1. Centrify offers out-of-the-box integrations with external SIEM Tools offered by IBM & Splunk for Centrify Server/Infrastructure Services
2. Centrify recently added a Splunk Integration (Beta) Add-on in Cloud Version 17.11 (December 2017)
3. I'm often asked "What can I do with my Centrify Reporting & Analytics data?"
4. Typical responses include utilizing built in Centrify reporting engine dashboards to help visualize Centrify access usage, security & analytics data.
Example: Centrify Cloud Platform allows you to create a Geo Map Visualization for all "Failed Logins" within a certain date range:
5. This is just one example of many different reports & visualizations that can be generated within the Centrify Admin Portal User Interface
6. However, sometimes you want to send your Centrify data for User-Behavior, App Access, Security Events for example to other external tools, maybe SIEM tools, visualization tools, external reporting engines, etc.
7. How can I do that?
8. The answer is simple -> Through the Centrify API! (link to reference docs included.)
9. In this blog post we are going to explore an example where we can extract relevant data from our Centrify Cloud Tenant, and feed it into visualization & analytics platforms like those offered by Google
10. We'll achieve this by utilizing a combination of Centrify & Google APIs
1. Prepare your environment to execute API calls to Centrify's RedRock Query Interface
2. Details on running queries against your Centrify Cloud Tenant programmaticly can be found -> here
3. For our example we're going to run a query on all Logins by Country for a specific date range
4. Our query looks something like this:
5. Our output results in the UI look similar to this:
6. By running the query alternatively via API, we need to output our query results to a text file, for this example we'll use the file "logins.txt"
1. Create a new project in Google's API Development Console, we'll name our's "Centrify API Example"
2. Add Google Drive API (make sure its enabled) to the new project which will allow us access to GoogleSheets
3. Create credentials to access the API
4. Create a service account as part of adding credentials to your project
5. Assign Role as "Project Editor"
6. Once you click "create" a JSON file for credentials will be downloaded
7. Rename JSON file to client_secret.json
8. Open JSON File in text editor, copy value for "client_email"
9. Open a Google Sheet and share using the "client_email" in order to give access to edit the spreadsheet
10. From Terminal, use "pip install gspread oauth2client" to install necessary packages
11. Create Python Script to edit Google Sheets, we'll call it spreadsheet.py
12. Edit python script and Import gspread libary & clientcredentials packages
13. Create Scope "Spreadsheets.google.com/feeds" in your scripts
14. Create Client Object for authorized credentials
15. Start manipulating sheets via python script to export data from "logins.txt"
16. Once you start making API calls to our Spreadsheet project you can start visualising and organizing the same data we retrieved in Centrify, but using Google's data tools instead!
17. Use this below video to verify these steps and explore different automations/techniques
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.