Skip to main content

AQUILA - Setup Integration from Auth0

Auth0 Integration Guide

Integrate Auth0 to ingest identity-related logs such as login attempts, user authentications, MFA usage, and blocked requests to support identity threat detection and correlation.

Credentials & API Access Setup (Auth0)

Before setting up the integration, create a Machine-to-Machine application in Auth0 to collect logs via API.

Steps:

  1.  Log in to Auth0 Dashboard

    • Go to https://auth0.com

  2. Create a Machine-to-Machine Application

    • Navigate to Applications → Applications

    • Click Create Application

      • Enter a name

      • Choose the type: Machine to Machine

    • Click Create

  3. Authorize the Auth0 Dashboard.Management API

    • When prompted, select Auth0 Management API
    • Grant the required scopes depending on the data you want to collect:
      • Login Activity: read:logs, read:users

      • MFA Logs: read:logs

      • Failed Logins: read:logs

      • User Access Logs: read:logs, read:users

    • Click Authorize
  4. Get the Required Credentials

    • Go to Applications → APIs.

    • Create or select your Management API (typically named Auth0 Management API).

    • Under Machine-to-Machine Applications, authorize your log collector app.

    • Take note of the following credentials:

      • Auth0 Domain (e.g., your-tenant.us.auth0.com)

      • Client ID

      • ClientSelect Secretyour created app

      • Go to the AudienceSettings tab

      • Copy the following values:
        • Client ID: usuallyUsed for authentication
        • Client Secret: Used with Client ID for API access
        • Auth0 Domain: Your tenant domain (e.g., your-tenant.us.auth0.com)
        • Base URL: Your Auth0 API base URL (e.g., https://your-tenant.us.auth0.com/api/v2/

          com) — same as Domain but with https:// prefix)

    • Input the Credentials in the Integration Form

      • Go to your log collection platform (e.g., Aquila)

      • Enter the following values into the Auth0 source setup form:

        • URL: Base URL of the Auth0 API.
        • Client ID: Client ID for the Auth0 API.
        • Client Secret: Client Secret for the Auth0 API.
    • These values will be entered into the integration form required on Aquila
Required DetailValue
Auth0 Domainyour-tenant.auth0.com
Client IDFrom your M2M Application
Client SecretFrom your M2M Application
Audiencehttps://your-tenant.auth0.com/api/v2/
Token URLhttps://your-tenant.auth0.com/oauth/token

Permissions Reference (Auth0 M2M App)

Ensure the app is granted the following scopes from the Auth0 Management API:

Data Stream ScopeScopes RequiredWhy Needed
Login Activity read:logs, read:users View login records and user info
MFA Logs read:logs Pull logs related to MFA events
Failed Logins read:logs Detect login failure events
User Access Logs read:users,logs, read:logsusersTrack user sessions & activity

🔐 You can test token access using Postman or curl before ingesting.

Aquila Integration Configuration

AQUILA – Microsoft 365 Integration

1. Log in to AQUILA click here - CyTech - AQUILA. Choose Cyber Monitoring and click the small arrow icon to redirect you to the Cyber Monitoring Dashboard.

image.png

 

2. In the dashboard, choose Cyber Incident Management (SIEM and XDR).

image.png

3. Navigate through the leftmosttop topleft icon and click Cyberthe IncidentCollapse/Expand Monitoring.button.

image.png

 

4. Navigate the "Cyber Incident Monitoring" then hover the "Cyber Incident Management" till you see the settings.

image.pngimage.png

 

5. Click the "Settings,Settings and Navigate through Settings>Log Source>Search Bar (Search the Source to Add)>Add to Agent.

image.pngimage.png

 

6. Choose your Log Collector(If you not yet installed your Log Collector please refer to this link - Log Collector Installation.)

image.pngimage.png

Step 7 and below is just a reference, this is still incomplete. Thorough investigation and research in progress to understand the flow and credentials required.

7. In the integration settings follow the instructions given below.

  • Click the drop arrow to display the contents needed for the integration setup.
  • InChoose the IntegrationOffice 365 logs section >between Disablevia Webhooks  >or CollectAPI Office 365 audit logsrequests.

image.pngimage.png

 

  • Scroll down and go to Microsoftthe OfficeAuth0 365Logs audit logs section.section.
  • This one is for Log Events via Webhooks. Enter the required fields Local Address, Listen Port, and Webhook Path

image.png

 

  • This one is for Log Events via API Requests. Input the credentials forcredentials: Directory(tenant)Base ID,URL, Application(client)Client ID and the Client Secret Value.
  • Finally, click Next to install the log source integration.

image.pngimage.png


8. Wait for the SuccessfullSuccessful window to display, this will confirm the successfullsuccessful integration.

image.pngimage.png

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.