Configure JumpCloud Directory Insights for Arctic Wolf monitoring

You can configure JumpCloud Directory Insights® to send the necessary logs to Arctic Wolf® for security monitoring.

Note: Complete these steps for each organization that you want Arctic Wolf to monitor.

These resources are required:

  • An administrator account with the Administrator with Billing role in the JumpCloud Admin Portal.

Optional: Generate an API key

If you do not already have a JumpCloud API key, generate one.

  1. Sign in to the JumpCloud Admin Portal.
  2. In the navigation menu, click your profile icon, and then click My API Key.
  3. In the API Key window, in the Expiration Date section, select Custom, and then in the Days field, enter 365.
    Make sure to copy the expiration date.

    You will provide this value to Arctic Wolf later.

  4. Click Generate New API Key.
  5. Copy the API key, and then save it in a safe, encrypted location.

    The API key begins with the prefix jca_.

    You will provide this value to Arctic Wolf later.

Verify Directory Insights status

  1. In the JumpCloud Admin Portal, click Settings > Features .
  2. In the Insights section, make sure that Directory Insights is enabled.
    If Directory Insights is not enabled, contact your account manager or JumpCloud support at directoryinsights@jumpcloud.com to enable the feature before proceeding to the next step.

Identify an organization ID

  1. In the JumpCloud Admin Portal, click Settings, and then click Organization Profile.
  2. Copy the Organization ID value, and then save it in a safe, encrypted location.

    You will provide this value to Arctic Wolf later.

Provide JumpCloud credentials to Arctic Wolf

Note:
  • Time-based events are polled with a delay to make sure that data is available. For new deployments, Arctic Wolf begins polling and reviewing activity from approximately one hour prior to configuration success. If API credentials fail, for example due to expired credentials, Arctic Wolf notifies you and requests a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage.
  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click JumpCloud Directory Insights.
  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • API Key — Enter the API key from Optional: Generate an API key.
    • Org ID — Enter the organization ID from Identify an organization ID.
    • API URL — Select the URL that matches the region of your dashboard. If you do not know the region of your dashboard, select https://api.jumpcloud.com.

    • Credential Expiry — Enter the credential expiration date, if applicable.

  6. Click Test and submit credentials.