Q: Nice work on the new System Log report, Okta, but I'm not satisfied. What's next?
Good question, demanding customer. We have big plans for this capability:
1 – More event types. We'll convert more legacy events to this new engine, then continue to add more event types going forward.
2 – The ability to save reports. Pro tip: You can bookmark specific queries in your browser and revisit them via the bookmark.
3 – Much more.. We're far from done here, so stay tuned.
Q: I'm a developer, can I consume the System Log via APIs?
Soon. We're working on a new version of the Okta Events API which exposes the new analytics events model via a REST interface.
Q: I'm a security professional, can I integrate this feed with my SIEM?
See previous question. Once the APIs are complete, vendors and customers can use them to integrate with your SIEM or other third party security tool, just like some have already done on the v1 Events API.
Q: Is the object model documented somewhere? I want to know all of the possibilities.
Not currently, as we are still working on migrating some of the legacy events. But we will publish that soon.
Q: Is there a limit to how many logs are displayed in my report? I read somewhere I can only see the last 1000 logs, is that true?
There is no limit to the number of records that are displayed.
Q: Where can I read more?
You can find additional information at these KB articles on the Community. You can also send your content requests to firstname.lastname@example.org