on the Atlassian website.
+ To access the Audit logs, you need to have Administrator permissions for your account. For more information about roles, see [Give users admin permissions](https://support.atlassian.com/user-management/docs/give-users-admin-permissions/) on the Atlassian Support website.
### Rate limit considerations
Confluence imposes rate limits on the Atlassian Confluence API. If the combination of AppFabric and your existing Atlassian Confluence API applications exceed Atlassian Confluence's limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Atlassian Confluence account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Atlassian Confluence. To find the information required to authorize Atlassian Confluence with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Atlassian Confluence using OAuth. To create an OAuth application in Atlassian Confluence, use the following steps.
1. Navigate to the [Atlassian Developer Console](https://developer.atlassian.com/console/).
1. Choose your profile icon in the top-right and choose **Developer console**.
1. Next to **My apps**, choose **Create**, **OAuth 2.0 integration**.
1. Choose **Permissions** in the left navigation pane and choose **Add** next to Confluence API.
1. Under **Classic scopes**, select **Read user** (`read:confluence-user`).
1. Under **Granular scopes**, select **View audit records** (`read:audit-log:confluence`).
1. Choose **Authorization** in the left navigation pane and choose **Add** next to **OAuth 2.0 (3LO)**.
1. Use a redirect URL with the following format in the **Callback URL** text box and choose **Save changes**.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
### Required scopes
You must add one of the following scopes to your Atlassian Confluence OAuth application. For more information about scopes, see [Scopes for OAuth 2.0 (3LO) and Forge apps](https://developer.atlassian.com/cloud/confluence/scopes-for-oauth-2-3LO-and-forge-apps/) on the Atlassian Developer website. Use the classic scope where available.
+ Classic Scopes:
+ `read:confluence-user`
+ Granular Scopes:
+ `read:audit-log:confluence`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your **Atlassian Confluence instance subdomain**. You can find your **Atlassian Confluence instance subdomain** in your browser’s address bar between **https://** and **.atlassian.net**.
#### Tenant name
Enter a name that identifies this unique Atlassian Confluence organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in Atlassian Confluence, use the following steps:
1. Navigate to the [Atlassian Developer Console](https://developer.atlassian.com/console/).
1. Choose your profile icon in the top-right and choose **Developer console**, **My Apps**.
1. Select the OAuth application that you use to connect AppFabric.
1. Enter the client ID from the **Settings** page into the client ID field in AppFabric.
#### Client secret
AppFabric will request a client secret. To find your client secret in Atlassian Confluence, use the following steps:
1. Navigate to the [Atlassian Developer Console](https://developer.atlassian.com/console/).
1. Choose your profile icon in the top-right and choose **Developer console**, **My Apps**.
1. Select the OAuth application that you use to connect AppFabric.
1. Enter the secret from the **Settings** page into the **Client Secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Atlassian Confluence to approve the authorization. To approve the AppFabric authorization, choose **allow**.
# Configure Atlassian Jira suite for AppFabric
Atlassian unleashes the potential of every team. Their agile and DevOps, IT service management and work management software helps teams organize, discuss, and complete shared work. The majority of the Fortune 500 and over 240,000 companies of all sizes worldwide - including NASA, Kiva, Deutsche Bank, and Salesforce - rely on Atlassian solutions to help their teams work better together and deliver quality results on time. Learn more about Atlassian products, including Jira Software, Confluence, Jira Service Management, Trello, Bitbucket, and Jira Align at [https://www.atlassian.com/](https://www.atlassian.com/).
You can use AWS AppFabric for security to audit logs and user data from the Jira suite (other than Jira Align), normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for the Jira suite
](#jira-appfabric-support)
+ [
## Connecting AppFabric to your Jira account
](#jira-appfabric-connecting)
## AppFabric support for the Jira suite
AppFabric supports receiving user information and audit logs from the Jira suite, with the exception of Jira Align.
### Prerequisites
To use AppFabric to transfer audit logs from the Jira suite to supported destinations, you must meet the following requirements:
+ You must have a Jira Standard Plan or higher. For more information about the capabilities of the Jira plans, see [Jira Software](https://www.atlassian.com/software/jira/pricing), [Jira Service Management](https://www.atlassian.com/software/jira/service-management/pricing), [Jira Work Management](https://www.atlassian.com/software/jira/work-management/pricing), and [Jira Product Discovery](https://www.atlassian.com/software/jira/product-discovery/pricing) pricing pages.
+ You must have a user with the **Organization admin** role in your Jira account. For more information about roles, see [Give users admin permissions](https://support.atlassian.com/user-management/docs/give-users-admin-permissions/) on the Atlassian Support website.
### Rate limit considerations
The Jira suite imposes rate limits on the Jira API. For more information about the Jira suite API rate limits, see [Rate limiting](https://developer.atlassian.com/cloud/jira/platform/rate-limiting/) on the *Atlassian Developers Guide* website. If the combination of AppFabric and your existing Jira API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Jira account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Jira. To find the information required to authorize Jira with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with the Jira suite using OAuth. To create an OAuth application in Jira, use the following steps:
1. Navigate to the [Atlassian Developer Console](https://developer.atlassian.com/console/).
1. Next to **My apps**, choose **Create**, **OAuth 2.0 integration**.
1. Give your app a name and choose **Create**.
1. Navigate to the **Authorization** section and choose **Add** next to OAuth 2.0.
1. Use a URL with the following format in the **Callback URL** field and choose **Save** changes.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Navigate to the **Settings** section, copy your client ID and client secret, and save it to use for the AppFabric app authorization.
### Required scopes
You must add the following scopes to your Jira OAuth application’s **Permissions** page:
+ Under Classic Scopes:
+ Jira API > `read:jira-user`
+ Under Granular Scopes:
+ Jira API > `read:audit-log:jira`
+ Jira API > `read:user:jira`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your **Jira instance subdomain**. You can find your **Jira instance subdomain** in your browser’s address bar between **https://** and **.atlassian.net**.
#### Tenant name
Enter a name that identifies this unique Jira server. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request your client ID. To find your client ID in Jira, use the following steps:
1. Navigate to the [Atlassian Developer Console](https://developer.atlassian.com/console/).
1. Select the OAuth application that you use to connect AppFabric.
1. Enter the client ID from the **Settings** page into the client ID field in AppFabric.
#### Client secret
AppFabric will request your client secret. The **Client secret** in AppFabric is the **Secret** in Jira. To find your **Secret** in Jira, use the following steps:
1. Navigate to the [Atlassian Developer Console](https://developer.atlassian.com/console/).
1. Select the OAuth application that you use to connect AppFabric.
1. Enter the secret from the **Settings** page into the **Client Secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric you will receive a pop-up window from Jira to approve the authorization. To approve the AppFabric authorization, choose **Allow**.
# Configure Box for AppFabric
Box is the leading Content Cloud, a single platform that empowers organizations to manage the entire content lifecycle, work securely from anywhere, and integrate across best-of-breed apps.
You can use AWS AppFabric to receive audit logs and user data from Box, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for the Box
](#box-appfabric-support)
+ [
## Connecting AppFabric to your Box account
](#box-appfabric-connecting)
## AppFabric support for the Box
AppFabric supports receiving user information and audit logs from Box.
### Prerequisites
To use AppFabric to transfer audit logs from Box to supported destinations, you must meet the following requirements:
+ To access the audit logs, you need to have an active paid subscription to [Business, Business Plus, Enterprise, or Enterprise Plus](https://www.box.com/pricing) plans.
+ You must have a user with the [Admin Privileges](https://developer.box.com/guides/events/enterprise-events/for-enterprise/).
+ You must have [2-factor authentication](https://support.box.com/hc/en-us/articles/360043697154-Two-Factor-Authentication-Set-Up-for-Your-Account) enabled on your Box account for viewing and copying the application's client secret from the configuration tab.
### Rate limit considerations
Box imposes rate limits on the Box API. For more information about the Box API [rate limits](https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/#per-api-rate-limits), see Rate limits on the Box Developers Guide website. If the combination of AppFabric and your existing Box applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You may see up to 30-minute delay in an audit event to get delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this may be customizable on an account level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Box account
After you create your app bundle within the AppFabric service, you need to authorize AppFabric with Box. To find the information required to authorize Box with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with the Box using OAuth. Use the following steps to create an OAuth application in Box, For more information, see [Creating an OAuth App](https://developer.box.com/guides/authentication/client-credentials/client-credentials-setup/) on the Box website.
1. Log in to Box and go to the the [Developer Console](https://app.box.com/developers/console).
1. Choose **Create New App**.
1. Choose **Custom App** from the list of application types. A modal will appear to prompt a selection for the next step.
1. Enter an app name and description.
1. Choose **Integration** from the **Purpose** dropdown list.
1. Choose **Security & Compliance** from the **Categories** dropdown list.
1. Enter **AWS AppFabric Secure** in the **Which external system are you integrating with?** text box.
1. Choose **Server Authentication (Client Credentials Grant)** if you would like to verify application identity with a client ID and client secret.
1. Choose **Create App**.
1. Choose the **Configuration** tab.
1. In the **App Access Level** section of the page, choose **App \$1 Enterprise Access**.
1. In the **Application Scopes** section of the page, Choose the **Manage users** and **Manage enterprise properties**.
1. Choose **Save Changes**.
A Box Admin needs to authorize the application within the Box Admin Console before the application can be used. Complete the following steps to request an authorization.
1. Choose the **Authorization** tab for your application within the [Developer Console](https://app.box.com/developers/console).
1. Choose **Review and Submit** to send an email to your Box enterprise Admin for approval. For more information, see [Authorization](https://developer.box.com/guides/authorization/) in the *Box guide*.
**Note**
You must re-submit your app if any changes are made after submission.
### Required scopes
The following application scopes are required. For more information about scopes, see [Scopes](https://developer.box.com/guides/api-calls/permissions-and-errors/scopes/) on the *Box documentation website*.
+ Manage enterprise properties (`manage_enterprise_properties`)
+ Manage users (`manage_managed_users`)
### App authorizations
#### Tenant ID
AppFabric will request a tenant ID. The tenant ID in AppFabric is the Box Enterprise ID. The Box Enterprise ID can be found in the admin console under **Account & Billing** > **Account Information** > **Enterprise ID**. For more information, see [Enterprise ID](https://developer.box.com/platform/appendix/locating-values/#as-an-admin) on the *Box documentation website*.
#### Tenant name
Enter a name that identifies this unique Box organization. AppFabric uses the tenant name to label the app authorizations and any ingestion created from the app authorization.
#### Client ID and client secret
1. Log in to Box and go to the [Developer Console](https://app.box.com/developers/console).
1. Choose **My Apps** in the navigation menu.
1. Choose the OAuth application that you use to connect AppFabric.
1. Choose the **Configuration** tab.
1. Scroll to the **Oauth 2.0 Credentials** section of the page.
1. Enter the client ID from your OAuth **Client Id** into the **Client ID** field in AppFabric.
1. Choose **Fetch Client Secret**.
1. Enter the client secret from your OAuth Client Secret into the **Client Secret** field in AppFabric.
# Configure Cisco Duo for AppFabric
Cisco Duo protects against breaches with a leading access management suite that provides strong multi-layered defenses and innovative capabilities that allow legitimate users in and keep bad actors out. For any organization concerned about being breached and needs a solution fast, Cisco Duo quickly enables strong security while also improving user productivity.
You can use AWS AppFabric for security to receive audit logs and user data from Cisco Duo, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Cisco Duo
](#cisco-duo-appfabric-support)
+ [
## Connect AppFabric to your Cisco Duo account
](#cisco-duo-appfabric-connecting)
## AppFabric support for Cisco Duo
AppFabric supports receiving user information and audit logs from Cisco Duo.
### Prerequisites
To use AppFabric to transfer audit logs from Cisco Duo to supported destinations, you must meet the following requirements:
+ To access the audit logs, you need to have an active subscription to a Duo Essentials, Duo Advantage, or Duo Premier edition. Alternatively, new customers with an Advantage or Premier trial can also access. For more information about Cisco Duo editions, see [Editions & Pricing](https://duo.com/editions-and-pricing).
+ You need to be an Administrator with Owner role to create or modify Admin API.
+ You need to add Grant read log resource” permissions to access audit logs in the admin API.
### Rate limit considerations
Cisco Duo imposes rate limits on the Cisco Duo API. For more information about the Cisco Duo API rate limits, see the rate limits under [Authentication Logs](https://duo.com/docs/adminapi#authentication-logs). If the combination of AppFabric and your existing Cisco Duo API applications exceed Cisco Duo's limits, audit logs appearing in AppFabric might be delayed. Contact Cisco Duo if you need a rate limit increase.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connect AppFabric to your Cisco Duo account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Cisco Duo. To find the information required to authorize Cisco Duo with AppFabric, use the following steps.
### Create a Cisco Duo Admin API application
AppFabric integrates with Cisco Duo using an API service token. To create an application in Cisco Duo, use the following steps.
+ To create a Cisco Duo Admin API application, follow the instructions in [First steps](https://duo.com/docs/adminapi#first-steps) in the *Cisco Duo Admin API*.
### Required permissions
You must add the following scopes to your Cisco Duo application:
+ Grant read log
+ Grant read resource
### App authorizations
#### Tenant ID
AppFabric will request a tenant ID. You can find the tenant ID in the Cisco Duo hostname. To find the hostname in Cisco Duo, follow these steps.
1. Navigate to the [Cisco Duo Admin Login](https://admin.duosecurity.com/login?next=%2F) page and sign in.
1. Navigate to **Applications** and then choose **Protect an Application**.
1. Locate the entry for **Admin API** in the applications list, and then choose **Protect** to the far-right to configure your application and get your API hostname.
1. The API hostname is formatted as `api-.duosecurity.com`, in which `` is the Tenant ID.
#### Tenant name
Enter a name that identifies this unique Cisco Duo organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Service token
AppFabric will request a service token. The service token is a colon-separated integration key and secret key with the following format.
```
integrationkey:secretkey
```
To find your integration key and secret key in Cisco Duo, use the following steps.
1. Navigate to the [Cisco Duo Admin Login](https://admin.duosecurity.com/login?next=%2F) page and sign in.
1. Navigate to **Applications** and then choose **Protect an Application**.
1. "Click **Protect an Application** and locate the entry for **Admin API** in the applications list. Click **Protect** at the far-right to configure the application. Scroll down to the scopes section and add **Grant read log** and **Grant read resource**.
# Configure Dropbox for AppFabric
Dropbox helps your organization get better work done faster by bringing your people together - no matter what they’re working on, where they’re working, or what kind of tools they happen to be using. It enables users to accelerate innovation and efficiency by providing a simple, secure way to share content. Dropbox is one place to keep life organized and keep work moving. With more than 700 million registered users across 180 countries, Dropbox is on a mission to design a more enlightened way of working.
You can use AWS AppFabric for security to audit logs and user data from Dropbox, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Dropbox
](#dropbox-appfabric-support)
+ [
## Connecting AppFabric to your Dropbox account
](#dropbox-appfabric-connecting)
## AppFabric support for Dropbox
AppFabric supports receiving user information and audit logs from Dropbox.
### Prerequisites
To use AppFabric to transfer audit logs from Dropbox to supported destinations, you must meet the following requirements:
+ You must have a Dropbox Business account. For more information about creating or upgrading to a Dropbox Business account, see [Dropbox Business](https://www.dropbox.com/business) on the Dropbox website.
+ You must have a user with the Team Admin role in your Dropbox account. For more information about roles, see [How to change admin rights for your Dropbox team](https://help.dropbox.com/security/change-admin-rights) on the *Dropbox Help Center* website.
### Rate limit considerations
Dropbox imposes rate limits on the Dropbox API. For more information about the Dropbox API rate limits, see [Rate limits](https://developers.dropbox.com/dbx-performance-guide#api-rate-limits) on the *Dropbox Performance Guide* website. If the combination of AppFabric and your existing Dropbox API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Dropbox account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Dropbox. To find the information required to authorize Dropbox with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Dropbox using OAuth. To create an OAuth application in Dropbox, use the following steps:
1. Choose **Create app** in the Dropbox App Console at [https://www.dropbox.com/developers/apps](https://www.dropbox.com/developers/apps).
1. On the new application configuration page, choose **Scoped access** for the API.
1. Next, select **Full Dropbox** for the type of access.
1. Name your OAuth application, and then chose **Create app** to complete the initial OAuth application setup.
1. On the application info page, add a redirect URL with the following format in the OAuth2 redirect URIs field.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, `` is the code for the AWS Region in which you configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Choose **Add**.
1. Copy and save your app key and app secret for use in the AppFabric app authorization.
1. You can leave all other fields on the **Settings** tab with their default values.
### Required scopes
You must add the following scopes to your Dropbox app using the **Permissions** tab on the app info screen:
+ `account_info.read`
+ `team_data.member`
+ `events.read`
+ `members.read`
+ `team_info.read`
Choose **Submit** after you are done.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. Enter any value that uniquely identifies your Dropbox account, such as team name.
#### Tenant name
Enter a name that identifies this unique Dropbox account. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. The client ID in AppFabric is your Dropbox app key. To find your Dropbox app key, use the following steps:
1. Navigate to the Dropbox App Console at [https://www.dropbox.com/developers/apps](https://www.dropbox.com/developers/apps).
1. Find the app that you use to connect AppFabric.
1. Find the app key in the **Status** section of the app’s info page.
1. Enter the app key for your Dropbox app into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request a client secret. The client secret in AppFabric is your Dropbox app secret. To find your Dropbox app secret, use the following steps:
1. Navigate to the Dropbox App Console at [https://www.dropbox.com/developers/apps](https://www.dropbox.com/developers/apps).
1. Find the app that you use to connect AppFabric.
1. Find the app secret in the **Status** section of the app’s info page.
1. Enter the app secret for your Dropbox app into the **Client Secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Dropbox to approve the authorization. To approve the AppFabric authorization, choose **Allow**.
# Configure Genesys Cloud for AppFabric
Genesys Cloud creates fluid conversations across digital and voice channels in an easy, all-in-one interface. This positions companies to provide exceptional experiences for employees and customers and reap the benefits of speedy deployments, reduced complexity and simple administration.
You can use AWS AppFabric for security to receive audit logs and user data from Genesys Cloud, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Genesys Cloud
](#genesys-appfabric-support)
+ [
## Connecting AppFabric to your Genesys Cloud account
](#genesys-appfabric-connecting)
## AppFabric support for Genesys Cloud
AppFabric supports receiving user information and audit logs from Genesys Cloud.
### Prerequisites
To use AppFabric to transfer audit logs from Genesys Cloud to supported destinations, you must meet the following requirements:
+ You must have a Genesys Cloud account.
+ You must have a user with the Administrator role in your Genesys Cloud account.
### Rate limit considerations
Genesys Cloud imposes rate limits on the Genesys Cloud API. For more information about the Genesys Cloud API rate limits, see [Rate limits](https://developer.genesys.cloud/platform/api/rate-limits) on the Genesys Cloud Developer website.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Genesys Cloud account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Genesys Cloud. To find the information required to authorize Genesys Cloud with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Genesys Cloud using OAuth. To create an OAuth application in Genesys Cloud, use the following steps:
1. Follow the instructions in [Create an OAuth Client](https://help.mypurecloud.com/articles/create-an-oauth-client/) on the *Genesys Cloud Resource Center* website.
For **Grant types**, choose **Code Authorization**.
1. Use a redirect URL with the following format as the **Authorized redirect URIs**.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Select the **Scope** box to display a list of scopes available to your app. Select scope `audits:readonly` and `users:readonly`. For information about scopes, see [OAuth Scopes](https://developer.genesys.cloud/api/rest/authorization/scopes.html) in the Genesys Cloud Developer Center.
1. Choose **Save**. Genesys Cloud creates a Client ID and a Client Secret (token).
### Required scopes
You must add the following scopes to your Genesys Cloud OAuth application:
+ `audits:readonly`
+ `users:readonly`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Genesys Cloud instance name. You can find your tenant ID in the address bar of your browser. For example, `usw2.pure.cloud` is the tenant ID in the following URL `https://login.usw2.pure.cloud`.
#### Tenant name
Enter a name that identifies this unique Genesys Cloud organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in Genesys Cloud, use the following steps:
1. Choose **Admin**.
1. Under **Integrations**, choose **OAuth**.
1. Choose the OAuth client to get the Client ID.
#### Client secret
AppFabric will request a client secret. To find your client secret in Genesys Cloud, use the following steps:
1. Choose **Admin**.
1. Under **Integrations**, choose **OAuth**.
1. Choose the OAuth client to get the Client Secret.
# Configure GitHub for AppFabric
GitHub is a platform and cloud-based service for software development and version control using Git, allowing developers to store and manage their code. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project.
You can use AWS AppFabric for security to receive audit logs and user data from GitHub, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for GitHub
](#github-appfabric-support)
+ [
## Connecting AppFabric to your GitHub account
](#github-appfabric-connecting)
## AppFabric support for GitHub
AppFabric supports receiving user information and audit logs from GitHub.
### Prerequisites
To use AppFabric to transfer audit logs from GitHub to supported destinations, you must meet the following requirements:
+ To access the Audit logs you need to have an enterprise account.
+ To access the Enterprise audit logs you need to have Administrator role for your enterprise account.
+ To get audit logs from organization, you need to be Organization owner.
### Rate limit considerations
GitHub imposes rate limits on the GitHub API. For more information about the GitHub API rate limits, see [API Request Limits and Allocations](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps) on the *GitHub website*. If the combination of AppFabric and your existing GitHub API applications exceed GitHub’s limits, audit logs appearing in AppFabric may be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your GitHub account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with GitHub. To find the information required to authorize GitHub with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with the GitHub using OAuth. Use the following steps to create an OAuth application in GitHub. For more information, see [Creating GitHubs Apps](https://docs.github.com/en/apps/creating-github-apps) on the *GitHub website*.
1. Choose your profile photo located in the top-right corner of the page, and then choose **Settings**.
1. Choose **Developer settings** in the left navigation pane.
1. Choose **OAuth apps** in the left navigation pane.
1. Choose **New OAuth App**.
**Note**
This button will be labeled **Register a new application** if you haven't previously created an OAuth app.
1. Enter the name of your app in the **Application name** text box.
1. Enter the full application instance URL in the **Homepage URL** text box.
1. (Optional) Enter a description for your app in the **Application description** text box. Users will see this description.
1. Enter a URL with the following format in the **Authorization callback URL** text box.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Choose **Enable Device Flow** if your OAuth app will use device flow to identify and authorize users. For more information about device flow, see [Authorizing OAuth apps](https://docs.github.com/en/enterprise-cloud@latest/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow) on the *GitHub website*.
1. Choose **Register application**.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID should be provided in either of the following formats:
**Enterprise audit log:**
Use the enterprise's audit log if you want to know aggregated actions from all of the organizations owned by your enterprise account.
To use the enterprise audit log, the tenant ID is your account's enterprise ID. You can find your enterprise ID in the address bar of your browser. For example, `exampleenterprise` is the enterprise ID in the following URL `https://github.com/settings/enterprises/examplenterprise`.
When you specify the tenant ID for enterprise audit log, you must prefix it with `enterprise:`. Therefore, specify the previous example as `enterprise:examplenterprise`.
**Organization audit log:**
Use the organization’s audit log as an organization admin if you want to know the actions performed by members of your organization. It includes details such as who performed the action, what the action was, and when it was performed.
To use organization audit log, the tenant ID is your organization ID. You can find your organization ID in the address bar of your browser. For example, `exampleorganization` is the organization ID in the following URL `https://github.com/settings/organizations/exampleorganization`.
When you specify the tenant ID for organization audit log, you must prefix it with `organization:`. Therefore, specify the previous example as `organization:exampleorganization`.
#### Tenant name
Enter a name that identifies this unique GitHub enterprise or organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. Use the following steps to find your client ID in GitHub,
1. Choose your profile photo located in the top-right corner of the page, and then choose **Settings**.
1. Choose **Developer settings** in the left navigation pane.
1. Choose **OAuth apps** in the left navigation pane.
1. Choose the specific OAuth app, and then look for the **Client ID** value.
#### Client secret
AppFabric will request a client secret. Use the following steps to find your client secret in GitHub.
1. Choose your profile photo located in the top-right corner of the page, and then choose **Settings**.
1. Choose **Developer settings** in the left navigation pane.
1. Choose **OAuth apps** in the left navigation pane.
1. Choose the specific OAuth app, and then look for the **Client Secret** value. If you are unable to find an existing client secret, then you might need to generate a new one.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from GitHub to approve the authorization. To approve the AppFabric authorization, choose **Allow**.
Make sure that your organizations have [granted access](https://docs.github.com/en/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization) to the OAuth app, if [OAuth App access restrictions](https://docs.github.com/en/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions) are enabled.
# Configure Google Analytics for AppFabric
Google Analytics is a web analytics service that provides statistics and basic analytical tools for search engine optimization (SEO) and marketing purposes. Google Analytics is used to track website performance and collect visitor insights. It can help organizations determine top sources of user traffic, gauge the success of their marketing activities and campaigns, track goal completions (such as purchases, adding products to carts), discover patterns and trends in user engagement and obtain other visitor information such as demographics. Small and medium-sized retail websites often use Google Analytics to obtain and analyze various customer behavior analytics, which can be used to improve marketing campaigns, drive website traffic and better retain visitors.
You can use AWS AppFabric for security to audit logs and user data from Azure Monitor, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Google Analytics
](#google-analytics-appfabric-support)
+ [
## Connecting AppFabric to your Google Analytics account
](#google-analytics-appfabric-connecting)
## AppFabric support for Google Analytics
AppFabric supports receiving audit logs from Google Analytics.
### Prerequisites
To use AppFabric to transfer audit logs from Google Analytics to supported destinations, you must meet the following requirements:
+ You must be Administrator of the Google Analytics account.
+ For AppFabric to deliver logs, you need to enable the [Google Analytics Admin API](https://console.cloud.google.com/flows/enableapi?apiid=analyticsadmin.googleapis.com) on your Google Cloud project. Be sure to use a new project when setting up the Google Analytics OAuth application.
### Rate limit considerations
Google Analytics imposes rate limits on the Google Analytics API. For more information about Google Analytics API rate limits, see [Limits and Quotas](https://developers.google.com/analytics/devguides/config/admin/v1/quotas) on the *Google Analytics website*. If the combination of AppFabric and your existing *Google Analytics* API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Google Analytics account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Google Analytics. Use the following steps to find the information required to authorize Google Analytics with AppFabric.
### Create an OAuth application
AppFabric integrates with the Google Analytics using OAuth. Complete the following steps to create an OAuth application in Google Analytics:
1. To configure your OAuth consent screen, follow the instructions in Configure the OAuth consent screen in the Google Developer Guide on the Google website.
1. Choose External for the User type
1. To configure OAuth credentials for AppFabric, follow the instructions in the OAuth client ID credentials section of the Create access credentials page in the Google Developer Guide.
1. Use a redirect URL with the following format.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In that address, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
### Required scopes
You must add the following scope to your Google Analytics OAuth application:
```
https://www.googleapis.com/auth/analytics.edit
```
### App authorizations
#### Tenant ID
AppFabric will request a tenant ID. The tenant ID in AppFabric is your Google Analytics account ID.
1. Go to the [Google Analytics home page](https://analytics.google.com/analytics/web/).
1. Choose **Admin** in the navigation pane.
1. You will find your account ID under **Account** > **Account Settings** > **Account details** > **Account ID**.
#### Tenant name
Enter a name that identifies this unique Google Analytics organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. Use the following steps to find your client ID in Google Analytics:
1. Go to the [Credentials page](https://console.developers.google.com/apis/credentials).
1. In the **OAuth 2.0 Client IDs** section, choose the client ID you created.
1. The client ID is listed in the **Additional information** section of the page.
#### Client secret
AppFabric will request a client secret. Use the following steps to find your client secret in Google Analytics:
1. Go to the [Credentials page](https://console.developers.google.com/apis/credentials).
1. In the **OAuth 2.0 Client IDs** section, choose the client name.
1. The client secret is listed in the **Client secrets** section of the page.
#### App authorization
After creating the app authorization in AppFabric you will receive a pop-up window from Google Analytics to approve the authorization. To approve the AppFabric authorization by choosing **Allow**.
# Configure Google Workspace for AppFabric
Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google.
You can use AWS AppFabric for security to audit logs and user data from Google Workspace, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support forGoogle Workspace
](#google-workspace-appfabric-support)
+ [
## Connecting AppFabric to your Google Workspace account
](#google-workspace-appfabric-connecting)
## AppFabric support forGoogle Workspace
AppFabric supports receiving user information and audit logs from Google Workspace.
### Prerequisites
To use AppFabric to transfer audit logs from Google Workspace to supported destinations, you must meet the following requirements:
+ You must subscribe to the Google Workspace Enterprise Standard plan. For more information about creating or upgrading to the Google Workspace Enterprise Standard plan, see the [Google Workspace Plans](https://workspace.google.com/pricing.html) website.
+ You must have a user with the **Administrator** role in your Google Workspace.
+ For AppFabric to deliver logs, you need to enable [Google Admin SDK API](https://console.cloud.google.com/flows/enableapi?apiid=admin.googleapis.com) on your Google Cloud project. For more information, see [Enable Google Workspace APIs](https://developers.google.com/workspace/guides/enable-apis) in the *Google Workspace Developer Guide*.
### Rate limit considerations
Google Workspace imposes rate limits on the Google Workspace API. For more information about Google Workspace API rate limits, see [Limits and Quotas](https://developers.google.com/admin-sdk/reports/v1/limits) on the *Google Workspace Admin Guide* on the Google Workspace website. If the combination of AppFabric and your existing Google Workspace API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to 30-minute delay for most of audit events and up to 4-hours delay for certain audit events to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. For more information, see [ Data retention and lag times](https://support.google.com/a/answer/7061566?hl=en) in the *Google WorkSpace Admin Help website*. However, this might be customizable at an account-level. For assistance contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Google Workspace account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Google Workspace. To find the information required to authorize Google Workspace with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Google Workspace using OAuth. To create an OAuth application in Google Workspace, use the following steps:
1. To configure your OAuth consent screen, follow the instructions in [Configure the OAuth consent screen](https://developers.google.com/workspace/guides/configure-oauth-consent) in the *Google Workspace Developer Guide* on the Google Workspace website.
Choose **Internal** for the **User type**.
1. To configure OAuth credentials for AppFabric, follow the instructions in the [OAuth client ID credentials](https://developers.google.com/workspace/guides/create-credentials#oauth-client-id) section of the *Create access credentials* page in the *Google Workspace Developer Guide*.
1. Use a redirect URL with the following format.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
### Required scopes
You must add the following scopes to your Google Workspace OAuth application:
+ `https://www.googleapis.com/auth/admin.reports.audit.readonly`
+ `https://www.googleapis.com/auth/admin.directory.user`
If you don't see these scopes, add the **Admin SDK API** to your Google Cloud API library.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Google Workspace project ID. To find your project ID, see [Locate the project ID](https://support.google.com/googleapi/answer/7014113?hl=en) on the Google API Console Help website.
#### Tenant name
Enter a name that identifies this unique Google Workspace. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request your client ID. To find your client ID, use the following steps:
1. Find your client ID using the information in the [View Credentials](https://developers.google.com/workspace/guides/manage-credentials#view_credentials) section of the *Manage Credentials* page in the *Google Workspace Developer Guide*.
1. Enter the client ID for your OAuth client into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request your client secret. To find your client secret, use the following steps:
1. Find your client secret using the information in the [View Credentials](https://developers.google.com/workspace/guides/manage-credentials#view_credentials) section of the *Manage Credentials* page on the *Google Workspace Developer Guide*.
1. If you need to reset your client secret, use the instructions in the [Reset Client Secret](https://developers.google.com/workspace/guides/manage-credentials#reset_client_secret) section of the *Manage Credentials* page on the *Google Workspace Developer Guide*.
1. Enter the your client secret into the **Client secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric you will receive a pop-up window from Google Workspace to approve the authorization. To approve the AppFabric authorization, choose **allow**.
# Configure HubSpot for AppFabric
HubSpot is a customer platform with all the software, integrations, and resources you need to connect your marketing, sales, content management, and customer service. HubSpot's connected platform enables you to grow your business faster by focusing on what matters most: your customers.
You can use AWS AppFabric for security to receive audit logs and user data from HubSpot, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for HubSpot
](#hubspot-appfabric-support)
+ [
## Connecting AppFabric to your HubSpot account
](#hubspot-appfabric-connecting)
## AppFabric support for HubSpot
AppFabric supports receiving user information and audit logs from HubSpot.
### Prerequisites
To use AppFabric to transfer audit logs from HubSpot to supported destinations, you must meet the following requirements:
+ You must have an account with the Enterprise subscription in HubSpot to access access audit logs. For more information about HubSpot subscriptions, see [Manage your HubSpot subscription](https://knowledge.hubspot.com/account/manage-your-hubspot-subscription) on the HubSpot Knowledge Base.
+ You must have a developer account and an app associated with the account.
+ You should be a **super admin** to install apps in your HubSpot account or have App Marketplace Access permission plus the user permissions to accepts the scopes the app is requesting.
### Rate limit considerations
HubSpot imposes rate limits on the HubSpot API. For more information about the HubSpot API rate limits, including limits for apps using OAuth, see [Rate Limits](https://developers.hubspot.com/docs/api/usage-details#rate-limits) on the HubSpot website. If the combination of AppFabric and your existing HubSpot API applications exceed HubSpot's limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your HubSpot account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with HubSpot. To find the information required to authorize HubSpot with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with HubSpot using OAuth. To create an OAuth application in HubSpot, use the following steps:
1. Follow the instructions in the [ Create a public app](https://developers.hubspot.com/docs/api/creating-an-app) section in the HubSpot guide on the HubSpot website.
1. From the **Auth** tab, add the three scopes listed in [Required scopes](#hubspot-required-scopes).
1. Use a redirect URL with the following format in **Redirect URL**.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Choose **Create app**.
### Required scopes
You must add the following scopes to your HubSpot OAuth application:
+ `settings.users.read`
+ `crm.objects.owners.read`
+ `account-info.security.read`
### App authorizations
#### Tenant ID
Enter an ID that identifies this unique HubSpot organization. For example, enter your HubSpot account ID.
#### Tenant name
Enter a name that identifies this unique HubSpot organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in HubSpot, use the following steps:
1. Navigate to the [HubSpot log-in page](https://app.hubspot.com/login) and sign in using your developer account credentials.
1. From the **Apps** menu, choose your app.
1. From the **Auth** tab, look for the **Client ID** value.
#### Client secret
AppFabric will request a client secret. To find your client secret in HubSpot, use the following steps:
1. Navigate to the [HubSpot log-in page](https://app.hubspot.com/login) and sign in using your developer account credentials.
1. From the **Apps** menu, choose your app.
1. From the **Auth** tab, look for the **Client secret** value.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from HubSpot to approve the authorization. Sign in to your account using your enterprise account credentials (not your developer account) to approve the AppFabric authorization. Choose **allow**.
# Configure IBM Security® Verify for AppFabric
The IBM Security® Verify family provides automated, cloud-based and on-premises capabilities for administering identity governance, managing workforce and consumer identity and access, and controlling privileged accounts. Whether you need to deploy a cloud or on-premises solution, IBM Security® Verify helps you establish trust and protect against insider threats to both your [workforce](https://www.ibm.com/products/verify-identity/workforce-iam) and [consumers](https://www.ibm.com/products/verify-identity/ciam).
You can use AWS AppFabric for security to receive audit logs and user data from IBM Security® Verify, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for the IBM Security® Verify
](#ibm-security-appfabric-support)
+ [
## Connecting AppFabric to your IBM Security® Verify account
](#ibm-security-appfabric-connecting)
## AppFabric support for the IBM Security® Verify
AppFabric supports receiving user information and audit logs from IBM Security® Verify.
### Prerequisites
To use AppFabric to transfer audit logs from IBM Security® Verify to supported destinations, you must meet the following requirements:
+ To access the audit logs, you need to have an [IBM Security® Verify SaaS account](https://www.ibm.com/products/verify-identity).
+ To access the audit logs, you need to have an administrator role in your IBM Security® Verify SaaS account.
### Rate limit considerations
IBM Security® Verify imposes rate limits on the IBM Security® Verify API. For more information about the IBM Security® Verify API rate limits, see [IBM Terms](https://www.ibm.com/support/customer/csol/terms/?id=i126-7765&lc=en). If the combination of AppFabric and your existing IBM Security® Verify API applications exceed IBM Security® Verify limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You may see up to 30-minute delay in an audit event to get delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this may be customizable on an account level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your IBM Security® Verify account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with IBM Security® Verify. To find the information required to authorize IBM Security® Verify with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with the IBM Security® Verify using OAuth. To create an OAuth application in IBM Security® Verify, see [Create an API client](https://docs.verify.ibm.com/verify/docs/support-developers-create-api-client) on the *IBM documentation website*.
1. For first-time login, use the login URL and credentials that were sent to your registered email address.
1. Access the administration console at `https://.verify.ibm.com/ui/admin/`. For more information, see [Accessing IBM Security® Verify](https://www.ibm.com/docs/en/security-verify?topic=overview-accessing-security-verify#taskt_login_admin_ui__steps__1).
1. In the administration console, under **Security** < **API Access** < **API Client**, choose **Add**.
1. Select the following options. These are required for reading audit log and user details.
+ Read reports
+ Read users and groups
1. Keep the **Default** option in the **Client Authentication method**.
Don't edit the **Custom scopes** field.
1. Choose **Next**.
1. Don't edit the **IP filter** field.
1. Choose **Next**.
1. Don't edit the **Additional properties** field.
1. Choose **Next**.
1. Specify a **Name** and **Description**. The description is optional.
1. Choose **Create API client**.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. You can locate the tenant ID in the IBM Security® Verify standard URL. For instance, in the `https://hostname.verify.ibm.com/` URL, the tenant ID is the *hostname* that can be found before `.verify.ibm.com` (or before `ice.ibmcloud.com` if you are using a former hostname). If you are using a vanity URL, contact your IBM Security® Verify support team to obtain your standard URL.
#### Tenant name
Enter a name that identifies this unique IBM Security® Verify tenant. AppFabric uses the tenant name to label the app authorizations and any ingestion created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in IBM Security® Verify, use the following steps:
1. For first-time login, use the login URL and credentials that were sent to your registered email address.
1. Access the administration console at `https://.verify.ibm.com/ui/admin/`. For more information, see [Accessing IBM Security® Verify](https://www.ibm.com/docs/en/security-verify?topic=overview-accessing-security-verify#taskt_login_admin_ui__steps__1).
1. In the administration console, under **Security** < **API Access** < **API Client**, choose the ellipsis (⋮) next to the specific OAuth app.
1. Choose **Connection details**.
1. Locate **Client ID** under **API credentials**.
#### Client secret
AppFabric will request a client secret. To find your client secret in IBM Security® Verify, use the following steps:
1. For first-time login, use the login URL and credentials that were sent to your registered email address.
1. Access the administration console at `https://.verify.ibm.com/ui/admin/`. For more information, see [Accessing IBM Security® Verify](https://www.ibm.com/docs/en/security-verify?topic=overview-accessing-security-verify#taskt_login_admin_ui__steps__1).
1. In the administration console, under **Security** < **API Access** < **API Client**, choose the ellipsis (⋮) next to the specific OAuth app.
1. Choose **Connection details**.
1. Locate **Client secret** under **API credentials**.
# Configure JumpCloud for AppFabric
JumpCloud Inc. is an American enterprise software company that provides a cloud-based directory platform for identity management. It centralizes and simplifies identity management, allowing users to securely access their systems, apps, networks, and file servers with a single set of credentials, regardless of platform, protocol, provider, or location.
You can use AWS AppFabric to receive audit logs and user data from JumpCloud, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for JumpCloud
](#jumpcloud-appfabric-support)
+ [
## Connecting AppFabric to your JumpCloud account
](#jumpcloud-appfabric-connecting)
## AppFabric support for JumpCloud
AppFabric supports receiving user information and audit logs from JumpCloud.
### Prerequisites
To use AppFabric to transfer audit logs from JumpCloud to supported destinations, you must meet the following requirements:
+ You must have an active paid JumpCloud subscription plan. For more information, see [https://jumpcloud.com/pricing](https://jumpcloud.com/pricing) on the JumpCloud website.
+ You must have the "Admins with Billing" role.
### Rate limit considerations
JumpCloud doesn't publish rate limits. You must create a support case or reach out to your JumpCloud Customer team. If the combination of AppFabric and your existing JumpCloud API applications exceed JumpCloud's limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delays in audit events made available by the application, and due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your JumpCloud account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with JumpCloud. To find the information required to authorize JumpCloud with AppFabric, follow the steps in the next section.
### Create an Organization token from the JumpCloud account
AppFabric uses an API key to integrate with JumpCloud To create an API key in JumpCloud, follow these steps:.
1. [Sign in to your JumpCloud](https://console.jumpcloud.com/login/admin) account as an administrator.
1. In the Admin Portal, choose your account initials, located n the top-right, and choose **My API Key** from the menu.
1. Choose **Generate New API Key**, or select an existing key.
**Note**
JumpCloud only allows one active API key. Generating a new API key will revoke access to the current API key. This will render all calls using the previous API key inaccessible. You will have to update any existing integrations that use the previous API key with the new key value.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. Here “Organization Id” will be the Tenant Id. To find the "Organization Id", follow these steps.
1. Sign in to your JumpCloud account.
1. In the navigation pane, choose **Settings**, then **Organization Profile**, then **General**.
1. Choose the "eye" icon to remove the obscured view.
1. Choose the "double-page" icon to copy the ID.
#### Tenant name
Enter a name that identifies this unique JumpCloud organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Service account token
AppFabric will request your service account token. In AppFabric, this is the organization API token that you created in [Create an Organization token from the JumpCloud account](#jumpcloud-appfabric-access-token), earlier in this topic.
# Configure Microsoft 365 for AppFabric
Microsoft 365 is a product family of productivity software, collaboration, and cloud-based services owned by Microsoft.
You can use AWS AppFabric for security to audit logs and user data from Microsoft 365, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Microsoft 365
](#microsoft-365-appfabric-support)
+ [
## Connecting AppFabric to your Microsoft 365 account
](#microsoft-365-appfabric-connecting)
## AppFabric support for Microsoft 365
AppFabric supports receiving user information and audit logs from Microsoft 365.
### Prerequisites
To use AppFabric to transfer audit logs from Microsoft 365 to supported destinations, you must meet the following requirements:
+ You must subscribe to a Microsoft 365 Enterprise plan. For more information about creating or upgrading to a Microsoft 365 Enterprise plan, see [Microsoft 365 Enterprise Plans](https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans) on the Microsoft website.
+ You must have a user with **Administrator** permissions in your Microsoft 365 account.
+ You must turn on audit logging for your organization. For more information, see [Turn auditing on or off](https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-enable-disable?view=o365-worldwide) on the Microsoft website.
### Rate limit considerations
Microsoft 365 imposes rate limits on the Microsoft 365 API. For more information about Microsoft 365 API rate limits, see [Microsoft Graph service-specific throttling limits](https://learn.microsoft.com/en-us/graph/throttling-limits) in the Microsoft Graph documentation on the Microsoft website. If the combination of AppFabric and your existing Microsoft 365 API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Microsoft 365 account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Microsoft 365. To find the information required to authorize Microsoft 365 with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Microsoft 365 using OAuth. To create an OAuth application in Microsoft 365, use the following steps:
1. Follow the instructions in the [Register an application](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application) section in the *Azure Active Directory Developer Guide* on the Microsoft website.
Choose **Accounts in this organizational directory only** in the **Supported Account Types** configuration.
1. Follow the instructions in the [Add a redirect URI](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-a-redirect-uri) section in the *Azure Active Directory Developer Guide*.
Choose the **Web platform**.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
You can skip the other input fields for the Web platform.
1. Follow the instructions in the [Add a client secret](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-a-client-secret) section of the *Azure Active Directory Developer Guide*.
### Required permissions
You must add the following permissions to your OAuth application. To add permissions, follow the instructions in the [Add permissions to access your web API](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-permissions-to-access-your-web-api) section of the *Azure Active Directory Developer Guide*.
+ `Microsoft Graph API` > `User.Read` (automatically added)
+ `Office 365 Management APIs` > `ActivityFeed.Read` (Select Delegated Type)
+ `Office 365 Management APIs` > `ActivityFeed.ReadDlp` (Select Delegated Type)
+ `Office 365 Management APIs` > `ServiceHealth.Read` (Select Delegated Type)
After you’ve added the permissions, to grant admin consent for the permissions, follow the instructions in the [Admin consent button](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#admin-consent-button) section of the *Azure Active Directory Developer Guide*.
### App authorizations
AppFabric supports receiving user information and audit logs from your Microsoft 365 account. To receive both audit logs and user data from Microsoft 365, you must create two app authorizations, one that is named **Microsoft 365** in the app authorization drop-down list, and another that is named **Microsoft 365 Audit Log** in the app authorization drop-down list. You can use the same tenant ID, client ID and client secret for both app authorizations. To receive audit logs from Microsoft 365, you need both the **Microsoft 365** and **Microsoft 365 Audit Log** app authorizations. To use the user access tool alone, only the **Microsoft 365** app authorization is required.
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Azure Active Directory tenant ID. To find your Azure Active Directory tenant ID, see [How to find your Azure Active Directory tenant ID](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/how-to-find-tenant) in the *Azure Product Documentation* on the Microsoft website.
#### Tenant name
Enter a name that identifies this unique Microsoft 365 account. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request your client ID. The client ID in AppFabric is the Microsoft 365 application (client) ID. To find your Microsoft 365 application (client) ID, use the following steps:
1. Open the overview page for the OAuth application that you use with AppFabric.
1. The application (client) ID appears under **Essentials**.
1. Enter the application (client) ID for your OAuth client into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request your client secret. Microsoft 365 provides this value only when you initially create the client secret for your OAuth application. To generate a new client secret if you don't have one, use the following steps:
1. To create a client secret, follow the instructions in the [Add a client secret](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-a-client-secret) section of the *Azure Active Directory Developer Guide* .
1. Enter the contents of the **Value** field into the **Client secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Microsoft 365 to approve the authorization. To approve the AppFabric authorization, choose **allow**.
# Configure Miro for AppFabric
Miro is an online workspace for innovation that enables distributed teams of any size to build the next big thing. The platform’s infinite canvas enables teams to lead engaging workshops and meetings, design products, brainstorm ideas, and more. Miro, co-headquartered in San Francisco and Amsterdam, serves more than 50M users worldwide, including 99% of the Fortune 100. Miro was founded in 2011 and currently has more than 1,500 employees in 12 hubs around the world. To learn more, visit [https://miro.com](https://miro.com).
Miro includes a full suite of collaborative capabilities designed for innovation including diagramming, wireframing, real-time data visualization, workshop facilitation, and built-in support for agile practices, workshops, and interactive presentations. Miro recently announced Miro AI which extends Miro’s capabilities, with AI-driven mapping and diagramming, clustering and summarization, and content generation. Miro enables organizations to reduce the number of standalone tools, reducing information fragmentation and cost.
You can use AWS AppFabric for security to audit logs and user data from Miro, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Miro
](#miro-appfabric-support)
+ [
## Connecting AppFabric to your Miro account
](#miro-appfabric-connecting)
## AppFabric support for Miro
AppFabric supports receiving user information and audit logs from Miro.
### Prerequisites
To use AppFabric to transfer audit logs from Miro to supported destinations, you must meet the following requirements:
+ You must have a Miro Enterprise Plan. For more information about the Miro plan types, see the [Miro pricing](https://miro.com/pricing/) page on the Miro website.
+ You must have a user with the Company Admin role in your Miro account. For more information about roles, see the *Company level* section of [Roles in Miro](https://help.miro.com/hc/en-us/articles/360017571194-Roles-in-Miro#Company_level) on the Miro Help Center website.
+ You must have an Enterprise Developer team in your Miro account. For information about creating developer teams, see [Enterprise Developer teams](https://help.miro.com/hc/en-us/articles/4766759572114) on the Miro Help Center website.
### Rate limit considerations
Miro imposes rate limits on the Miro API. For more information about the Miro API rate limits, see [Rate Limiting](https://developers.miro.com/docs/rate-limiting) in the *Miro Developers Guide* on the Miro website. If the combination of AppFabric and your existing Miro API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Miro account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Miro. To find the information required to authorize Miro with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Miro using OAuth. To create an OAuth application in Miro, use the following steps:
1. To create an OAuth application, follow the instructions in the [Creating and installing apps](https://help.miro.com/hc/en-us/articles/4766759572114#Creating_and_installing_apps) section of the *Enterprise Developer teams* article on the Miro Help Center website.
1. On the app creation dialog, select the **Expire user authorization token** check box after you select a developer team on the enterprise organization.
**Note**
You must do this *before* creating the app because you can't change this option after you create the app.
1. On the app page, enter a URL with the following format in the **Redirect URI for OAuth 2.0 section**.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Copy and save your client ID and client secret to use in the AppFabric app authorization.
### Required scopes
You must add the following scopes on the `Permissions` section of your Miro OAuth app page:
+ `auditlogs:read`
+ `organizations:read`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Miro Team ID. For information about how to find your Miro Team ID, see the *Frequently Asked Questions* section of [I am a new Miro Admin. Where to start?](https://help.miro.com/hc/en-us/articles/360021841280-I-am-a-new-Miro-Admin-Where-to-start-) on the *Miro Help Center* website.
#### Tenant name
Enter a name that identifies this unique Miro organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request your client ID. To find your client ID, use the following steps:
1. Navigate to your Miro profile settings.
1. Select the **Your apps** tab.
1. Select the app that you use to connect with AppFabric.
1. Enter the client ID from the **App Credentials** section into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request your client secret. To find your client secret, use the following steps:
1. Navigate to your Miro profile settings.
1. Select the **Your apps** tab.
1. Select the app that you use to connect with AppFabric.
1. Enter the client secret from the **App Credentials** section into the **Client secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Miro to approve the authorization. To approve the AppFabric authorization, choose **Allow**.
# Configure Okta for AppFabric
Okta is the World’s Identity Company. As the leading independent Identity partner, Okta frees everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of the Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. Okta is building a world where Identity belongs to you. Learn more at okta.com.
You can use AWS AppFabric for security to audit logs and user data from Okta, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Okta
](#okta-appfabric-support)
+ [
## Connecting AppFabric to your Okta account
](#okta-appfabric-connecting)
## AppFabric support for Okta
AppFabric supports receiving user information and audit logs from Okta.
### Prerequisites
To use AppFabric to transfer audit logs from Okta to supported destinations, you must meet the following requirements:
+ You can use AppFabric with any Okta plan type.
+ You must have a user with the **Super Admin** role in your Okta account.
+ The user approving the app authorization in AppFabric must also have the **Super Admin** role in your Okta account.
### Rate limit considerations
Okta imposes rate limits on the Okta API. For more information about the Okta API rate limits, see [Rate limits](https://developer.okta.com/docs/reference/rate-limits/) in the *Okta Developer Guide* on the Okta website. If the combination of AppFabric and your existing Okta API applications exceed Okta's limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Okta account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Okta. To find the information required to authorize Okta with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Okta using OAuth. To create an OAuth application to connect with AppFabric, follow the instructions in [Create OIDC app integrations](https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_OIDC.htm) on the *Okta Help Center* website. Following are configuration considerations for AppFabric:
1. For **Application Type**, choose **Web application**.
1. For **Grant type**, choose **Authorization Code** and **Refresh Token**.
1. Use a redirect URL with the following format as the **Sign-in redirect URI** and **Sign-out redirect URI**.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. You can skip the **Trusted Origins** configuration.
1. Grant access to everyone in your Okta organization in the **Controlled access** configuration.
**Note**
If you skip this step during initial OAuth application creation, you can assign everyone in your organization as a group using the **Assignments** tab on the application configuration page.
1. You can leave all other options with their default values.
### Required scopes
You must add the following scopes to your Okta OAuth application:
+ `okta.logs.read`
+ `okta.users.read`
### App authorizations
#### Tenant ID
AppFabric will request a tenant ID. The tenant ID in AppFabric is your Okta domain. For more information about finding your Okta domain, see [Find your Okta domain](https://developer.okta.com/docs/guides/find-your-domain/main/) in the *Okta Developer Guide* on the Okta website.
#### Tenant name
Enter a name that identifies this unique Okta organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in Okta, use the following steps:
1. Navigate to the Okta developer console.
1. Choose the **Applications** tab.
1. Choose your application and then choose the **General** tab.
1. Scroll to the **Client Credentials** section.
1. Enter the client ID from your OAuth client into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request a client secret. To find your client secret in Okta, use the following steps:
1. Navigate to the Okta developer console.
1. Choose the **Applications** tab.
1. Choose your application and then choose the **General** tab.
1. Scroll to the **Client Credentials** section.
1. Enter the client secret from your OAuth application into the **Client Secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Okta to approve the authorization. To approve the AppFabric authorization, choose **allow**. The user approving the Okta authorization must have **Super Admin** permission in Okta.
# Configure OneLogin by One Identity for AppFabric
OneLogin by One Identity is a modern, cloud-based access management solution that seamlessly manages all digital identities for your workforce, customers and partners. OneLogin provides secure single sign-on (SSO), multi-factor authentication (MFA), adaptive authentication, desktop-level MFA, directory integration with AD, LDAP, G Suite and other external directories, identity lifecycle management and much more. With OneLogin, you can protect your organization from the most common attacks, resulting in increased security, frictionless user experiences, and compliance with regulatory requirements.
You can use AWS AppFabric for security to receive audit logs and user data from OneLogin, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for OneLogin by One Identity
](#onelogin-appfabric-support)
+ [
## Connecting AppFabric to your OneLogin by One Identity account
](#onelogin-appfabric-connecting)
## AppFabric support for OneLogin by One Identity
AppFabric supports receiving user information and audit logs from OneLogin by One Identity.
### Prerequisites
To use AppFabric to transfer audit logs from OneLogin by One Identity to supported destinations, you must meet the following requirements:
+ You must have a OneLogin Advanced or Professional account.
+ You must have a user with the Admin/Delegated Admin Privileges.
### Rate limit considerations
OneLogin by One Identity imposes rate limits on the OneLogin API. For more information about the OneLogin API rate limits, see [Get Rate Limit](https://developers.onelogin.com/api-docs/1/oauth20-tokens/get-rate-limit) in the *OneLogin API Reference*. If the combination of AppFabric and your existing OneLogin API applications exceed OneLogin's limits, audit logs appearing in AppFabric might be delayed. However, the OneLogin rate limit can be increased. For assistance, contact your OneLogin by One Identity Account Manager or contact [https://partners.amazonaws.com/contactpartner?partnerId=001E000000UfZycIAF&partnerName=One%20Identity](https://partners.amazonaws.com/contactpartner?partnerId=001E000000UfZycIAF&partnerName=One%20Identity).
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your OneLogin by One Identity account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with OneLogin by One Identity. To find the information required to authorize OneLogin with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with OneLogin by One Identity using OAuth. To create an OAuth application in OneLogin, use the following steps:
1. Navigate to the [OneLogin log-in page](https://app.onelogin.com/login) and sign in.
1. From the **Developers** menu, choose **API Credentials**.
1. Choose **New Credentials**, enter a name for your new credential, and then choose **Read all**.
1. Choose **Save**. OneLogin creates a client ID and a client secret.
### Required scopes
You must add the following scopes to your OneLogin by One Identity OAuth application:
+ Read all. For more information about scopes and client credentials, see [Working with API Credentials](https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials) in the *OneLogin API Reference*.
### App authorizations
#### Tenant ID
AppFabric will request a tenant ID. The tenant ID in AppFabric is your instance subdomain. You can find your tenant ID in the address bar of your browser. For example, `subdomain` is the tenant ID in the following URL `https://subdomain.onelogin.com`.
#### Tenant name
Enter a name that identifies this unique OneLogin by One Identity organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in OneLogin by One Identity, use the following steps:
1. Navigate to the [OneLogin log-in page](https://app.onelogin.com/login) and sign in.
1. From the **Developers** menu, choose **API Credentials**.
1. Choose the API credential to get the Client ID.
#### Client secret
AppFabric will request a client secret. To find your client secret in OneLogin by One Identity, use the following steps:
1. Navigate to the [OneLogin log-in page](https://app.onelogin.com/login) and sign in.
1. From the **Developers** menu, choose **API Credentials**.
1. Choose the API credential to get the Client Secret.
#### Client app authorization
In AppFabric, create an app authorization using your tenant ID and name, and your client ID and name. Choose connect to activate the authorization.
# Configure PagerDuty for AppFabric
PagerDuty is a Digital Operations Management Platform that helps teams mitigate customer-impacting issues by turning any signal into action so you can resolve issues faster and operate more efficiently. Integrates with CloudWatch, GuardDuty, CloudTrail, and Personal Health Dashboard.
You can use AWS AppFabric for security to receive audit logs and user data from PagerDuty, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for PagerDuty
](#pagerduty-appfabric-support)
+ [
## Connecting AppFabric to your PagerDuty account
](#pagerduty-appfabric-connecting)
## AppFabric support for PagerDuty
AppFabric supports receiving user information and audit logs from PagerDuty.
### Prerequisites
To use AppFabric to transfer audit logs from PagerDuty to supported destinations, you must meet the following requirements:
+ To access the audit logs, you must have a PagerDuty **Business** or **Digital Operations** plan.
+ You should be a Global Admin or account owner of the PagerDuty account.
### Rate limit considerations
PagerDuty imposes rate limits on the PagerDuty API. For more information about the PagerDuty API rate limits, see [REST API Rate Limits](https://developer.pagerduty.com/docs/72d3b724589e3-rest-api-rate-limits) on the PagerDuty Developer Platform. If the combination of AppFabric and your existing PagerDuty API applications exceed PagerDuty's limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your PagerDuty account
The PagerDuty platform supports API access keys. To generate an API access key, use the following steps.
### Create an API Access Key
AppFabric integrates with PagerDuty using an API Access key for public clients. To create an API access key in PagerDuty, use the following steps:
1. Navigate to the [PagerDuty log-in page](https://identity.pagerduty.com/global/authn/authentication/PagerDutyGlobalLogin/enter_email) and sign in.
1. Choose **Integrations**, **API Access Keys**.
1. Choose **Create New API Key**.
1. Enter a description and then select **Read-only API Key**.
1. Choose **Create Key**.
1. Copy and save the API key. You'll need this later in AppFabric. If you close the page before saving the API key you must generate a new API key and save it. This key should be dedicated to AppFabric to avoid sharing the PagerDuty API rate limit with your other integrations.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID for your PagerDuty account is the base URL of your account. You can find this by logging in to PagerDuty and copying from the address bar of your web browser. The tenant ID should follow one of the following formats:
+ For US accounts, `subdomain.pagerduty.com`
+ For EU accounts, `subdomain.eu.pagerduty.com`
#### Tenant name
Enter a name that identifies this unique PagerDuty organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Service account token
AppFabric will request your service account token. The service account token in AppFabric is the API access key you created in [Create an API Access Key](#pagerduty-create-api-key).
# Configure Ping Identity for AppFabric
At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That's why more than half of the Fortune 100 choose Ping Identity to protect digital interactions for their users while making experiences frictionless. On August 23, 2023, Ping Identity and ForgeRock joined together to deliver more choice, deeper expertise, and a more complete identity solution for customers and partners.
You can use AWS AppFabric for security to receive audit logs and user data from Ping Identity, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Ping Identity
](#pingidentity-appfabric-support)
+ [
## Connecting AppFabric to your Ping Identity account
](#pingidentity-appfabric-connecting)
## AppFabric support for Ping Identity
AppFabric supports receiving user information and audit logs from Ping Identity.
### Prerequisites
To use AppFabric to transfer audit logs from Ping Identity to supported destinations, you must meet the following requirements:
+ You must have an Essential, Plus, or Premium Ping Identity account. For more information about creating or upgrading to the applicable Ping Identity plan type, see [Ping Identity pricing for all features](https://www.pingidentity.com/en/platform/pricing.html) on the Ping Identity website.
+ You must have **Identity Data Read Only** role in your Ping Identity account. You can add roles to your account by granting roles for your application. For more information about roles, see [Roles](https://docs.pingidentity.com/r/en-us/pingone/p1_c_roles) on the Ping Identity Support website.
### Rate limit considerations
Ping Identity doesn't publish rate limits. You must create a support case or reach out to your Ping Identity Customer Success team. If the combination of AppFabric and your existing Ping Identity API applications exceed Ping Identity's limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Ping Identity account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Ping Identity. To find the information required to authorize Ping Identity with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Ping Identity using OAuth. To create an OAuth application in Ping Identity, use the following steps:
1. Follow the instructions in the [ Create an application connection](https://apidocs.pingidentity.com/pingone/main/v1/api/#create-an-application-connection) section in the *PingOne for Developers* guide on the Ping Identity website.
1. After you create the application, customize the grant types.
1. When signed in to the application, choose the **Configuration** tab and click the pencil icon to make changes in the existing configuration.
1. Under **Grant Type**, select **Authorization Code**. Keep **PKCE Enforcement** as **OPTIONAL**.
1. Select **Refresh Token** and choose your refresh durations.
1. Use a redirect URL with the following format in **Redirect URL/callback URL**.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Ping Identity instance name. You can find your tenant ID in the address bar of your browser. For example, `API_PATH/v1/environments/environmentID`. Where `API_PATH` represents the regional domain for the PingOne server, such as `api.pingone.com`, and `environmentID` represents your environment ID indicated in your application environment properties. For more information about environment properties, see [Environment Properties](https://docs.pingidentity.com/r/en-us/pingone/p1_c_environments) on the Ping Identity website.
#### Tenant name
Enter a name that identifies this unique Ping Identity organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in Ping Identity, use the following steps:
1. Sign in to PingOne admin console and choose **Applications**.
1. Choose the application from the list.
1. Choose the **Overview** tab, and then look for the **Client ID** value.
#### Client secret
AppFabric will request a client secret. To find your client secret in Ping Identity, use the following steps:
1. Sign in to PingOne admin console and choose **Applications**.
1. Choose the application from the list.
1. Choose the **Overview** tab, and then look for the **Client Secret** value.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Ping Identity to approve the authorization. To approve the AppFabric authorization, choose **allow**.
# Configure Salesforce for AppFabric
Salesforce makes cloud-based software designed to help businesses find more prospects, close more deals, and wow customers with amazing service. Salesforce’s Customer 360 offers a complete suite of products, unites sales, service, marketing, commerce, and IT teams with a single, shared view of customer information, helping organizations grow relationships with customers and employees alike.
You can use AWS AppFabric to receive audit logs and user data from Salesforce, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Salesforce
](#salesforce-appfabric-support)
+ [
## Connecting AppFabric to your Salesforce account
](#salesforce-appfabric-connecting)
## AppFabric support for Salesforce
AppFabric supports receiving user information and audit logs from Salesforce.
### Prerequisites
To use AppFabric to transfer audit logs from Salesforce to supported destinations, you must meet the following requirements:
+ You must have a [Performance, Enterprise, or Unlimited edition](https://help.salesforce.com/s/articleView?id=sf.overview_edition.htm&type=5) of Salesforce. Contact Salesforce to upgrade to one of these editions.
+ If you are seeking to have AppFabric transfer hourly event log files with [full set of log events](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_supportedeventtypes.htm) from Salesforce, you must subscribe to Event Monitoring as part of the [Shield Features](https://www.salesforce.com/editions-pricing/platform/shield/) of Salesforce. Otherwise, AppFabric will transfer limited events (i.e. Login, Logout, InsecureExternalAssets, API Total Usage, CORS Violation, and HostnameRedirects ELF Events) from Salesforce’s standard daily log file. You can check if your Salesforce account is already subscribed to Shield Features by going to **Setup** > **Event Manager**. If you see 19 or more events listed, your account is subscribed to the Event Monitoring. If you do not have Event Monitoring, you can purchase a subscription to this add-on by contacting Salesforce.
+ You need to [opt-in for Event Log File generation](https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em_generate_event_log_files.htm&release=244&type=5) in the Salesforce settings.
+ You should use the System Administrator Profile to create an OAuth application and log in with the same credentials for AppFabric.
**Note**
The API Total Usage, CORS Violation Record, Hostname Redirects, Insecure External Assets, Login, and Logout events are available at no additional cost in supported editions of Salesforce. Contact Salesforce to purchase the remaining event types. For more information about Salesforce event types, see [EventLogFile Supported Event Types](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_supportedeventtypes.htm) on the Salesforce website.
AppFabric can support up to 100,000 events per event type per log file instance (daily or hourly, depending on Event Monitoring add-on subscription). A log file exceeding the threshold might cause the entire log file to be excluded from ingestion.
### Rate limit considerations
Salesforce imposes rate limits on the Salesforce API. For more information about the Salesforce API rate limits, see [API Request Limits and Allocations](https://developer.salesforce.com/docs/atlas.en-us.salesforce_app_limits_cheatsheet.meta/salesforce_app_limits_cheatsheet/salesforce_app_limits_platform_api.htm) on the Salesforce website. If the combination of AppFabric and your existing Salesforce API applications exceed Salesforce’s limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to 6 hours delay on daily log file or up to 29 hours delay on hourly log file for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Salesforce account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Salesforce. To find the information required to authorize Salesforce with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with the Salesforce using OAuth. To create an OAuth application in Salesforce, use the following steps:
1. [Login to your Salesforce account.](https://login.salesforce.com)
1. Go to the **Setup page** as described in the [Salesforce documentation](https://help.salesforce.com/s/articleView?id=sf.basics_nav_setup.htm&type=5).
1. Search for **App Manager** in the quick find.
1. Choose **New Connected App**.
1. Enter the required information into the form fields.
1. Choose **Enable OAuth settings**.
1. Be sure to **turn off** the following options:
+ Require Proof Key for Code Exchange (PKCE) Extension For Supported Authorization Flows
+ Require secret for Web Server Flow
+ Require secret for Refresh Token Flow
+ Enable Refresh Token Rotation
1. Enter a URL with the following format in the **Callback URL** text box, and choose **Save** changes.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Fill in the scopes as needed (described in the following [Required scopes](#salesforce-required-scopes) section). All other fields can be left with their default values.
1. Choose **Save**.
1. Complete the following steps to verify the refresh token policy for the new OAuth app:
1. On the **Setup page**, enter **Connected Apps** into the Quick Find text box, and then choose **Manage Connected Apps**.
1. Choose **Edit** next to the newly created app.
1. Make sure that the **Refresh token is valid until revoked** option is selected.
1. Save your changes.
1. Complete the following steps to verify that audit logs are being generated:
1. On the **Setup page**, enter **Event Log File** into the Quick Find text box, and then choose **Event Log File Browser**.
1. Confirm that event logs are listed in the **Event Log File Browser**.
1. Navigate to the created app, and choose **View** from the drop-down.
1. Choose **Manage Consumer Details**.
You will be redirected to a new tab where you will need to verify your identity. On that tab, make a note of the **Consumer Key** and **Consumer Secret** values. You will need these later to sign in.
### Required scopes
You must add the following scopes to your Salesforce OAuth application:
+ Manage user data via APIs (`API`).
+ Perform request at anytime (`refresh_token` and `offline_access`).
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is the subdomain of your Salesforce **My Domain**. You can find your **My Domain** subdomain in your browser's address bar between `https://` and `.my.salesforce.com`.
To find your Salesforce **My Domain**, use the following instructions from the Salesforce home screen.
1. Go to the **Setup page** as described in the [Salesforce documentation](https://help.salesforce.com/s/articleView?id=sf.basics_nav_setup.htm&type=5).
1. Search for **Company Settings** in the quick find, and choose **My Domain** in the results.
#### Tenant name
Enter a name that identifies this unique Salesforce organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. To find your client ID in Salesforce, use the following steps:
1. Navigate to the **Setup** page.
1. Choose **Setup**, and then choose **App Manager**.
1. Choose the created app, and choose **View** from drop-down menu.
1. Choose **Manage Consumer Details**. You will be redirected to a new tab.
1. Verify your identity, and then look for the **Consumer Key** value.
1. Enter the **Consumer Key** into the client ID field in AppFabric.
#### Client secret
AppFabric will request your client secret. The **Client secret** in AppFabric is the **Consumer Secret** in Salesforce. To find your Secret in Salesforce, use the following steps:
1. Navigate to the **Setup** page.
1. Choose **Setup**, and then choose **App Manager**.
1. Choose the created app, and choose **View** from drop-down menu.
1. Choose **Manage Consumer Details**. You will be redirected to a new tab.
1. Verify your identity, and then look for the **Consumer Secret** value.
1. Enter the **Consumer Secret** into the client secret field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Salesforce to approve the authorization. At the approval page, make sure to use the Salesforce System Administrator Role or a Salesforce user that have View Event Log Files and API Enabled user permissions while authorizing. Choose **Allow** to approve the AppFabric authorization.
# Configure ServiceNow for AppFabric
ServiceNow is a leading provider of cloud-based services that automate enterprise IT operations. ServiceNow’s ITOM gives enterprises complete visibility and control of their entire IT environment – including virtualized and cloud infrastructure. It simplifies service mapping, delivery and assurance, consolidating IT service and infrastructure data into a single system of record. It also automates and streamlines key processes — including event, incident, problem, configuration and change management.
You can use AWS AppFabric for security to receive audit logs and user data from ServiceNow, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for ServiceNow
](#servicenow-appfabric-support)
+ [
## Data delay considerations
](#servicenow-data-delay)
+ [
## Connecting AppFabric to your ServiceNow account
](#servicenow-appfabric-connecting)
## AppFabric support for ServiceNow
AppFabric supports receiving user information and audit logs from ServiceNow.
### Prerequisites
To use AppFabric to transfer audit logs from ServiceNow to supported destinations, you must meet the following requirements:
+ You can use AppFabric with any ServiceNow plan type.
+ You must have a user with the Administrator role in your ServiceNow account.
+ You must have a ServiceNow instance.
### Rate limit considerations
ServiceNow imposes rate limits on the ServiceNow API. For more information about the ServiceNow API rate limits, see [Inbound REST API rate limiting](https://docs.servicenow.com/bundle/tokyo-api-reference/page/integrate/inbound-rest/concept/inbound-REST-API-rate-limiting.html) on the ServiceNow website. If the combination of AppFabric and your existing ServiceNow API applications exceed the limits, audit logs appearing in AppFabric may be delayed.
## Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your ServiceNow account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with ServiceNow. Use the following steps to find the information required to authorize ServiceNow with AppFabric.
### Create an OAuth application
The Now Platform supports OAuth 2.0 - Authorization Grant type for public clients to generate an access token.
1. Register your OAuth application. This requires the following three steps. For more information on completing these steps, see the [Register your application with ServiceNow](https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0725643) on the *ServiceNow website*.
1. Register the app and make sure the **Auth Scope** has access to the **Table API**, with a **REST API PATH** of **now/table**, and an **HTTP Method** of **GET** as shown in the following example.
![\[OAuth app configuration in ServiceNow.\]](http://docs.aws.amazon.com/appfabric/latest/adminguide/images/servicenow-oauth-config.png)
1. Generate an authorization code.
1. Generate a bearer token using the authorization code.
1. Use a redirect URL with the following format.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, ** is the code for the AWS Region in which you configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
### App authorizations
#### Tenant ID
AppFabric will request a tenant ID. The tenant ID in AppFabric is your instance name. You can find your tenant ID in the address bar of your browser. For example, `example` is the tenant ID in the following URL `https://example.service-now.com`.
#### Tenant name
Enter a name that identifies this unique ServiceNow organization. AppFabric uses the tenant’s name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. Use the following steps to find your client ID in ServiceNow.
1. Navigate to the ServiceNow console.
1. Choose **System OAuth**, and then choose the **Application Registry** tab.
1. Choose your application.
1. Enter the client ID from your OAuth client into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request a client secret. Use the following steps to find your client secret in ServiceNow.
1. Navigate to the ServiceNow console.
1. Choose **System OAuth**, and then choose the **Application Registry** tab.
1. Choose your application.
1. Enter the client secret from your OAuth application into the **Client Secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from ServiceNow to approve the authorization. Choose **Allow** to approve the AppFabric authorization.
# Configure Singularity Cloud for AppFabric
The Singularity Cloud platform protects your enterprise from threats of all categories, at all stages. Its patented artificial intelligence extends security from known signatures and patterns to the most sophisticated attacks, such as zero-day and ransomware.
You can use AWS AppFabric to receive audit logs and user data from Singularity Cloud, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Note**
Singularity Cloud documentation can be access only after you sign in to your Singularity Cloud account. Therefore, we cannot link directly to the Singularity Cloud documentation from this document.
**Topics**
+ [
## AppFabric support for Singularity Cloud
](#singularity-cloud-appfabric-support)
+ [
## Connecting AppFabric to your Singularity Cloud account
](#singularity-cloud-appfabric-connecting)
## AppFabric support for Singularity Cloud
AppFabric supports receiving user information and audit logs from Singularity Cloud.
### Prerequisites
To use AppFabric to transfer audit logs from Singularity Cloud to supported destinations, you must have an administrator role in your Singularity Cloud account. For more information about the Singularity Cloud API rate limits, sign in to your Singularity Cloud account, browse the documentation section, and search for **roles**.
### Rate limit considerations
Singularity Cloud imposes rate limits on the Singularity Cloud API. For more information about the Singularity Cloud API rate limits, sign in to your Singularity Cloud account, browse the documentation section, and search for **API rate limits**.
### Data delay considerations
You might see up to a 30 minute delay an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Singularity Cloud account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Singularity Cloud. To find the information required to authorize Singularity Cloud with AppFabric, use the following steps.
### Create an API token for Singularity Cloud
Complete the following procedure to create an API token that is associated to a service user. The API token will not be linked to a specific console user or email address.
**Note**
Create a new user or copy the service user to get a new API token before or after a service user API token expires.
1. Sign in to your Singularity Cloud account.
1. In the **Settings** toolbar, choose **Users**, and then choose **Service Users**.
1. Choose **Actions**, and then select **Create New Service User**.
1. In **Create New Service User** page, enter a name, description, and expiration date for the service user.
1. Choose **Next**.
1. In the **Select Scope of Access** section, select the scope.
+ Select **Account** for the access level.
+ Select the account for which you want to get audit logs.
1. Choose **Create User**.
The API token is generated. A window opens and shows the token string with a message indicating this is the last time you can view the token.
1. (Optional) Choose **Copy API Token** and store it in a safe location.
1. Choose **Close**.
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric will be the subdomain of the Sentinel One website address where you sign in to the service. For example, if you sign in to your Singularity Cloud account at the `example-company-1.sentinelone.net` address, your tenant ID is `example-company-1`.
#### Tenant name
Enter a name that identifies this unique Singularity Cloud organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Service account token
Use the token that you generated using the steps in the [Create an API token for Singularity Cloud](#singularity-cloud-api-token) section of this guide. If you misplace or are unable to locate the token, you can generate a new one by following the same steps again.
**Note**
If a new API token is generated in the **Singularity Cloud** console while AppFabric is ingesting the audit logs, the ingestions will stop. If this happens you will need to update the app authorization with a new API token to resume audit log ingestion.
# Configure Slack for AppFabric
Slack is on a mission to make people’s working lives simpler, more pleasant, and more productive. It is the productivity platform for customer companies that improves performance by empowering everyone with no-code automation, making search and knowledge sharing seamless, and keeping teams connected and engaged as they move work forward together. As part of Salesforce, Slack is deeply integrated into the Salesforce Customer 360, supercharging productivity across sales, service and marketing teams. To learn more and get started with Slack for free, visit [slack.com](https://www.slack.com).
You can use AWS AppFabric for security to audit logs and user data from Slack, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Slack
](#slack-appfabric-support)
+ [
## Connecting AppFabric to your Slack account
](#slack-appfabric-connecting)
## AppFabric support for Slack
AppFabric supports receiving user information and audit logs from Slack.
### Prerequisites
To use AppFabric to transfer audit logs from Slack to supported destinations, you must meet the following requirements:
+ You must have an Enterprise Grid plan with Slack. For more information, see [An introduction to Slack Enterprise Grid](https://slack.com/resources/why-use-slack/slack-enterprise-grid) on the Slack website.
+ You must have a user with the **Org Owner** role in your Slack account. For more information about roles, see [Types of roles in Slack](https://slack.com/help/articles/360018112273-Types-of-roles-in-Slack) in the *Slack Help Center* on the Slack website.
### Rate limit considerations
Slack imposes rate limits on the Slack API. For more information about Slack API rate limits, see [Rate limits](https://api.slack.com/docs/rate-limits) in the *Slack API Usage Guide* on the Slack website. If the combination of AppFabric and your existing Slack API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Slack account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Slack. To find the information required to authorize Slack with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Slack using OAuth. There are two ways to create an OAuth app: **Using an app manifest** or **From scratch**. To create an OAuth application in Slack, use the following steps.
------
#### [ Using an app manifest ]
1. Navigate to the [Slack App Management UI](https://api.slack.com/apps) in your browser.
1. Choose **Create New App**.
1. Choose **From an app manifest**.
1. Choose the workspace for which you want to authorize AppFabric.
1. In the **Enter app manifest below** box, choose **JSON** and replace the existing JSON with the following. Replace ** with the appropriate AWS Region (for example, *`us-east-1`*).
```
{
"display_information": {
"name": "AppFabric"
},
"oauth_config": {
"redirect_urls": [
"https://.console.aws.amazon.com/appfabric/oauth2"
],
"scopes": {
"user": [
"auditlogs:read",
"users:read.email",
"users:read"
]
}
},
"settings": {
"org_deploy_enabled": false,
"socket_mode_enabled": false,
"token_rotation_enabled": true
}
}
```
1. Copy and save the client ID and client secret from the **Basic Information** page.
1. For the `auditLogs:read` scope, you must enable public distribution of your app. For more information, see [Enabling public distribution](https://api.slack.com/start/distributing/public#enabling) on the Slack website.
------
#### [ From scratch ]
1. Choose **From scratch** on the **Create an app** screen.
1. Name your app and choose a workspace.
1. Copy and save the client ID and client secret from the **Basic Information** page.
1. On the **OAuth & Permissions** page, opt in to the **Advanced token security via token rotation** option.
1. Add a URL with the following format in the **Redirect URLs** section of the **OAuth & Permissions** page.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. For the `auditLogs:read` scope, you must enable public distribution of your app. For more information, see [Enabling public distribution](https://api.slack.com/start/distributing/public#enabling) on the Slack website.
------
### Required scopes
**Note**
This section is only applicable if you chose to create the OAuth app from scratch. Skip this section if you chose to use app manifest to create an application authorization.
You must add the following user token scopes on the **OAuth & Permissions** page of your Slack OAuth application:
+ `auditlogs:read`
+ `users:read.email`
+ `users:read`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Slack workspace ID. To get your tenant ID, following the instructions in [Locate your Slack URL](https://slack.com/help/articles/221769328-Locate-your-Slack-URL) in the *Slack Help Center* on the Slack website. Your Slack workspace URL has a format similar to `examplecorp.slack.com` or `examplecorp.enterprise.slack.com`. The tenant ID you need is `examplecorp` without `.slack.com` or `.enterprise.slack.com`.
#### Tenant name
Enter a name that identifies your Slack workspace ID. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization
#### Client ID
AppFabric will request the client ID from your Slack OAuth application. To find the client ID, use the following steps:
1. Navigate to the [Slack App Management UI](https://api.slack.com/apps) in your browser.
1. Choose the OAuth application that you use with AppFabric.
1. Enter the client ID from the **Basic Information** page into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request the client secret from your Slack OAuth application. To find the client secret, use the following steps:
1. Navigate to the [Slack App Management UI](https://api.slack.com/apps) in your browser.
1. Choose your the OAuth application that you use with AppFabric.
1. Enter the client secret from the **Basic Information** page into the **Client secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Slack to approve the authorization. To approve the AppFabric authorization, choose **allow**.
# Configure Smartsheet for AppFabric
Smartsheet is a work management platform that helps you align work, people, and technology across your enterprise. Smartsheet offers a robust set of enterprise-grade capabilities to empower everyone to manage projects, automate workflows, and rapidly build solutions at scale, creating an environment for innovation while maintaining security and compliance.
You can use AWS AppFabric for security to audit logs and user data from Smartsheet, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Smartsheet
](#smartsheet-appfabric-support)
+ [
## Connecting AppFabric to your Smartsheet account
](#smartsheet-appfabric-connecting)
## AppFabric support for Smartsheet
AppFabric supports receiving user information and audit logs from Smartsheet.
### Prerequisites
To use AppFabric to transfer audit logs from Smartsheet to supported destinations, you must meet the following requirements:
+ You must have a Smartsheet Business, Enterprise, or Advance account. For more information about creating or upgrading your Smartsheet account, see either [Smartsheet pricing](https://www.smartsheet.com/pricing) or [Smartsheet Advance](https://www.smartsheet.com/pricing/smartsheet-advance) on the Smartsheet website.
+ You must complete the [Smartsheet developer registration](https://developers.smartsheet.com/register/) process.
### Rate limit considerations
Smartsheet imposes rate limits on the Smartsheet API. For more information about the Smartsheet API rate limits, see [Rate limiting](https://smartsheet.redoc.ly/#section/Work-at-Scale/Rate-Limiting) in the *Smartsheet API Reference on the Smartsheet website*.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Smartsheet account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Smartsheet. To find the information required to authorize Smartsheet with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Smartsheet using OAuth. To create an OAuth application in Smartsheet, use the following steps:
1. Navigate to the developer tools in your Smartsheet account.
1. Choose **Create New App** from the developer tools screen.
1. Complete all of the input fields on the **Create New App** screen.
1. Use any unique value for **App URL** and **App Contact/support**.
1. Use a redirect URL with the following format as the App redirect URL.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
1. Choose **Save**.
1. Copy and save the app client ID and app secret.
### Required scopes
Smartsheet does not require you to explicitly add scopes to your OAuth configuration. AppFabric will request the following scopes in the authorization request to your Smartsheet account:
+ `READ_EVENTS`
+ `READ_USERS`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Smartsheet account ID.
#### Tenant name
AppFabric will request your tenant ID. Enter any value that uniquely identifies your Smartsheet account.
#### Client ID
AppFabric will request your client ID. The client ID in AppFabric is your Smartsheet app client ID. To find your app client ID in Smartsheet, use the following steps:
1. Navigate to the developer tools in your Smartsheet account.
1. Select the OAuth application that you use to connect with AppFabric.
1. Enter the app client ID from the **App Profile** screen into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request your client secret. The client secret in AppFabric is your Smartsheet app secret. To find your app secret in Smartsheet, use the following steps:
1. Navigate to the developer tools in your Smartsheet account.
1. Select the OAuth application that you use to connect with AppFabric.
1. Enter the app secret from the **App Profile** screen into **Client Secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Smartsheet to approve the authorization. To approve the AppFabric authorization, choose **Allow**.
# Configure Terraform Cloud for AppFabric
HashiCorp Terraform Cloud is the world’s most widely used multi-cloud provisioning product. The Terraform ecosystem has more than 3,000 providers, 14,000 modules, and 250 million downloads. Terraform Cloud is the fastest way to adopt Terraform, providing everything practitioners, teams, and global businesses need to create and collaborate on infrastructure and manage risks for security, compliance, and operational constraints.
You can use AWS AppFabric for security to receive audit logs and user data from Terraform Cloud, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Terraform Cloud
](#terraform-appfabric-support)
+ [
## Connecting AppFabric to your Terraform Cloud account
](#terraform-appfabric-connecting)
## AppFabric support for Terraform Cloud
AppFabric supports receiving user information and audit logs from Terraform Cloud.
### Prerequisites
To use AppFabric to transfer audit logs from Terraform Cloud to supported destinations, you must meet the following requirements:
+ To access the audit logs, you must have a Terraform Cloud Plus Edition plan and be the owner of the organization. For more information about Terraform Cloud plans, see [Terraform pricing](https://www.hashicorp.com/products/terraform/pricing?ajs_aid=33c212cb-664b-45d6-aee8-d3791e90a893&product_intent=terraform) on the HashiCorp Terraform website.
+ TBD Audit logs are available for organizations that can be created from the Terraform Cloud account.
### Rate limit considerations
Terraform Cloud imposes rate limits on the Terraform Cloud API. For more information about the Terraform Cloud API rate limits, see [ API Rate Limiting](https://developer.hashicorp.com/terraform/enterprise/application-administration/general#api-rate-limiting) in the Terraform Cloud Developer administration general setting on the Terraform Cloud website. If the combination of AppFabric and your existing Terraform Cloud API applications exceed Terraform Cloud's limits, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Terraform Cloud account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Terraform Cloud. To find the information required to authorize Terraform Cloud with AppFabric, use the following steps.
### Create an organization API token
AppFabric integrates with Terraform Cloud using an organization API token. For more information about the Terraform Cloud organization API tokens, see [ Organization API Tokens](https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/api-tokens). To create an organization, follow the instructions in [Creating Organizations](https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations#creating-organizations). To create an organization API token in Terraform Cloud, use the following steps.
1. Navigate to the [Terraform Cloud sign in](https://app.terraform.io/session) page and sign in.
1. Choose **Organization**, **Settings** on the left-side panel, and then choose **API tokens**.
1. Under **Organization Tokens**, choose **Create an organization token** and then choose **Generate token**.
1. (Optional) Enter the token's expiration date or time, or create a token that never expires.
1. Copy and save the token. You'll need this later in AppFabric. If you close the page before saving the token you must revoke the old token and create a new one.
### App authorizations
#### Tenant ID
AppFabric will request a tenant ID. The tenant ID for your Terraform Cloud account is the current organization URL of your account. You can find this by logging in to your Terraform Cloud organization and copying the current organization URL. The tenant ID should follow one of the following formats:
```
https://app.terraform.io/app/organization_URL
```
#### Tenant name
Enter a name that identifies this unique Terraform Cloud organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Service account token
AppFabric will request your service account token. The service account token in AppFabric is the organization API token you created in [Create an organization API token](#terraform-create-org-token).
# Configure Webex by Cisco for AppFabric
Cisco is a worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future.
**About Webex by Cisco**
Webex is a leading provider of cloud-based collaboration solutions which includes video meetings, calling, messaging, events, customer experience solutions like contact center and purpose-built collaboration devices. Webex’s focus on delivering inclusive collaboration experiences fuels innovation, which leverages AI and Machine Learning, to remove the barriers of geography, language, personality, and familiarity with technology. Its solutions are underpinned with security and privacy by design. Webex works with the world’s leading business and productivity apps – delivered through a single application and interface. Learn more at [https://webex.com](https://webex.com).
You can use AWS AppFabric for security to audit logs and user data from Webex, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Webex
](#webex-appfabric-support)
+ [
## Connecting AppFabric to your Webex account
](#webex-appfabric-connecting)
## AppFabric support for Webex
AppFabric supports receiving user information and audit logs from Webex.
### Prerequisites
To use AppFabric to transfer audit logs from Webex to supported destinations, you must meet the following requirements:
+ You must have a Collaboration Flex plan, Meet Plan, Call Plan, or higher. For more information about creating or upgrading to the applicable Webex plan type, see [Webex pricing for all features](https://pricing.webex.com/us/en/hybrid-work/meetings/all-features/) on the Webex website.
+ Your account must have the [Pro Pack](https://help.webex.com/en-us/article/np3c1rm/Pro-Pack-For-Control-Hub) license to access Security Audit Events provided by one of the Cisco AuditLog APIs.
+ You must have a user with the **Organizational Administrator** > **Full Administrator** role.
+ The **Administrator Roles** configuration for your **Full Administrator** must have the **Compliance Officer** option enabled.
### Rate limit considerations
Webex imposes rate limits on the Webex API. For more information about the Webex API rate limits, see [Rate limits](https://developer.webex.com/docs/basics#upper-limits-for-api-requests) in the *Webex Developers Guide* on the Webex website. If the combination of AppFabric and your existing Webex API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Webex account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Webex. To find the information required to authorize Webex with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Webex using OAuth. To create an OAuth application in Webex, use the following steps:
1. Follow the instructions in the [Registering your Integration](https://developer.webex.com/docs/integrations#registering-your-integration) section in the **Integrations & Authorization** page of the *Webex Developers Guide*.
1. Use a redirect URL with the following format.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
### Required scopes
You must add the following scopes to your Webex OAuth application:
+ `spark-compliance:events_read`
+ `audit:events_read`
+ `spark-admin:people_read`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is your Webex organization ID. For information about how to find your Webex organization ID, see [Look Up Your Organization ID in CiscoWebex Control Hub](https://help.webex.com/en-us/article/k5pal8/Look-Up-Your-Organization-ID-in-Cisco-Webex-Control-Hub) on the Webex Help Center website.
#### Tenant name
Enter a name that identifies this unique Webex instance. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request your Webex client ID. To find your Webex client ID, use the following steps:
1. Sign into your Webex account at [https://developer.webex.com](https://developer.webex.com).
1. Choose your avatar at the top right.
1. Choose **My Webex Apps**.
1. Choose the OAuth2 application that you use for AppFabric.
1. Enter the client ID on this page into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request your Webex client secret. Webex only presents your client secret once when you initially create your OAuth application. To generate a new client secret if you didn't save the initial client secret, use the following steps:
1. Sign into your Webex account at [https://developer.webex.com](https://developer.webex.com).
1. Choose your avatar at the top right.
1. Choose **My Webex Apps**.
1. Choose the OAuth2 application that you use for AppFabric.
1. On this page, generate a new client secret.
1. Enter the new client secret into the **Client secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric you will receive a pop-up window from Webex to approve the authorization. To approve the AppFabric authorization, choose **accept**.
# Configure Zendesk for AppFabric
Zendesk started the customer experience revolution in 2007 by enabling any business around the world to take their customer service online. Today, Zendesk is the champion of great service everywhere for everyone, and powers billions of conversations, connecting more than 100,000 brands with hundreds of millions of customers over telephony, chat, email, messaging, social channels, communities, review sites, and help centers. Zendesk products are built with love to be loved. The company was conceived in Copenhagen, Denmark, built and grown in California, and today employs more than 6,000 people across the world.
You can use AWS AppFabric for security to audit logs and user data from Zendesk, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Zendesk
](#zendesk-appfabric-support)
+ [
## Connecting AppFabric to your Zendesk account
](#zendesk-appfabric-connecting)
## AppFabric support for Zendesk
AppFabric supports receiving user information and audit logs from Zendesk.
### Prerequisites
To use AppFabric to transfer audit logs from Zendesk to supported destinations, you must meet these requirements:
+ You must have a Zendesk Suite Enterprise or Enterprise Plus account or a Zendesk Support Enterprise account. For more information about creating or upgrading to a Zendesk Enterprise account, see [Checking your plan type Zendesk](https://support.zendesk.com/hc/en-us/articles/5411234991258-plan) on the Zendesk website.
+ You must have a user with the **Administrator** role in your Zendesk account. For more information about roles, see [Understanding Zendesk Support user roles](https://support.zendesk.com/hc/en-us/articles/4408883763866-Understanding-Zendesk-Support-user-roles) on the Zendesk website.
### Rate limit considerations
Zendesk imposes rate limits on the Zendesk API. For more information about the Zendesk API rate limits, see [Rate limits](https://developer.zendesk.com/api-reference/introduction/rate-limits/) in the *Zendesk Developers Guide* on the Zendesk website. If the combination of AppFabric and your existing Zendesk API applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss. However, this might be customizable at an account-level. For assistance, contact [Support](https://aws.amazon.com/contact-us/).
## Connecting AppFabric to your Zendesk account
After you create your app bundle within the AppFabric service, you must authorize AppFabric with Zendesk. To find the information required to authorize Zendesk with AppFabric, use the following steps.
### Create an OAuth application
AppFabric integrates with Zendesk using OAuth. In Zendesk, you must create an OAuth application with the following settings:
1. Follow the instructions in the [Registering your application with Zendesk](https://support.zendesk.com/hc/en-us/articles/4408845965210#topic_s21_lfs_qk) section of the *Using OAuth authentication with your application* article on the Zendesk Support website.
1. Use a redirect URL with the following format.
```
https://.console.aws.amazon.com/appfabric/oauth2
```
In this URL, `` is the code for the AWS Region in which you’ve configured your AppFabric app bundle. For example, the code for the US East (N. Virginia) Region is `us-east-1`. For that Region, the redirect URL is `https://us-east-1.console.aws.amazon.com/appfabric/oauth2`.
### App authorizations
#### Tenant ID
AppFabric will request your Tenant ID. The Tenant ID in AppFabric is your Zendesk subdomain. For more information about finding your Zendesk subdomain, see [Where can I find my Zendesk subdomain](https://support.zendesk.com/hc/en-us/articles/4409381383578-Where-can-I-find-my-Zendesk-subdomain-) on the Zendesk Support website.
#### Tenant name
Enter a name that identifies this unique Zendesk organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request a client ID. The client ID in AppFabric is your Zendesk API unique identifier. To find your Zendesk unique identifier, use the following steps:
1. Navigate to the [Admin Center](https://support.zendesk.com/hc/en-us/articles/4408838272410) in your Zendesk account.
1. Choose **Apps and integrations**.
1. Choose **APIs**, **Zendesk APIs**.
1. Choose the **OAuth Clients** tab.
1. Choose the OAuth application that you created for AppFabric.
1. Enter the unique identifier for your OAuth client into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request a client secret. The client secret in AppFabric is your Zendesk secret token. Zendesk presents your secret token only once when you first create your Zendesk OAuth application. To generate a new secret token if you didn't save the initial secret token, use the following steps:
1. Navigate to the [Admin Center](https://support.zendesk.com/hc/en-us/articles/4408838272410) in your Zendesk account.
1. Choose **Apps and integrations**.
1. Choose **APIs**, **Zendesk APIs**.
1. Choose the **OAuth Clients** tab.
1. Choose the OAuth application that you created for AppFabric.
1. Choose the **Regenerate** button next to the **Secret token** field.
1. Enter the new secret token into the **Client secret** field in AppFabric.
#### Approve authorization
After creating the app authorization in AppFabric, you will receive a pop-up window from Zendesk to approve the authorization. To approve the AppFabric authorization, choose **Allow**.
# Configure Zoom for AppFabric
Zoom is an all-in-one intelligent collaboration platform that makes connecting easier, more immersive, and more dynamic for businesses and individuals. Zoom technology puts people at the center, enabling meaningful connections, facilitating modern collaboration, and driving human innovation through solutions like team chat, phone, meetings, omnichannel cloud contact center, smart recordings, whiteboard, and more, in one offering.
You can use AWS AppFabric for security to audit logs and user data from Zoom, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
**Topics**
+ [
## AppFabric support for Zoom
](#zoom-appfabric-support)
+ [
## Connecting AppFabric to your Zoom account
](#zoom-appfabric-connecting)
## AppFabric support for Zoom
AppFabric supports receiving user information and audit logs from Zoom.
### Prerequisites
To use AppFabric to transfer audit logs from Zoom to supported destinations, you must meet the following requirements:
+ You must have a Zoom Pro, Business, Education, or Enterprise plan.
+ Your Zoom **Admin** role must have permission to create server-to-server OAuth applications. For information about enabling server-to-server OAuth applications, see the [Enable permissions](https://developers.zoom.us/docs/internal-apps/s2s-oauth/#enable-permissions) section of the *Server-to-Server OAuth* page in the *Zoom Developers Guide* on the Zoom website.
+ Your Zoom **Admin** role must have permission to view admin activity logs and sign in/sign out audit activity. For more information about enabling permission to view audit activity, see [Using role management](https://support.zoom.us/hc/en-us/articles/115001078646) and [Using Admin Activity Logs](https://support.zoom.us/hc/en-us/articles/360032748331-Using-Admin-Activity-Logs) on the Zoom Support website.
### Rate limit considerations
Zoom imposes rate limits on the Zoom API. For more information about Zoom API rate limits, see [Rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/) in the *Zoom Developers Guide*. If the combination of AppFabric and your existing Zoom applications exceed the limit, audit logs appearing in AppFabric might be delayed.
### Data delay considerations
You might see an approximately 24-hour delay for an audit event to be delivered to your destination. This is due to delay in audit events made available by the application as well as due to precautions taken to reduce data loss.
## Connecting AppFabric to your Zoom account
After you create your app bundle within the AppFabric service, then you must authorize AppFabric with Zoom. To find the information required to authorize Zoom with AppFabric, use the following steps.
### Create a server-to-server OAuth application
AppFabric uses server-to-server OAuth with app credentials to integrate with Zoom. To create a server-to-server OAuth application in Zoom, follow the instructions in [Create a Server-to-Server OAuth app](https://developers.zoom.us/docs/internal-apps/create/) in the *Zoom Developers Guide*. AppFabric does not support Zoom webhooks, and you can skip the section for adding webhook subscriptions.
### Required scopes
Zoom offers two types of scopes: granular scopes (for newly created applications) and classic scopes (for previously-created applications).
You must add the following granular scopes to your Zoom server-to-server OAuth application:
+ `report:read:user_activities:admin`
+ `report:read:operation_logs:admin`
+ `user:read:email:admin`
+ `user:read:user:admin`
If you are using a previously-created application, you need to add the following classic scopes:
+ `report:read:admin`
+ `user:read:admin`
### App authorizations
#### Tenant ID
AppFabric will request your tenant ID. The tenant ID in AppFabric is the Zoom account ID. To find your Zoom account ID, use the following steps:
1. Navigate to the Zoom marketplace.
1. Choose **Manage**.
1. Choose the server-to-server OAuth application that you use for AppFabric.
1. Enter the account ID from the **App Credentials** page into the **Tenant ID** field in AppFabric.
#### Tenant name
Enter a name that identifies this unique Zoom organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
#### Client ID
AppFabric will request your client ID. To find your Zoom client ID, use the following steps:
1. Navigate to the Zoom marketplace.
1. Choose **Manage**.
1. Choose the server-to-server OAuth application that you use for AppFabric.
1. Enter the client ID from the **App Credentials** page into the **Client ID** field in AppFabric.
#### Client secret
AppFabric will request your client secret. To find your Zoom client secret, use the following steps:
1. Navigate to the Zoom marketplace.
1. Choose **Manage**.
1. Choose the server-to-server OAuth application that you use for AppFabric.
1. Enter the client secret from the **App Credentials** page into the **Client secret** field in AppFabric.
#### Audit log delivery
Zoom makes audit logs available by accessing the API every 24 hours. When viewing audit logs with AppFabric, the data that you see for Zoom is for the previous day’s activities.