New Capability: Non-Employee Risk Management - Audit History APIs

jeff_lakey · October 1, 2024, 7:01pm

Description

SailPoint® is excited to announce the availability of Non-Employee Risk Management’s new Profile, Workflow, and Configuration Audit History APIs, providing customers the ability to integrate with Security Information and Event Management (SIEM) and Business Intelligence tools.

In order to provide data to auditors and maintain a strong security posture, customers need the ability to extract audit history for Non-Employee Risk Management profiles and workflows. Previously, customers could only pull this data from the Non-Employee Risk Management UI. With this new capability, customers will have access to this data, and be able to filter it, via the Profile, Workflow, and Configuration Audit History APIs.

Problem

The API endpoints for Non-Employee Risk Management Profile, Workflow, and Configuration History were not exposed, so customers could only pull this data via the UI. Additionally, Profile history can only be viewed on a single profile at a time. Customers and Prospects have common requirement for HR applications to be able to integrate with SIEM tools, such as Splunk, and the most common way of doing this is via REST API.

Solution

Non-Employee Risk Management has created new API endpoints for Profile, Workflow, and Configuration history. Exposing these endpoints, and providing filtering capabilities, allows customers to write integrations with their existing SIEM or Business Intelligence tools, and ensure their non-employee data is easily reflected in their existing security and audit practices.

High-Level Capabilities

Profile History API:

Allows filtering on Profile event API requests
- Profile attributes (what was updated)
- Event date and time
- Performer
- Profile contributors
- Profile owners
Can request Profile event data for all Profiles–not limited to a single Profile

Workflow History API:

Allows filtering on Workflow event API requests
- Attributes
  - Profile attribute values that are updated during a workflow, includes previous and new values of attribute
- Workflow session status
  - Dates (created, updated)
  - Pending approval
  - Completed
  - Failed
- Approval Data
  - Decision
  - Approval dates
  - Approvers

Configuration History API:

Allows filtering by
- User history
  - All changes made by a specific user
- Workflow definitions
- Attribute definitions

Who is affected?

The new Profile, Workflow, and Configuration History APIs are available for all Non-Employee Risk Management customers.

Action Required

We encourage customers to begin using the new Audit History APIs to easily capture the Profile, Workflow, and Configuration history they need and for integration with their SIEM or BI tools of choice.

Important Dates

Production: September 30, 2024

Additional Resources

Non-Employee Risk Management Announcements

Topic		Replies	Views
Enhancement: Scalable Audit Data in Non-Employee Risk Management Product News identity-security-cloud , nerm , new-enhancement	0	69	August 5, 2024
New Capability: Non-Employee Risk Management Connector for Identity Security Cloud Product News identity-security-cloud , new-capability , non-employees	3	978	May 10, 2024
Non-Employee Risk Management in a flash Events nerm , livestream	6	1256	December 5, 2024
Non-Employee Management API capabilities for profile management Video Library identity-security-cloud , developer-days-2024-isc , developer-days	0	243	March 25, 2024
New Enhancement: Improved Performance and UI for Profile Tables in Non-Employee Risk Management Product News new-enhancement , non-employees	0	294	April 1, 2024