[HOWTO] Automate Reporting & Analytics Using External Provider Tools {Google}

[HOWTO] Automate Reporting & Analytics Using External Provider Tools {Google}

By Centrify ‎12-31-2017 02:42 PM

Background

 

1. Centrify offers out-of-the-box integrations with external SIEM Tools offered by IBM & Splunk for Centrify Server/Infrastructure Services

2. Centrify recently added a Splunk Integration (Beta) Add-on in Cloud Version 17.11 (December 2017)

 

3. I'm often asked "What can I do with my Centrify Reporting & Analytics data?"

 

4. Typical responses include utilizing built in Centrify reporting engine dashboards to help visualize Centrify access usage, security & analytics data.

Example: Centrify Cloud Platform allows you to create a Geo Map Visualization for all "Failed Logins" within a certain date range:

Screenshot 2017-12-31 15.26.30.png

 

5. This is just one example of many different reports & visualizations that can be generated within the Centrify Admin Portal User Interface

 

6. However, sometimes you want to send your Centrify data for User-Behavior, App Access, Security Events for example to other external tools, maybe SIEM tools, visualization tools, external reporting engines, etc.

 

7. How can I do that?

 

8. The answer is simple -> Through the Centrify API! (link to reference docs included.)

 

9. In this blog post we are going to explore an example where we can extract relevant data from our Centrify Cloud Tenant, and feed it into visualization & analytics platforms like those offered by Google

 

10. We'll achieve this by utilizing a combination of Centrify & Google APIs

 

 

Centrify Configuration

 

1. Prepare your environment to execute API calls to Centrify's RedRock Query Interface

2. Details on running queries against your Centrify Cloud Tenant programmaticly can be found -> here

3. For our example we're going to run a query on all Logins by Country for a specific date range

4. Our query looks something like this:

 

Screenshot 2017-12-31 15.46.16.png

 

5. Our output results in the UI look similar to this:

 

Screenshot 2017-12-31 15.47.29.png

 

6. By running the query alternatively via API, we need to output our query results to a text file, for this example we'll use the file "logins.txt"

 

Screenshot 2017-12-31 15.49.19.png

Google Configuration

 

1. Create a new project in Google's API Development Console, we'll name our's "Centrify API Example"

 

Screenshot 2017-12-31 15.59.57.png

 

Screenshot 2017-12-31 16.00.09.png

 

2. Add Google Drive API (make sure its enabled) to the new project which will allow us access to GoogleSheets 

 

Screenshot 2017-12-31 16.03.32.png

 

3. Create credentials to access the API

4. Create a service account as part of adding credentials to your project

5. Assign Role as "Project Editor"

 

Screenshot 2017-12-31 16.09.28.png

 

 

6. Once you click "create" a JSON file for credentials will be downloaded

7. Rename JSON file to client_secret.json

8. Open JSON File in text editor, copy value for "client_email"

 

Screenshot 2017-12-31 16.13.11.png

 

9. Open a Google Sheet and share using the "client_email" in order to give access to edit the spreadsheet

 

Screenshot 2017-12-31 16.15.26.png

 

10. From Terminal, use "pip install gspread oauth2client" to install necessary packages

11. Create Python Script to edit Google Sheets, we'll call it spreadsheet.py

12. Edit python script and Import gspread libary & clientcredentials packages

13. Create Scope "Spreadsheets.google.com/feeds" in your scripts

14. Create Client Object for authorized credentials

 

Screenshot 2017-12-31 16.21.13.png

 

 

15. Start manipulating sheets via python script to export data from "logins.txt"

 

16. Once you start making API calls to our Spreadsheet project you can start visualising and organizing the same data we retrieved in Centrify, but using Google's data tools instead! 

 

Screenshot 2017-12-31 17.13.26.png

 

17. Use this below video to verify these steps and explore different automations/techniques

 

 

 

 

 

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel