What options are there for sending the Activity logs to a SIEM tool, i.e Splunk, QRadar, etc?

We are using QRadar for our SIEM tool and would like to send the Activity logs to QRadar for analysis and storage.  What options are available to accomplish this?

Best Answer

  • Jaketh13
    Jaketh13

    domo

    💎

    Answer ✓

    @user08521 There's no other way to set up scheduled exports of that data from Domo. I should also let you know that I've been informed that there are changes being made to DomoMetrics and they are temporarily unavailable to be requested. That said, you could call whatever data you need through the API still, you will just need to specify what data you are looking for.


    Thanks,
    Jake
    **Say "Thanks" by clicking the "heart" in the post that helped you.
    **Please mark the post that solves your problem by clicking on "Accept as Solution"

Answers

  • Is anyone able to help out with this request?

  • @user08521 If time sensitivity is not an issue, then you could just export the Activity log manually every once in a while. It will give you a CSV or excel file with the information you need.

     

    If you want it to run regularly to keep the info up to date, you can set up the DomoMetrics DataSets on your instance (by going to the Appstore and selecting the set of metrics that give you the info you need). You can then request the data you need through Domo's API. You can find out more about calling Domo's API here: https://developer.domo.com/docs/dataset/overview-5

     

    Let me know if this kind of solution is what you were looking for.


    Thanks,
    Jake
    **Say "Thanks" by clicking the "heart" in the post that helped you.
    **Please mark the post that solves your problem by clicking on "Accept as Solution"
  • Time sensitivity is an issue, for compliance purposes I need logs to be as near real time as I can make them.  What information is available in the DomoMetrics DataSets?

  • There are quite a few metrics available. Here's a list of the names of the DataSets generated to give you an idea:

     


    Thanks,
    Jake
    **Say "Thanks" by clicking the "heart" in the post that helped you.
    **Please mark the post that solves your problem by clicking on "Accept as Solution"
  • Thank you for that information, I'll have to look into those.  Do you know if there are any options other than API pulls?

  • Thanks!!

  • jstan
    jstan Dallas, TX 🟠

    Hi @user08521, you can actually export the activity log using the Domo API.  You can find additional information here: https://developer.domo.com/docs/activity-log-api-reference/activity-log.  The dataset is called audit.  If you do not have experience using the Domo API, you can find tutorials here: https://developer.domo.com/docs/dataset/import-and-export-data.