Configure JumpCloud Directory Insights for Arctic Wolf monitoring

You can configure JumpCloud Directory Insights® to send the necessary logs to Arctic Wolf® for security monitoring.

Note: This is an early access (EA) integration. It is not publicly available. If you are interested in joining the EA program, reach out to your Concierge Security® Team (CST).

These resources are required:

  • An administrator account with the Administrator with Billing role in the JumpCloud Admin Portal.

Create a JumpCloud administrator account

  1. Sign in to the JumpCloud Admin Portal with an administrator account that has the Administrator with Billing role.
    Note: If you prefer to create a new administrator from an existing user, see Assigning an Admin Role to a User.
  2. In the navigation menu, click Administrators.
  3. Click +, and then click As New.
  4. In the Create New Administrator window, on the Details tab, configure these settings:
    • First Name — Enter the first name of the user.
    • Last Name — Enter the last name of the user.
    • Administrator Email Address — Enter the email address of the user.
    • Optional: If your organization requires multi-factor authentication, select the Require Multi-Factor Authentication checkbox.
  5. In the Create New Administrator window, on the Permissions & Access tab, configure these settings:
    • Role — Select Read Only from the list.
    • API Access — Select Enable API Access.
    • Organization Access — Select All, or select the organization whose logs you want to share with Arctic Wolf.
  6. Click Save.
    The user is sent an email that contains a URL to set up an initial password. Follow the instructions in the email to complete account setup.

Generate an API key

  1. Sign in to the JumpCloud Admin Portal with the administrator account that you created in Create a JumpCloud administrator account.
  2. In the navigation menu, click your profile icon, and then click My API Key.
  3. In the API Key window, in the Expiration Date section, select Custom, and then in the Days field, enter 365.
    Make sure to copy the expiration date.

    You will provide this value to Arctic Wolf later.

  4. Click Generate New API Key.
  5. Copy the API key, and then save it in a safe, encrypted location.

    You will provide this value to Arctic Wolf later.

Verify Directory Insights status

Note: You must repeat this step for each organization that you want Arctic Wolf to monitor.
  1. Sign in to the JumpCloud Admin Portal with the administrator account that you created in Create a JumpCloud administrator account.
  2. In the navigation menu, click Organizations.
  3. In the row for the organization that you want to verify, click Launch.
  4. Click Settings.
  5. On the Settings page, click the Features tab.
  6. In the Insights section, confirm that Directory Insights is enabled.
    If Directory Insights is not enabled, contact your account manager or JumpCloud support to enable the feature before proceeding to the next step.

Identify an organization ID

Note: You must repeat this step for each organization that you want Arctic Wolf to monitor.
  1. Sign in to the JumpCloud Admin Portal with the administrator account that you created in Create a JumpCloud administrator account.
  2. In the navigation menu, click Organizations.
  3. In the row for the organization that you want to check, click Launch.
  4. Click Settings.
  5. On the Settings page, click the Organization Profile tab.
  6. In the General section, copy the Organization ID value, and then save it in a safe, encrypted location.

    You will provide this value to Arctic Wolf later.

Provide JumpCloud credentials to Arctic Wolf

Note:
  • Time-based events are polled with a delay to make sure that data is available. For new deployments, Arctic Wolf begins polling and reviewing activity from approximately one hour prior to configuration success. If API credentials fail, for example due to expired credentials, Arctic Wolf notifies you and requests a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage.
  • You must repeat this step for each organization that you want Arctic Wolf to monitor.
  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click JumpCloud Directory Insights.
  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • API Key — Enter the API key from Generate an API key.
    • Org ID — Enter the organization ID from Identify an organization ID.
    • API URL — Select the URL that matches the region of your dashboard. If you do not know the region of your dashboard, select https://api.jumpcloud.com.
    • Credential Expiry — Enter the expiry date that you set in Generate an API key.
  6. Click Test and submit credentials.