Release notes for the Splunk Add-on for Okta Identity Cloud
Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud was released on April 30, 2024.
Compatibility
Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 9.1.x, 9.2.x |
CIM | 5.3.1 |
Platforms | Platform independent |
Vendor Products | Okta API v1 |
New Features
- Enhanced CIM support to a few important security eventTypes which are described below:
- Added CIM support to the eventTypes -
system.email.new_device_notification.sent_message
,security.behavior.settings.update
,user.account.report_suspicious_activity_by_enduser
,device.user.remove
,user.account.expire_password
,system.idp.lifecycle.read_client_secret
,system.idp.lifecycle.delete
,system.idp.lifecycle.deactivate
,system.idp.lifecycle.activate
,system.idp.lifecycle.create
,policy.rule.delete
- Enhanced CIM data model tagging from Alerts DM to Authentication DM for the eventType -
system.push.send_factor_verify_push
- Added CIM support to the eventTypes -
- Updated cron schedule of all the savedsearches.
- All the savedsearch would run at a gap of 10 mins and not at the same time. This will resolve the search concurrency issue.
- Multi-line logs and error tracebacks logged in the add-on's log file will now be ingested in Splunk as a single event
- This will let users have better visibility of the error tracebacks and will resolve the issue of timestamping of the add-on logs
- Introduced a System Log Streaming Dashboard, which monitors the data ingestion of system logs in the add-on.
- This will enable users to know about the system logs events being missed between a specific time range, and they can recollect the system logs using the modular input and fill the data gap
- Introduced a new parameter "End Date" for Logs Metric in modular input
- Utilizing this parameter, users will be able to collect the system logs between a time range by providing appropriate values in "Start Date" and "End Date" fields
- Enhanced KVStore lookups with the entities' names and the IDs.
- A new event schema for the sourcetypes as mentioned in the following table:
sourcetype | new event schema or new sample log |
---|---|
OktaIM2:groupUser | {"groupid": "00g7nvgb8z6yN7ysn5d7", "groupName": "Everyone", "userName": "userokta@gmail.com", "userid": "00u7p8lo0kub5T2hu5d7", "lastMembershipUpdated": "2022-12-20T10:46:07.000Z"} |
OktaIM2:appUser | {"appid": "0oa6w98nquVw81Xf35d7", "appName": "oidc_client", "appLabel": "Okta Admin Console", "userid": "00u7nuurr6YO0Wi765d7", "externalId": null, "userName": "userokta@gmail.com", "created": "2022-12-16T10:25:00.000Z", "lastUpdated": "2022-12-16T10:25:00.000Z", "statusChanged": "2022-12-16T10:24:59.000Z", "scope": "USER", "status": "ACTIVE"} |
- Because of this, the KVStore lookups and field extractions will also be enhanced for respective sourcetypes
- Introduced Monitoring Dashboards, which enabled the users to have an insight into the count of events ingested and the volume of data ingested based on various parameters like - Host, Source, Index, Input, Sourcetype, Account
- Verified IPv6 compliance checks for the add-on and enhanced TA functionality accordingly
- Enhanced the UI experience of the add-on for the users
- Provided CIM support of the latest version - 5.3.1
- Backlog enhancements and library updates
Fixed issues
Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:
Known issues
Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported.
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions.
Performance Statistics for Okta System Logs Data Collection through Modinput | Release history for the Splunk Add-on for Okta Identity Cloud |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!