Configure Ingest for PingOne Service

To send the logs from PingOne to LogScale we are going to use the built-in webhook functionality of Ping Identity.

See the Ping Identity documentation for how to create a webhook.

Configure the webhook with the following settings:

  • Name: Any descriptive name you like, for example, 'Send to LogScale'

  • Destination URL: <your-logscale-base-URL>/api/v1/ingest/hec

  • Format: Ping Activity Format (choose from drop-down)

  • Certificates: This is used for setting TLS on the webhook connection, but you only need to set it if you are using a self-hosted instance of LogScale. If you are using cloud instances of LogScale, the certificates are already in place.

    • Allow TLS connection with untrusted certificates should be unchecked for security purposes

  • Custom HTTP Headers - Select Add Custom HTTP Header and configure as;

    • Key: enter Authorization

    • Value: enter your LogScale ingest token prefixed with "Bearer" e.g. Bearer<LogScale_ingest_token>

  • Filters - Select the following event types from the drop down selection:

    • User Access Events

      • User Access Allowed

      • User Access Denied

      • User Created

      • User Deleted

      • User Locked

      • User Moved

      • User Unlocked

      • User Updated

    • Secret Events

      • Secret Read

    • Session Events

      • Session Created

      • Session Deleted

      • Session Updated

    • Otp Check Events

      • Otp Check Failed

      • Otp Check Invalid

      • Otp Check Success

    • Password Events

      • Password Check Failed

      • Password Check Succeeded

      • Password Reset

    • Flow Events

      • Flow Started

      • Flow Completed

      • Flow Updated

    • Flow Definition Events

      • Flow Definition Created

      • Flow Definition Deleted

      • Flow Definition Updated

    • Assertion Check Events

      • Assertion Check Failed

      • Assertion Check Success