Skip to main content

Workday Event Collector

This Integration is part of the Workday Pack.#

Supported versions

Supported Cortex XSOAR versions: 8.2.0 and later.

Use Workday Event Collector integration to get activity loggings from Workday. This integration was integrated and tested with API v1.

This is the default integration for this content pack when configured by the Data Onboarder in Cortex XSIAM.

Configure Workday Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Workday Event Collector.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
Server URL (e.g. https://WORKDAY-HOST/ccx/api/privacy/v1/TENANT_NAME)REST API Endpoint of Workday server. Can be obtained from View API Clients report in Workday applicationTrue
Token endpoint (e.g. https://WORKDAY-HOST/ccx/oauth2/TENANT_NAME/token)Token endpoint of the Workday server. Can be obtained from View API Clients report in Workday application.True
Client IDCopy the Client ID and Secret from the Register API Client for Integrations stage at Workday.True
Client SecretTrue
Refresh TokenNon-expiry Workday API refresh token.True
Trust any certificate (not secure)False
Use system proxy settingsFalse
First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
Max events per fetchThe maximum number of audit logs to retrieve for each event type. For more information about event types see the help section.False
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

workday-get-activity-logging#


Returns activity loggings extracted from Workday.

Base Command#

workday-get-activity-logging

Input#

Argument NameDescriptionRequired
limitThe maximum number of loggings to return.. Default is 1000.Optional
offsetThe zero-based index of the first object in a response collection. Default is 0.Optional
from_dateThe date and time of the earliest log entry. The default timezone is UTC/GMT. The time format is "{yyyy}-{mm}-{dd}T{hh}:{mm}:{ss}Z". Example: "2021-05-18T13:45:14Z" indicates May 18, 2021, 1:45PM UTC. Possible values are: .Required
to_dateThe time format is "{yyyy}-{mm}-{dd}T{hh}:{mm}:{ss}Z". Example: "2021-05-18T13:45:14Z" indicates May 18, 2021, 1:45PM UTC. Possible values are: .Required

Context Output#

There is no context output for this command.

Command example#

!workday-get-activity-logging limit=4 from_date=2023-04-24T07:00:00Z to_date=2023-04-24T08:00:00Z

Human Readable Output#

Activity Logging List:#

Activity ActionDevice TypeIp AddressRequest TimeSession IdSystem AccountTargetTask Display NameTask IdUser Activity Entry CountUser Agent
test_actiontest_device1.1.1.12023-04-24T07:00:00Ztest_session_id123id: 1234
descriptor: test_descriptor
href: test_href
test_display11234test_agent
test_actiontest_device1.1.1.12023-04-24T07:00:00Ztest_session_id123id: 1234
descriptor: test_descriptor
href: test_href
test_display21234test_agent
test_actiontest_device1.1.1.12023-04-24T07:00:00Ztest_session_id123id: 1234
descriptor: test_descriptor
href: test_href
test_display31234test_agent
test_actiontest_device1.1.1.12023-04-24T07:00:00Ztest_session_id123id: 1234
descriptor: test_descriptor
href: test_href
test_display41234test_agent