SIEM

Exporting Authentication Logs Directly to your SIEM tool

Coming Soon: Direct Links to Select SIEM Tools

In the Validia Platform, connecting your Know-Your-People verifications from Zoom, Microsoft Teams, and other video conferencing platforms has never been easier. We provide a straightforward API for pulling down logs, as well as some guidelines on how to import these logs into your SIEM tool of choice.

Retrieving Logs

You can quickly and easily pull down your verification logs with the following command! (see API for details on retrieving your access key)

CURL

curl -X GET \
  "https://api.validia.ai/siem-verifications?start_time={EPOCH_START_TIME}&end_time={EPOCH_END_TIME}&limit=1000" \
  -H "Authorization: Bearer {YOUR_ACCESS_TOKEN}"

Python

import requests

url = "https://api.validia.ai/siem-verifications"
headers = {
    "Authorization": "Bearer {YOUR_ACCESS_TOKEN}"
}
params = {
    "start_time": "{EPOCH_START_TIME}",
    "end_time": "{EPOCH_END_TIME}",
    "limit" : "1000"
}

response = requests.get(url, headers=headers, params=params)

# Print the response
print(response.json())

# Optional: Handle errors
if response.status_code != 200:
    print(f"Error: {response.status_code}")
    print(response.text)

If you don't add a start time, end time, or limit, the defaults are as follows!

start_time = 1 hour ago
end_time = Now
limit = 1000

Working with the logs

In terms of the data you will receive back, the logs will look as follows:

- Each event has the following fields that should be mapped:
  - id: Unique numeric identifier
  - bot_id: UUID/string identifier for the source bot
  - epoch_timestamp: Unix timestamp
  - name: User/entity name
  - confidence: Floating point value between 0-1
  - organization: Organization identifier

And below are some standards when working with these logs:

- Timestamp conversion: Convert epoch_timestamp to your SIEM's preferred format
  Example: epoch_timestamp 1726074384 → ISO 8601 format
  
- Normalize confidence scores:
  - Confidence is on a 0-1 scale (multiply by 100 for percentage)
  - Consider setting severity/priority based on confidence:
    * High (>0.8)
    * Medium (0.6-0.8)
    * Low (<0.6)

- Create correlation rules for:
  - Multiple low confidence events from same bot_id within short timeframe
  - Sudden drops in confidence scores

PreviousCalendar NextSlack

Last updated 2 months ago

Was this helpful?

import requests url = "https://api.validia.ai/siem-verifications" headers = { "Authorization": "Bearer {YOUR_ACCESS_TOKEN}" } params = { "start_time": "{EPOCH_START_TIME}", "end_time": "{EPOCH_END_TIME}", "limit" : "1000" } response = requests.get(url, headers=headers, params=params) # Print the response print(response.json()) # Optional: Handle errors if response.status_code != 200: print(f"Error: {response.status_code}") print(response.text)

- Each event has the following fields that should be mapped: - id: Unique numeric identifier - bot_id: UUID/string identifier for the source bot - epoch_timestamp: Unix timestamp - name: User/entity name - confidence: Floating point value between 0-1 - organization: Organization identifier

- Timestamp conversion: Convert epoch_timestamp to your SIEM's preferred format Example: epoch_timestamp 1726074384 → ISO 8601 format - Normalize confidence scores: - Confidence is on a 0-1 scale (multiply by 100 for percentage) - Consider setting severity/priority based on confidence: * High (>0.8) * Medium (0.6-0.8) * Low (<0.6) - Create correlation rules for: - Multiple low confidence events from same bot_id within short timeframe - Sudden drops in confidence scores