NinjaOne¶
About¶
NinjaOne is a cloud-based IT management platform designed to simplify and automate various tasks related to endpoint management, remote monitoring, and IT service delivery.
Product Details¶
Vendor URL: NinjaOne
Product Type: Monitoring
Product Tier: Tier III
Integration Method: Webhook
Log Guide: Activity Logs
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: NINJAONE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| activityResult | security_result.action |
| activityType | principal.resource.resource_subtype |
| data.message.changedSections | security_result.outcomes |
| data.message.code | metadata.product_event_type |
| data.message.params.appUserEmail | principal.user.email_addresses |
| data.message.params.appUserName | principal.user.user_display_name |
| data.message.params.clientId | target.user.product_object_id |
| data.message.params.clientId | target.resource.id |
| data.message.params.clientName | target.user.company_name |
| data.message.params.clientName | target.resource.name |
| data.message.params.ip | principal.ip |
| data.message.params.mfa | extensions.auth.auth_details |
| data.message.params.nodeDisplayName | target.hostname |
| data.message.params.nodeDisplayName | target.resource.name |
| data.message.params.nodeId | target.resource.id |
| data.message.params.policyId | target.resource.id |
| data.message.params.policyName | target.resource.name |
| data.message.params.policyName | security_result.rule_name |
| id | metadata.product_log_id |
| message | metadata.description |
| status | security_result.summary |
| statusCode | security_result.action_details |
| userId | principal.user.userid |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| audit_app_user_logged_in | USER_LOGIN |
| audit_node_deleted | RESOURCE_DELETION |
| audit_organization_updated | USER_RESOURCE_UPDATE_CONTENT |
| audit_policy_updated | SETTING_MODIFICATION |
| device_registered | RESOURCE_CREATION |
Log Sample¶
{"activityResult":"SUCCESS","activityTime":1728508861.638528,"activityType":"SYSTEM","data":{"message":{"code":"audit_node_deleted","params":{"appUserEmail":"john.doe@example.io","appUserId":"1","appUserName":"john doe","clientId":"2","clientName":"example","nodeDisplayName":"IAMABC123DEVICE","nodeId":"421"}}},"id":134919,"message":"Device 'IAMABC123DEVICE' deleted.","status":"Device Deleted","statusCode":"NODE_DELETED","type":"System","userId":1}
Sample Parsing¶
metadata.description = "Device 'IAMABC123DEVICE' deleted."
metadata.event_type = "RESOURCE_DELETION"
metadata.log_type = "NINJAONE"
metadata.product_event_type = "audit_node_deleted"
metadata.product_log_id = "134919"
metadata.vendor_name = "NinjaOne"
principal.resource.resource_subtype = "SYSTEM"
principal.user.email_addresses = "john.doe@example.io"
principal.user.user_display_name = "john doe"
principal.user.userid = "1"
security_result.action_details = "NODE_DELETED"
security_result.action = "ALLOW"
security_result.summary = "Device Deleted"
target.hostname = "IAMABC123DEVICE"
target.resource.id = "421"
target.resource.name = "IAMABC123DEVICE"
target.resource.resource_type = "DEVICE"
target.user.company_name = "example"
target.user.product_object_id = "2"