Create OktaSSOV1.yaml

Solutions/Okta Single Sign-On/Parsers/OktaSSOV1.yaml

@@ -0,0 +1,60 @@
+id: ee884976-418c-472d-8a91-3533f4aa15d0
+Function:
+  Title: Backward Compatibility Parser for Okta SSO
+  Version: '1.0.0'
+  LastUpdated: '2023-09-07'
+Category: Microsoft Sentinel Parser
+FunctionName: OktaSSOV1
+FunctionAlias: OktaSSOV1
+FunctionQuery: |
+    let Okta_SSO_v1 = view () {
+    let p = OktaSSONativePollerV2_CL | 
+        project TimeGenerated, 
+        actor_alternateId_s=OriginalActorAlternateId,  
+        actor_detailEntry_s=ActorDetailEntry,  
+        actor_displayName_s=ActorDisplayName,  
+        actor_id_s=OriginalUserId,
+        actor_type_s=OriginalUserType,  
+        authenticationContext_authenticationProvider_s=AuthenticationContextAuthenticationProvider,  
+        authenticationContext_authenticationStep_d=toreal(AuthenticationContextAuthenticationStep),  
+        authenticationContext_credentialProvider_s=AuthenticationContextCredentialProvider,  
+        authenticationContext_credentialType_s=LogonMethod,  
+        authenticationContext_externalSessionId_s=ActorSessionId,  
+        authenticationContext_interface_s=AuthenticationContextInterface,  
+        authenticationContext_issuerId_s=AuthenticationContextIssuerId,  
+        authenticationContext_issuerType_s=AuthenticationContextIssuerType,  
+        client_device_s=OriginalClientDevice,  
+        client_geographicalContext_city_s=SrcGeoCity,  
+        client_geographicalContext_country_s=SrcGeoCountry,  
+        client_geographicalContext_geolocation_lat_d=SrcGeoLatitude,  
+        client_geographicalContext_geolocation_lon_d=SrcGeoLongtitude,  
+        client_geographicalContext_postalCode_s=SrcGeoPostalCode,  
+        client_geographicalContext_state_s=SrcGeoRegion,  
+        client_id_s=SrcDvcId,  
+        client_ipAddress_s=SrcIpAddr,  
+        client_userAgent_browser_s=ActingAppName,  
+        client_userAgent_os_s=SrcDvcOs,  
+        client_userAgent_rawUserAgent_s=HttpUserAgent,  
+        client_zone_s=SrcZone,  
+        debugContext_debugData_s=DebugData,  
+        displayMessage_s=EventMessage,  
+        eventType_s=EventOriginalType,  
+        legacyEventType_s=LegacyEventType,  
+        uuid_g=EventOriginalUid,  
+        outcome_reason_s=EventOriginalResultDetails,  
+        outcome_result_s=OriginalOutcomeResult,  
+        request_ipChain_s=tostring(Request),  
+        securityContext_asNumber_d=toreal(SecurityContextAsNumber),  
+        securityContext_asOrg_s=SecurityContextAsOrg,  
+        securityContext_domain_s=SecurityContextDomain,  
+        securityContext_isp_s=SrcIsp,  
+        securityContext_isProxy_b=SecurityContextIsProxy,  
+        severity_s=OriginalSeverity,  
+        target_s=tostring(OriginalTarget),    
+        transaction_details_s=TransactionDetail,  
+        transaction_id_s=TransactionId,  
+        transaction_type_s=TransactionType,
+        version_s = Version;
+        union isfuzzy=true p,Okta_CL
+    };
+    Okta_SSO_v1();