JumpCloud’s open directory platform allows the user to unify technology stack across identity, access, and device management, in a manner that doesn’t sacrifice security or functionality.
JumpCloud can be integrated to Coralogix using a designated script
It is recommended to create a read-only administrator account for the API key used in the integration
The API key can be found by clicking your initials on the top right of the JumpCloud platform and then clicking “My API Key”
# Update the list of packages sudo apt-get update # Install pre-requisite packages. sudo apt-get install -y wget apt-transport-https software-properties-common # Download the Microsoft repository GPG keys wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" # Register the Microsoft repository GPG keys sudo dpkg -i packages-microsoft-prod.deb # Update the list of packages after we added packages.microsoft.com sudo apt-get update # Install PowerShell sudo apt-get install -y powershell # Start PowerShell pwsh
Install-Module -Name JumpCloud
crontab -e
* * * * * /usr/bin/pwsh ~/JC-DI2SIEM/JC-DI2SIEM.ps1 -config_file:~/JC-DI2SIEM/config_coralogix.json 2>&1
After successfully completing the provided steps, logs will start to ingest to the provided Coralogix account
Log example
{ "jumpcloud": { "initiated_by": { "id": "637212c33f396457d287dad6", "type": "admin", "email": "[email protected]" }, "geoip": { "country_code": "IL", "timezone": "Asia/Jerusalem", "latitude": 32.0803, "continent_code": "AS", "region_name": "Tel Aviv", "longitude": 34.7805, "region_code": "TA" }, "useragent": { "minor": "0", "os": "Mac OS X", "os_minor": "15", "os_major": "10", "os_version": "10.15.7", "version": "108.0.0.0", "os_patch": "7", "patch": "0", "os_full": "Mac OS X 10.15.7", "major": "108", "name": "Chrome", "os_name": "Mac OS X", "device": "Mac" }, "mfa": false, "event_type": "admin_login_attempt", "success": true, "service": "directory", "organization": "637212c33f396", "@version": "1", "client_ip": "10.20.30.40", "id": "639f9ea9ac5d37", "jc_timestamp": "2022-12-18T14:57:03.801Z", "reqHost": "jumpcloud", "customField": "jumpcloud", "severity": "info" } }