# es_loader ã«ã‚ˆã‚‹ Okta ã®ãƒã‚°å–ã‚Šè¾¼ã¿

ä»¥ä¸‹ã®æµã‚Œã§ Okta ã®ç›£æŸ»ãƒã‚°ã‚’å–ã‚Šè¾¼ã¿ã¾ã™ã€‚

1. Okta ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã§ãƒã‚°å–å¾—ç”¨ã®ãƒˆãƒ¼ã‚¯ãƒ³ã‚’ç™ºè¡Œ
2. ç™ºè¡Œã—ãŸãƒˆãƒ¼ã‚¯ãƒ³ã‚’ä½¿ã„ Fetch ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ãƒã‚°å–å¾—ã® API ã‚’å©ã
3. API ã§å–å¾—ã—ãŸãƒã‚°ã‚’ S3 ã¸å‡ºåŠ›
4. S3 ã¸ã®ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆé…ç½®ã§ es-loader ãŒã‚ãƒƒã‚¯ã•ã‚Œ OpenSearch ã¸ãƒãƒ¼ãƒ‰

## Okta ã®ãƒã‚°ã‚’ S3 ã¸ä¿å˜

[ã“ã¡ã‚‰](https://github.com/yopiyama/fetch-okta-logs-lambda) ã® Fetch ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’ä½¿ç”¨ã—ã€Okta ã®ãƒã‚°å–å¾—ã‚’è¡Œã„ã¾ã™ã€‚

### Installation

[Fetch ã‚¹ã‚¯ãƒªãƒ—ãƒˆå´ã® README](https://github.com/yopiyama/fetch-okta-logs-lambda/blob/master/README.md) ã«è¨˜è¼‰ã—ã¦ã‚ã‚Šã¾ã™ã€‚

## Template

`log-intra-audit-okta` ã¨ `log-audit-saas` ã® Index Pattern ã‚’ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ãªã©ã§åˆ¥é€”ç”Ÿæˆã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

### Component Template

```json
PUT _component_template/component_template_log-intra-audit-okta
{
  "template": {
    "mappings": {
      "properties": {
        "okta.client.ip": {
          "type": "ip"
        },
        "okta.security_context.as.number": {
          "type": "long"
        },
        "okta.security_context.as.organization.name": {
          "fields": {
          "text": {
            "type": "text"
          }
          },
          "type": "keyword"
        }
      }
    },
    "aliases":{
      "log-intra-audit-okta":{},
      "log-audit-saas": {}
    }
  }
 }
```

### Index Template

```json
PUT _index_template/log-intra-okta-audit
{
  "index_patterns": [
    "log-intra-audit-okta-*"
  ],
  "composed_of": [
    "component_template_log",
    "component_template_log-intra-audit-okta"
    ]
}
```