About the vault's audit log - google-vault-api

I would like to get the audit logs for the Vault using the API, in order to get the audit logs in the API and monitor the logs in the SIEM.
I followed various links, but did not get any useful information.
https://support.google.com/vault/answer/4239060?hl=en
https://googleapis.github.io/google-api-python-client/docs/dyn/vault_v1.html
https://developers.google.com/vault/reference/rest
Is there an API to handle vault audit logs in the first place? If so, can you provide me with API endpoints and instructions or links on how to use them?

Audit logs are not currently available in Vault API.
There's currently a feature request in Issue Tracker regarding the implementation of this functionality. I'd suggest you to click the star on the top-left in order to keep track of this request and to help prioritizing its implementation:
Audit reporting functionality #api #audit-logs

Related

Is there a way to raise SNOW ticket as notification for query failures in snowflake?

I was going through the integration documents available for snowflake & service now. But, all documents are oddly focussed on sf consuming snow data for analytics. Didn't find anything related to creating tickets for failures at snowflake. Is it possible?
It's not about the monitoring & notification aspect of snowflake but connecting with service now and raise a ticket for query failures (tasks,sp etc.)
Any ideas?
There's no functionality like that as of now. I can recommend you open an Idea for it and if enough customers want it our Product Management will review it.
For the Snowpipe, we found a way to use it. We send the error message to SNS and then we can do a Lambda function to call the Rest API of ServiceNow to create a ticket.
For Task, we find that it is possible to use External Functions to notify to AWS whenever the Task fails, but we haven’t implemented it.
Email is a simple way. You need to determine how your ServiceNow instance is processing emails. We implemented incident creation from Azure App Insights based on emails.
In ServiceNow find the Inbound Action you need to process the email or make one.
ServiceNow provides every instance with an email account
Refer to enter link description here
The instance email is usually xxxx#service-now.com.
If your instance url is "audi.service-now.com", the email would be "audi#service-now.com".
For a PDI dev#servicenowdevelopers.com, e.g.; dev12345#servicenowdevelopers.com

How to get only the users that have a mailbox in Azure active directory using Microsoft Graph API?

I am using Microsoft Graph API to read emails (/users/{id | userPrincipalName}/messages) in the mailboxes of the users in my Azure active directory. I have noticed that for some users, I get this error:
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: REST API is not yet supported for this mailbox.
Upon investigation, I found out that these users do not have a valid license and also don't have a mailbox attached to them. Ideally, I would like to only fetch the users that have a mailbox enabled. I tried checking the assignedLicenses property of each user and only fetch emails for those users that have a valid license assigned to them but, I'm not sure if this is a reliable method as users might have some other license and still not have a mailbox enabled.
Can someone please suggest a straightforward way to only fetch the users that have mailboxes attached? Any help or hint shall be highly appreciated.
I don't see much options from Microsoft Graph perspective. Definitely checking the license is one good way, but you may not have much options with that. Being said that i see the following options,
you may need to use mailboxsettings API call of the user. This way you can get and update the mailbox settings of the user.
Also you can use Get-mailbox Exchange Powershell cmdlet to validate the same as well.

Is there a way to run email to/from search via the Google Email API?

I haven't been able to find any information on an API that allows to perform an email API log search on G-Suite. For security, we want to be able to have to run a search for, say, all emails originating from user#ourgsuitedomain.com and all emails coming to. While this is possible in admin.google.com, I want to know if it's possible via an API.
All I found about this is outdated threads right here on SO.
The only option to audit emails is to create an email monitor with the Email Audit API, in the case that you may want to implement ver singular search criteria, consider that the API may not fit your requirements completely. You can find the documentation at https://developers.google.com/admin-sdk/email-audit/

Retrieve a Chat Log watson assistant

I'm using Watson Assistant and Cloud Function in a basic chatbot. How can i retrieve via Cloud Function (node.js) the chatlog of a specific conversation? I'd like to implement this user functionality. So for example, if the user types "Chat Log", Watson Assistant send him back (via Cloud Function) his chatlog. Thanks.
In case you are using v1 version of the Watson Assistant(WA), you will get the logs via the API: https://cloud.ibm.com/apidocs/assistant/assistant-v1#listlogs
In case you are using v2 version of the Watson Assistant(WA), you will get the logs via the API: https://cloud.ibm.com/apidocs/assistant/assistant-v2#listlogs
In both of these versions, you will find a filter parameter which can be set to the current chat conversation ID or session ID and could be used to get the chat log.
Now there is a REST API that allows to get the user conversations - however this gets all users conversations so you would need to implement some kind of a proxy that would filter these logs anyway.
For this particular use case, I believe, it would be the best to log the conversations into a separate database where the data would be organized by user id. First of all - separate results for particular user can be achieved easilly in this case, second of all - in IBM Cloud in Watson Assistant the chat logs are kept for 30 days - that might not be enough for this kind of functionality.

How to retrieve users recent activity [audit] from google's api

We have a requirement to track the users recent activity, basically auditing and fetch those tracked details for further process. It is similar to recent activity of a user in Linkedin?
I checked angular-google-analytics github lib, it shows how to track users activity but there is no api to fetch user's activity
i also found google's Real Time Reporting API but that documentation made me more confuse.
I surveyed http://heapanalytics.com/, they also don't expose any API to fetch the tracked user data
Please suggest, how to take this forward.

Resources