Skip to main content

MondayEventCollector

This Integration is part of the Monday Pack.#

Supported versions

Supported Cortex XSOAR versions: 8.3.0 and later.

Collects Monday.com audit logs and activity events for Cortex XSIAM.

Required Permissions#

To use this integration, the following permissions are required on the Monday.com app.

  • boards:read

Activity log#

Activity log API docs

Can be accessed using the OAuth method.

Create your Monday app guidelines and make sure the needed permissions are granted for the app registration: Required scope - boards:read The Redirect URI - https://localhost

Enter your Client ID and Client Secret in the instance parameter fields.

Run the !monday-generate-login-url command in the War Room and follow the instructions:

To sign in, click the login URL and grant Cortex XSIAM permissions. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE®ion=REGION&scope=boards%3Aread&state=

Copy the AUTH_CODE (without the code= prefix) and paste it in your instance configuration under the Authorization code parameter.

Save the instance. In the Playground, run the !monday-auth-test command. A 'Success' message is generated.

Audit log#

Audit log API docs

Generating the API token To generate the audit log API token, access the admin section of your account, click the "Security" section, and then the "Audit" tab. From there, select the "Monitor by API" button and copy it.

Audit log is an advanced security feature and available on the Enterprise plan and can only be accessed by the account admin.

Configure MondayEventCollector in Cortex#

ParameterDescriptionRequired
Activity logs Server URLFalse
Client IDFalse
Client secretFalse
Authorization codeThe code received from the redirect URL after running monday-generate-login-url command. (needed for Activity Logs only)False
Board IDsComma separated list of board IDs. (needed for Activity Logs only)False
Events Fetch IntervalFalse
Maximum number of Activity Logs per board per fetchFalse
Audit Server URLFalse
Audit API tokenIn the Admin section of your account, click the 'Security' section and then the 'Audit' tab. Select the 'Monitor by API' button.False
Maximum number of Audit Logs per fetchFalse
Fetch eventsFalse
Event typesTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

monday-generate-login-url#


Generate the login url used for Authorization code flow.

Base Command#

monday-generate-login-url

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!monday-generate-login-url

Human Readable Output#

Authorization instructions#

  1. To sign in, click the login URL and grant Cortex XSIAM permissions. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&region=REGION&scope=boards%3Aread&state=
  2. Copy the AUTH_CODE (without the code= prefix) and paste it in your instance configuration under the Authorization code parameter.

monday-auth-test#


Run this command to test the connectivity to Monday.

Base Command#

monday-auth-test

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!monday-auth-test

Human Readable Output#

✅ Success!