Discovery types

Single Sign-On & CASB System

Service discovery

  • Used to discover new SaaS and add the services to your workspace
  • Data types used: Application
  • Required data:
    • appID string (max 255) - unique identifier of the app in the data source
    • appName string (max 255) - display- or clearname of the app in the data source

Examples

AzureAD

Importing Applications from GET <https://graph.microsoft.com/v1.0/applications>

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications",
  "value": [
    {
      "appId": "00000000-0000-0000-0000-000000000000",
      "identifierUris": [ "http://contoso/" ],
      "displayName": "My app",
      "publisherDomain": "contoso.com",
      "signInAudience": "AzureADMyOrg"
    }
  ]
}

Map appId to appID and displayName to appName and ingest data into your ADX database.

Service and user account discovery (support planned)

  • Used to discover new SaaS and add the services to your workspace
  • Data types used: Application, User
  • Required data:
    • appID string (max 255) - unique identifier of the app in the data source
    • appName string (max 255) - display- or clearname of the app in the data source
    • name string (max 64) - full or display name of the user
    • email string (max 255) - user's email address
    • lastSeen string (ISO 8601) - time of the login or usage event

Examples

Netskope

Importing application events from POST https://<tenant-name>.goskope.com/api/v1/events?type=application

{
    "status": "success",
    "data": [
      {
        "nsdeviceuid": "00000000-0000-0000-0000-000000000000",
        "src_geoip_src": 2,
        "src_region": "California",
        "app": "Syncplicity",
        "appcategory": "Cloud Storage",
        "activity": "View All",
        "timestamp": 1575159388,
        "user": "[email protected]",
        "userkey": "[email protected]",
        "user_name": "john smith",
        "device": "Windows Device",
        ...
      }
    ]
}

Mapping:

  • appappName
  • there is no direct equivalent for appID. in this case we recommend using app or generating it by creating an md5 hash of app
  • user_namename
  • user or userkeyemail
  • timestamplastSeen

Financial System

Service discovery

  • Used to discover new SaaS and add the services to your workspace
  • Data types used: Vendor
  • Required data:
    • vendorID string (max 255) - unique identifier of the vendor in the data source
    • vendorName string (max 255) - display- or clearname of the vendor in the data source

Service and spend discovery

  • Used to discover new SaaS and Invoices and add them to your workspace
  • Data types used: Vendor, Invoice
  • Required data:
    • vendorID string (max 255) - unique identifier of the vendor in the data source
    • vendorName string (max 255) - display- or clearname of the vendor in the data source
    • invoiceID string (max 255) - unique identifier of the invoice in the data source
    • description string (max 255) - description of the invoice in the data source
    • amount string (max 255) - total amount of the invoice in the data source
      • example of valid amount string: 12345.68
    • currency string (ISO 4217) - currency of the invoice in the data source
      • example of valid currency format: USD, EUR
    • invoiceDate string (ISO 8601) - date of the invoice in the data source
      • example of valid invoiceDate format: 2020-11-03T00:00:00Z

Expense Management System

Spend discovery (support planned)

Credit Card

Spend discovery (support planned)

Contract Management System

Service discovery (support planned)

Service and renewals discovery (support planned)

HR Information System

People discovery (support planned)

Departments discovery (support planned)

People and departments discovery (support planned)


Did this page help you?