# PingIdentity PingOne 的来源配置
## 与 PingIdentity PingOne 集成
PingOne 是 PingIdentity 基于云的身份即服务(IDaaS)平台,提供身份和访问管理功能。CloudWatch 管道使用 PingOne Audit Logs API 检索您的 PingOne 环境中的身份验证事件、用户活动、政策决策和管理变更的相关信息。Audit Logs API 支持通过 REST 端点访问事件数据,从而允许从 PingOne 组织检索安全和访问日志。
## 使用 PingIdentity PingOne 进行身份验证
要读取日志,该管道需要通过 PingOne 环境进行身份验证。对于 PingOne,身份验证将使用 OAuth2 执行。
**为 PingOne 配置 OAuth2 身份验证**
+ 登录 PingOne 控制台并导航至“应用程序”→“应用程序”。创建一个工作线程类型的新应用程序。记下客户端 ID 和环境 ID。
+ 从“配置”选项卡生成新的客户端密钥。立即复制密钥。
+ 在 AWS Secrets Manager 中创建密钥,将客户端 ID 存储在 `client_id` 键下,将客户端密钥存储在 `client_secret` 键下。
+ 为应用程序分配环境管理员和应用程序所有者角色。
+ 确定您的 PingOne 区域(NA、EU、AP、AU、CA、SG)。
+ 记下“设置”→“环境”→“属性”中的环境 ID。
## 配置 CloudWatch 管道
要将管道配置为读取日志,请选择 PingOne 作为数据来源。填写环境 ID 等必填信息。(可选)指定区域(默认为 NA)和范围持续时间格式(例如,最近 21 小时记为 PT21H)。默认范围为 0 小时,最大值为 90 天。创建并激活管道后,PingOne 中的审计日志数据将立即开始流入选定的 CloudWatch Logs 日志组。
## 支持的开放式网络安全架构框架事件类
本次集成支持 OCSF 架构 v1.5.0 版本,同时支持可映射到“账户变更”(3001)、“身份验证”(3002)和“实体管理”(3004)的 PingOne 事件。
**账户变更**包含以下事件:
+ USER.CREATED
+ USER.INVITED
+ USER.REINVITED
+ USER.INVITE\_ACCEPTED
+ PASSWORD.FORCE\_CHANGE
+ PASSWORD.RECOVERY
+ PASSWORD.RESET
+ USER.INVITE\_REVOKED
+ USER.DELETED
+ USER.LOCKED
+ MFA\_SETTINGS.UPDATED
+ PASSWORD.UNLOCKED
+ USER.UNLOCKED
**身份验证**包含以下事件:
+ AUTHENTICATION.CREATED
+ RADIUS\_SESSION.CREATED
+ SESSION.CREATED
+ SESSION.UPDATED
+ SESSION.DELETED
+ USER.SLO\_FAILURE
+ USER.SLO\_PARTIAL\_LOGOUT
+ USER.SLO\_REQUESTED
+ USER.SLO\_SUCCESS
+ USER.KERBEROS\_FAILED
+ USER.KERBEROS\_SUCCEEDED
+ DEVICE.ACTIVATION\_OTP\_FAILED
+ DEVICE.ACTIVATION\_OTP\_INVALID
+ DEVICE\_PAYLOAD.CHECK\_INVALID
+ DEVICE\_PAYLOAD.CHECK\_SUCCESS
+ OTP.CHECK\_FAILED
+ OTP.CHECK\_INVALID
+ OTP.CHECK\_SUCCESS
+ PASSWORD.CHECK\_FAILED
+ PASSWORD.CHECK\_SUCCEEDED
**实体管理**包含以下事件:
+ ACTION.CREATED
+ AGREEMENT.CREATED
+ AGREEMENT\_LANGUAGE.CREATED
+ AGREEMENT\_LANGUAGE\_REVISION.CREATED
+ APPLICATION.CREATED
+ AUTHORIZE\_POLICY.CREATED
+ CERTIFICATE.CREATED
+ DEVICE.CREATED
+ DEVICE\_AUTHENTICATION\_POLICY.CREATED
+ FIDO\_POLICY.CREATED
+ FLOW.CREATED
+ FLOW\_DEFINITION.CREATED
+ FLOW\_EXECUTION.CREATED
+ GROUP.CREATED
+ IDENTITY\_PROVIDER.CREATED
+ IDP\_ATTRIBUTE.CREATED
+ INSTANT\_MESSAGING\_DELIVERY\_SETTINGS.CREATED
+ KEY.CREATED
+ LICENSE.CREATED
+ NOTIFICATION.CREATED
+ NOTIFICATION\_POLICY.CREATED
+ ORGANIZATION.CREATED
+ POLICY.CREATED
+ RISK\_POLICY\_SET.CREATED
+ SAML\_ATTRIBUTE.CREATED
+ SCHEMA\_ATTRIBUTE.CREATED
+ SIGN\_ON\_POLICY\_ASSIGNMENT.CREATED
+ VERIFY\_POLICY.CREATED
+ CERTIFICATE.READ
+ KEY.READ
+ SECRET.READ
+ ACTION.UPDATED
+ ADMIN\_CONFIGURATION.UPDATED
+ AGREEMENT.UPDATED
+ AGREEMENT\_LANGUAGE.UPDATED
+ AGREEMENT\_LANGUAGE\_REVISION.UPDATED
+ APPLICATION.UPDATED
+ AUTHORIZE\_POLICY.UPDATED
+ CERTIFICATE.UPDATED
+ DEVICE.NICKNAME\_UPDATED
+ DEVICE.UPDATED
+ DEVICE\_AUTHENTICATION\_POLICY.UPDATED
+ FIDO\_POLICY.UPDATED
+ FLOW.UPDATED
+ FLOW\_DEFINITION.UPDATED
+ FLOW\_EXECUTION.UPDATED
+ GROUP.UPDATED
+ IDENTITY\_PROVIDER.UPDATED
+ IDP\_ATTRIBUTE.UPDATED
+ INSTANT\_MESSAGING\_DELIVERY\_SETTINGS.UPDATED
+ KEY.UPDATED
+ LICENSE.UPDATED
+ NOTIFICATION.UPDATED
+ NOTIFICATION\_POLICY.UPDATED
+ NOTIFICATIONS\_SETTINGS.UPDATED
+ ORGANIZATION.UPDATED
+ POLICY.UPDATED
+ RISK\_POLICY\_SET.ORDER\_UPDATED
+ RISK\_POLICY\_SET.UPDATED
+ SAML\_ATTRIBUTE.UPDATED
+ SCHEMA\_ATTRIBUTE.UPDATED
+ SECRET.UPDATED
+ SETTINGS.UPDATED
+ SIGN\_ON\_POLICY\_ASSIGNMENT.UPDATED
+ USER.QUOTA\_RESET
+ USER.UPDATED
+ VERIFY\_POLICY.UPDATED
+ ACTION.DELETED
+ AGREEMENT.DELETED
+ AGREEMENT\_LANGUAGE.DELETED
+ AGREEMENT\_LANGUAGE\_REVISION.DELETED
+ APPLICATION.DELETED
+ AUTHORIZE\_POLICY.DELETED
+ CERTIFICATE.DELETED
+ DEVICE.DELETED
+ DEVICE\_AUTHENTICATION\_POLICY.DELETED
+ FIDO\_POLICY.DELETED
+ FLOW.DELETED
+ FLOW\_DEFINITION.DELETED
+ GROUP.DELETED
+ IDENTITY\_PROVIDER.DELETED
+ IDP\_ATTRIBUTE.DELETED
+ INSTANT\_MESSAGING\_DELIVERY\_SETTINGS.DELETED
+ KEY.DELETED
+ LICENSE.DELETED
+ NOTIFICATION\_POLICY.DELETED
+ ORGANIZATION.DELETED
+ POLICY.DELETED
+ RISK\_POLICY\_SET.DELETED
+ SAML\_ATTRIBUTE.DELETED
+ SCHEMA\_ATTRIBUTE.DELETED
+ SIGN\_ON\_POLICY\_ASSIGNMENT.DELETED
+ VERIFY\_POLICY.DELETED
+ DEVICE.UNBLOCKED
+ DEVICE.BLOCKED
+ NOTIFICATION.REJECTED
+ DEVICE.ACTIVATED
+ DEVICE.LOCKED
+ DEVICE.UNLOCKED
+ ROLE.CREATED
+ ROLE.UPDATED
+ ROLE.DELETED