AQUILA - Setup Integration from Auth0
Auth0 Integration Guide
Integrate Auth0 to ingest identity-related logs such as login attempts, user authentications, MFA usage, and blocked requests to support identity threat detection and correlation.
Credentials & API Access Setup (Auth0)
Before setting up the integration, create a Machine-to-Machine application in Auth0 to collect logs via API.
Steps:
-
Log in to Auth0 Dashboard
-
Go to https://auth0.com
-
-
Create a Machine-to-Machine Application
-
Navigate to Applications → Applications
-
Click Create Application
-
Enter a name
-
Choose the type: Machine to Machine
-
-
Click Create
-
-
Authorize the Auth0
Dashboard.Management API- When prompted, select Auth0 Management API
- Grant the required scopes depending on the data you want to collect:
-
Login Activity:
read:logs
,read:users
-
MFA Logs:
read:logs
-
Failed Logins:
read:logs
-
User Access Logs:
read:logs
,read:users
-
- Click Authorize
-
Get the Required Credentials
-
Go to Applications →
APIs. Create or select yourManagement API(typically namedAuth0 Management API).UnderMachine-to-MachineApplications, authorize your log collector app.Take note of the following credentials:Auth0 Domain(e.g.,your-tenant.us.auth0.com)Client ID-
ClientSelectSecretyour created app -
Go to the
AudienceSettings tab - Copy the following values:
- Client ID:
usuallyUsedfor authentication
- Client Secret: Used with Client ID for API access
- Auth0 Domain: Your tenant domain (e.g., your-tenant.us.auth0.com)
- Base URL: Your Auth0 API base URL (e.g., https://your-tenant.us.auth0.
com/api/v2/com) — same as Domain but with https:// prefix)
- Client ID:
-
Input the Credentials in the Integration Form
-
Go to your log collection platform (e.g., Aquila)
-
Enter the following values into the Auth0 source setup form:
- URL: Base URL of the Auth0 API.
- Client ID: Client ID for the Auth0 API.
- Client Secret: Client Secret for the Auth0 API.
-
- These values will be entered into the integration form required on Aquila
-
| |
| |
|
Permissions Reference (Auth0 M2M App)
Ensure the app is granted the following scopes from the Auth0 Management API:
Data Stream | Why Needed | |
---|---|---|
Login Activity | read:logs , read:users |
View login records and user info |
MFA Logs | read:logs |
Pull logs related to MFA events |
Failed Logins | read:logs |
Detect login failure events |
User Access Logs | read: , read: |
Track user sessions & activity |
🔐 You can test token access using Postman or curl before ingesting.
Aquila Integration Configuration
AQUILA – Microsoft 365 Integration
1. Log in to AQUILA click here - CyTech - AQUILA. Choose Cyber Monitoring and click the small arrow icon to redirect you to the Cyber Monitoring Dashboard.
2. In the dashboard, choose Cyber Incident Management (SIEM and XDR).
5. Click the "Settings,Settings and Navigate through Settings>Log Source>Search Bar (Search the Source to Add)>Add to Agent.
6. Choose your Log Collector. (If you not yet installed your Log Collector please refer to this link - Log Collector Installation.)
Step 7 and below is just a reference, this is still incomplete. Thorough investigation and research in progress to understand the flow and credentials required.
7. In the integration settings follow the instructions given below.
- Click the drop arrow to display the contents needed for the integration setup.
InChoose the IntegrationOffice365 logs section>betweenDisablevia Webhooks>orCollectAPIOffice 365 audit logsrequests.
- Scroll down and go to
MicrosofttheOfficeAuth0365Logsaudit logs section.section. - This one is for Log Events via Webhooks. Enter the required fields Local Address, Listen Port, and Webhook Path
- This one is for Log Events via API Requests. Input the
credentials forcredentials:Directory(tenant)BaseID,URL,Application(client)Client ID and the Client Secret Value. - Finally, click Next to install the log source integration.
8. Wait for the SuccessfullSuccessful window to display, this will confirm the successfullsuccessful integration.
If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.