Ping Identity

Overview

Ping Identity Ping Identity is an identity and access management (IAM) company that provides secure authentication and single sign-on (SSO) solutions for enterprises. Its platform enables organizations to manage user identities, enforce multi-factor authentication (MFA), and implement zero-trust security policies across applications and cloud environments. Ping Identity supports modern authentication standards like SAML, OAuth, and OpenID Connect, helping businesses enhance security while delivering seamless user experiences.

Supported data types

PingOne Events

Table name: ping_one_events

PingOne Events are detailed logs generated by Ping Identity’s PingOne platform, capturing user authentication, access attempts, administrative actions, and security-related activities. These events provide real-time visibility into identity and access management, helping organizations monitor login trends, detect anomalies, and ensure compliance with security policies. By analyzing PingOne Events, security teams can identify potential threats, enforce authentication controls, and maintain a secure access environment across cloud and on-premises applications.

Learn more here.

Ping Federate Audit Logs

Table name: ping_federate_audit_logs

PingFederate Audit Logs are detailed records of authentication, authorization, and administrative activities within the PingFederate identity federation platform. These logs capture events such as user logins, SSO transactions, failed authentication attempts, and configuration changes. By analyzing audit logs, organizations can monitor security events, detect anomalies, and ensure compliance with regulatory requirements. These logs provide valuable insights for troubleshooting authentication issues and strengthening identity security across enterprise environments.

Learn more here.

Send data to Hunters

PingOne Events via API

Ping One Events can be connected to Hunters using API.

To connect PingOne Events:

1. Follow this guide, and create an API admin for Hunters.

2. To obtain the created API client ID and secret, go to Dashboard → Reporting → API Clients and expand any existing client to see the Client ID and Client Secret values.

3. Follow this guide to create a poll subscription. Make sure that:
   a. In step 3, SSO and PingID report types are selected.
   b. In step 5, the maximum batch size possible is selected.

4. Complete the process on the Hunters platform, following this guide.

Ping Federate Audit Logs via AWS S3

Hunters supports the collection of Ping Federate Audit logs using an intermediary AWS S3 bucket.

To connect Ping Federate Audit Logs:

1. Set up log collection from your on-premise storage and ship the logs to an S3 bucket shared with Hunters. The expected format is a CSV file separated by a |, as exported by Ping Federate, with the following default header:
   

   "timestamp"|"event"|"subject"|"ip"|"app"|"connectionid"|"protocol"|"host"|"role"|"status"|"adapterid"|"description"|"responsetime"

   
   In case the fields are exported in a different CSV header, please supply your dedicated header as a part of the ingestion request.

2. Contact Hunters Support to establish the connection.

Expected format

Ping One Sample Log

Logs are expected in JSON format.

{"source": "PINGID", "id": "12345678-2222-1111-abcd-12345678901234", "recorded": "2022-01-01T01:10:53.208Z", "action": null, "actors": [{"type": "user", "name": "username", "id": null}], "resources": [{"id": null, "type": null, "name": null, "websession": "session_id", "pingidmsg": "SSO Mobile App Biometrics "iPhone 8 Plus (GSM)"", "devicemodel": "iPhone 8 Plus (GSM)"}], "client": null, "result": {"status": "SUCCESS", "message": "SSO Mobile App Biometrics "iPhone 8 Plus (GSM)""}}

Ping Federate Sample Log

Logs are expected in CSV format separated by a |.

2022-12-01 10:54:55,323|SSO| username| 1.2.3.4 | https://google.com| cid| SAML20| hostname| IdP| success| [PGEDMemberOfAdapter, PIngEDCompositeAdapter]| | 1507