search

infoLog Forwarding (API)

Exporting Authentication Logs Directly to your SIEM tool

In the Validia Platform, connecting your Know-Your-People verifications from Zoom, Microsoft Teams, and other video conferencing platforms is simple and efficient. Validia provides a straightforward API to retrieve identity verification logs and includes guidelines to help you import these logs into your preferred SIEM tool.

hashtag
Retrieving Logs

You can quickly and easily pull down your verification logs with the following command! (see API Setup for details on retrieving your access key)

hashtag
CURL

curl -X GET \
  "https://api.validia.ai/siem-verifications?start_time={EPOCH_START_TIME}&end_time={EPOCH_END_TIME}&limit=1000" \
  -H "Authorization: Bearer {YOUR_ACCESS_TOKEN}"

hashtag
Python

import requests

url = "https://api.validia.ai/siem-verifications"
headers = {
    "Authorization": "Bearer {YOUR_ACCESS_TOKEN}"
}
params = {
    "start_time": "{EPOCH_START_TIME}",
    "end_time": "{EPOCH_END_TIME}",
    "limit" : "1000"
}

response = requests.get(url, headers=headers, params=params)

# Print the response
print(response.json())

# Optional: Handle errors
if response.status_code != 200:
    print(f"Error: {response.status_code}")
    print(response.text)

If you do not include start_time, end_time, or limit, the following defaults will apply:

  • start_time: 1 hour ago

  • end_time: Now

  • limit: 1000

hashtag
Working with the logs

The API will return a list of verification events, each containing the following fields:

  • id: Unique numeric identifier

  • bot_id: UUID or string identifier for the source bot

  • epoch_timestamp: Unix timestamp

  • name: User or entity name

  • confidence: Float between 0 and 1

  • organization: Organization identifier

hashtag
Recommended Practices

Timestamp Conversion

Convert the epoch_timestamp field into your SIEM's preferred format.

  • Example: epoch_timestamp = 1726074384

  • Converts to: ISO 8601 format

hashtag
Normalize Confidence Scores

  • The confidence field is on a 0–1 scale

  • Multiply by 100 if needed to convert to a percentage

  • Recommended interpretation:

    • High: > 0.8

    • Medium: 0.6 – 0.8

    • Low: < 0.6

hashtag
Create Correlation Rules

Consider creating rules in your SIEM for patterns like:

  • Multiple low-confidence events from the same bot_id within a short time window

  • Sudden drops in confidence scores over time

PreviousMicrosoft SentinelNextSSO & Identity Providers

Last updated

Was this helpful?