# AQUILA - Digital Guardian Integration
##### Integrating **Digital Guardian (DG)** with **AQUILA** for security log ingestion typically involves exporting logs from DG and then parsing and ingesting them into **AQUILA.**
##### **Digital Guardian** is a Data Loss Prevention **(DLP)** and endpoint protection tool. It logs:
- ##### Data access
- ##### File operations (copy, move, print, etc.)
- ##### Application usage
- ##### User behavior analytics
##### **Goal:** Extract these logs and ingest them into **AQUILA** to enable searching, visualization, and alerting.
##### **Digital Guardian**'s native integration with **Aquila Agent** requires:
- ##### ARC Server URL
- ##### Authorization Server URL
- ##### ARC Export Profile ID
- ##### Client ID
- ##### Client Secret
##### Working with the **Digital Guardian ARC Cloud API** (Advanced Reporting & Correlation), which is used to export events via a secure API.
##### **Steps on getting the required information before integrating it to AQUILA**
##### **1. ARC Server URL**
- ##### This is the base URL for the **Digital Guardian ARC cloud instance**.
- ##### It looks like:
- ##### **https://arc.digitalguardian.com**
- ##### Sometimes it's region-specific (e.g., EU or US ARC instance).
##### **2. Authorization Server URL**
- ##### This is the OAuth2 token server used for authenticating API calls.
- ##### It may look like:
- ##### **https://auth.digitalguardian.com**
- ##### Or it may be included in your API documentation.
##### **3. ARC Export Profile ID**
- ##### This is a **profile ID** that determines which logs (event types, time windows, etc.) are exported via the API.
- ##### It is **configured by a DG admin** inside the **DG Management Console** under the **ARC export profiles** section.
- ##### Steps for the DG Admin:
- ##### Log in to the **Digital Guardian Console**.
- ##### Go to **ARC > Export Profiles**.
- ##### Create or view an export profile with appropriate filters.
- ##### Copy the **Export Profile ID** from the profile details.
##### **4. Client ID & Client Secret**
- ##### These are **OAuth2 credentials** used to authenticate your API access.
- ##### Generated via the **API client registration** feature in the DG admin interface.
- ##### Steps for the DG Admin:
- ##### Log into the **Digital Guardian ARC Console**.
- ##### Navigate to **ARC > API Clients / Applications**.
- ##### Register a new application.
- ##### Assign the **Export Profile ID**.
- ##### Set appropriate scopes (usually “read:events”).
- ##### A **Client ID** and **Client Secret** will be generated.
- ##### **IMPORTANT:** The **Client Secret** is shown **only once**, so it must be secure.
##### **Sample Information needed from DG Admin**
##### **Integration to AQUILA**
##### 1. Log in to **CyTech - AQUILA.** Choose **Cyber Monitoring -> Cyber Incident Management -> Settings.**
##### 2. Click **Log Source.** In the text box type **Digital Guardian,** the log source will show up and click the **Add to Agent.**
##### 3. Choose the **Log Collector** name you installed. Click the **+** sign.
##### 4. Enable the **Collect Digital Guardian logs via API.**
##### 5. Paste the information you gather on each text box. **ARC Server URL, Authorization Server URL, ARC Export Profile ID** and **Client ID.** Then scroll down.
##### 6. Paste the information you gather on each text box. **Client Secret,** then click the **Tags** text box, it will show 2 tags you will need to add.
##### 7. Then click **Next** so that the integration will process the information you inputted.
##### 8. Wait for the **Successful** window to display, this will confirm the successful integration.
*If you need further assistance, kindly contact our support at **support@cytechint.com** for prompt assistance and guidance.*