MondayEventCollector
#
This Integration is part of the Monday Pack.Supported versions
Supported Cortex XSOAR versions: 8.3.0 and later.
Collects Monday.com audit logs and activity events for Cortex XSIAM.
#
Required PermissionsTo use this integration, the following permissions are required on the Monday.com app.
boards:read
#
Activity logCan be accessed using the OAuth method.
Create your Monday app guidelines and make sure the needed permissions are granted for the app registration: Required scope - boards:read The Redirect URI - https://localhost
Enter your Client ID and Client Secret in the instance parameter fields.
Run the !monday-generate-login-url command in the War Room and follow the instructions:
To sign in, click the login URL and grant Cortex XSIAM permissions. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE®ion=REGION&scope=boards%3Aread&state=
Copy the AUTH_CODE (without the code= prefix) and paste it in your instance configuration under the Authorization code parameter.
Save the instance. In the Playground, run the !monday-auth-test command. A 'Success' message is generated.
#
Audit logGenerating the API token To generate the audit log API token, access the admin section of your account, click the "Security" section, and then the "Audit" tab. From there, select the "Monitor by API" button and copy it.
Audit log is an advanced security feature and available on the Enterprise plan and can only be accessed by the account admin.
#
Configure MondayEventCollector in CortexParameter | Description | Required |
---|---|---|
Activity logs Server URL | False | |
Client ID | False | |
Client secret | False | |
Authorization code | The code received from the redirect URL after running monday-generate-login-url command. (needed for Activity Logs only) | False |
Board IDs | Comma separated list of board IDs. (needed for Activity Logs only) | False |
Events Fetch Interval | False | |
Maximum number of Activity Logs per board per fetch | False | |
Audit Server URL | False | |
Audit API token | In the Admin section of your account, click the 'Security' section and then the 'Audit' tab. Select the 'Monitor by API' button. | False |
Maximum number of Audit Logs per fetch | False | |
Fetch events | False | |
Event types | True | |
Trust any certificate (not secure) | False | |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
monday-generate-login-urlGenerate the login url used for Authorization code flow.
#
Base Commandmonday-generate-login-url
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
Command Example!monday-generate-login-url
#
Human Readable Output#
Authorization instructions
- To sign in, click the login URL and grant Cortex XSIAM permissions. You will be automatically redirected to a link with the following structure:
REDIRECT_URI?code=AUTH_CODE®ion=REGION&scope=boards%3Aread&state=
- Copy the
AUTH_CODE
(without thecode=
prefix) and paste it in your instance configuration under the Authorization code parameter.
#
monday-auth-testRun this command to test the connectivity to Monday.
#
Base Commandmonday-auth-test
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
Command Example!monday-auth-test
#
Human Readable Output✅ Success!