Discovery capabilities of custom integrations

Single Sign-On & CASB System

Service discovery

  • Used to discover new SaaS and add the services to your workspace
  • Data types used: Application
  • Required data:
    • appID string (max 255) - unique identifier of the app in the data source
    • appName string (max 255) - display- or clearname of the app in the data source

Examples

AzureAD

Importing Applications from GET <https://graph.microsoft.com/v1.0/applications>

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications",
  "value": [
    {
      "appId": "00000000-0000-0000-0000-000000000000",
      "identifierUris": [ "http://contoso/" ],
      "displayName": "My app",
      "publisherDomain": "contoso.com",
      "signInAudience": "AzureADMyOrg"
    }
  ]
}

Map appId to appID and displayName to appName and ingest data into your ADX database.

Service and user account discovery (support planned)

  • Used to discover new SaaS and add the services to your workspace
  • Data types used: Application, User
  • Required data:
    • appID string (max 255) - unique identifier of the app in the data source
    • appName string (max 255) - display- or clearname of the app in the data source
    • name string (max 64) - full or display name of the user
    • email string (max 255) - user's email address
    • lastSeen string (ISO 8601) - time of the login or usage event

Examples

Netskope

Importing application events from POST https://<tenant-name>.goskope.com/api/v1/events?type=application

{
    "status": "success",
    "data": [
      {
        "nsdeviceuid": "00000000-0000-0000-0000-000000000000",
        "src_geoip_src": 2,
        "src_region": "California",
        "app": "Syncplicity",
        "appcategory": "Cloud Storage",
        "activity": "View All",
        "timestamp": 1575159388,
        "user": "[email protected]",
        "userkey": "[email protected]",
        "user_name": "john smith",
        "device": "Windows Device",
        ...
      }
    ]
}

Mapping:

  • appappName
  • there is no direct equivalent for appID. in this case, we recommend using app or generating it by creating an md5 hash of app
  • user_namename
  • user or userkeyemail
  • timestamplastSeen

Financial System

Service discovery

  • Used to discover new SaaS and add the services to your workspace
  • Data types used: Vendor
  • Required data:
    • vendorID string (max 255) - unique identifier of the vendor in the data source
    • vendorName string (max 255) - display- or clearname of the vendor in the data source

Service and spend discovery

  • Used to discover new SaaS and Invoices and add them to your workspace
  • Data types used: Vendor, Invoice
  • Required data:
    • vendorID string (max 255) - unique identifier of the vendor in the data source
    • vendorName string (max 255) - display- or clearname of the vendor in the data source
    • invoiceID string (max 255) - unique identifier of the invoice in the data source
    • description string (max 255) - description of the invoice in the data source
    • amount decimal - the total amount of the invoice in the data source
      • example of valid amount: 12345.68
      • 0 is not a valid amount
    • currency string (ISO 4217) - the currency of the invoice in the data source
      • example of valid currency format: USD, EUR
    • invoiceDate string (ISO 8601) - date of the invoice in the data source
      • example of valid invoiceDate format: 2020-11-03T00:00:00Z

Contract Management System

Service discovery

  • Used to discover new SaaS and add the services to your workspace
  • Data types used: Supplier
  • Required data:
    • supplierExternalID string (max 255) - unique identifier of the vendor in the data source
    • supplierName string (max 255) - display- or clearname of the vendor in the data source

Service and contracts discovery

  • Used to discover new SaaS and Contracts and add them to your workspace
  • Data types used: Supplier, Contract
  • Required data:
    • externalID string (max 255) - unique identifier of the contract in the data source
    • supplierExternalID string (max 255) - unique identifier of the vendor in the data source
    • supplierName string (max 255) - display- or clearname of the vendor in the data source
    • type - either regular or subscription
    • startDate string (ISO 8601) - start date of the contract in the data source
      • example of valid startDate format: 2020-11-03T00:00:00Z
    • endDate string (ISO 8601) - end date of the contract in the data source
      • example of valid endDate format: 2020-11-03T00:00:00Z
      • empty in case type is set to subscription
    • renewalType - either automatic or manual
    • totalValue decimal - total value of the contract
      • example of valid amount: 12345.68
    • currency string (ISO 4217) - the currency of the invoice in the data source
      • example of valid currency format: USD, EUR
  • Optional data:
    • contractTitle string (max 255) - descriptive contract title
    • volume integer - volume of the contract
    • description string (max 255) - custom description of the contract

Expense Management System

Spend discovery (support planned)

Credit Card

Spend discovery (support planned)

HR Information System

People discovery (support planned)

Departments discovery (support planned)

People and departments discovery (support planned)