Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Back to All Integrations

JumpCloud JumpCloud

Last Updated: Dec. 22, 2022

JumpCloud’s open directory platform allows the user to unify technology stack across identity, access, and device management, in a manner that doesn’t sacrifice security or functionality.

JumpCloud can be integrated to Coralogix using a designated script

Prerequisites

  1. A virtual machine used as an intermediate
  2. Access to JumpCloud platform as Administrator for the API Key

It is recommended to create a read-only administrator account for the API key used in the integration

The API key can be found by clicking your initials on the top right of the JumpCloud platform and then clicking “My API Key”

Deployment

  • Login to the Instance that will be used for shipping the JumpCloud logs
  • Copy the script and configuration file to the instance
  • Install PowerShell on the instance by copying and running the following script
# Update the list of packages
sudo apt-get update
# Install pre-requisite packages.
sudo apt-get install -y wget apt-transport-https software-properties-common
# Download the Microsoft repository GPG keys
wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb"
# Register the Microsoft repository GPG keys
sudo dpkg -i packages-microsoft-prod.deb
# Update the list of packages after we added packages.microsoft.com
sudo apt-get update
# Install PowerShell
sudo apt-get install -y powershell
# Start PowerShell
pwsh
  • Install the JumpCloud module
Install-Module -Name JumpCloud
  • Edit the configuration file
    • jumpcloud.api_key – Your private key can be found in your Coralogix account under Settings>Send Your Data. Learn more about your private key.
    • siem.url – https://api.<coralogix domain>/logs/datastream
    • custom_log_fields.reqHost – Application name
    • custom_log_fields.customField – Subsystem name
  • In the virtual machine instance, create a cronjob with the following command
crontab -e
  • In the crontab document, paste the following line
* * * * * /usr/bin/pwsh ~/JC-DI2SIEM/JC-DI2SIEM.ps1 -config_file:~/JC-DI2SIEM/config_coralogix.json 2>&1
  • Save & quit the crontab

After successfully completing the provided steps, logs will start to ingest to the provided Coralogix account

Log example

{
  "jumpcloud": {
    "initiated_by": {
      "id": "637212c33f396457d287dad6",
      "type": "admin",
      "email": "[email protected]"
    },
    "geoip": {
      "country_code": "IL",
      "timezone": "Asia/Jerusalem",
      "latitude": 32.0803,
      "continent_code": "AS",
      "region_name": "Tel Aviv",
      "longitude": 34.7805,
      "region_code": "TA"
    },
    "useragent": {
      "minor": "0",
      "os": "Mac OS X",
      "os_minor": "15",
      "os_major": "10",
      "os_version": "10.15.7",
      "version": "108.0.0.0",
      "os_patch": "7",
      "patch": "0",
      "os_full": "Mac OS X 10.15.7",
      "major": "108",
      "name": "Chrome",
      "os_name": "Mac OS X",
      "device": "Mac"
    },
    "mfa": false,
    "event_type": "admin_login_attempt",
    "success": true,
    "service": "directory",
    "organization": "637212c33f396",
    "@version": "1",
    "client_ip": "10.20.30.40",
    "id": "639f9ea9ac5d37",
    "jc_timestamp": "2022-12-18T14:57:03.801Z",
    "reqHost": "jumpcloud",
    "customField": "jumpcloud",
    "severity": "info"
  }
}

On this page