# AQUILA - Setup Integration from Auth0

### <span style="color: rgb(53, 152, 219);">**Auth0 Integration Guide**</span>

Integrate **Auth0** to ingest identity-related logs such as login attempts, user authentications, MFA usage, and blocked requests to support identity threat detection and correlation.

#### <span style="color: rgb(53, 152, 219);">**Credentials &amp; API Access Setup (Auth0)**</span>

Before setting up the integration, create a Machine-to-Machine application in Auth0 to collect logs via API.

##### **Steps**:

1. **Log in to Auth0 Dashboard**
    
    
    - Go to [https://auth0.com](https://auth0.com)
2. **Create a Machine-to-Machine Application**
    
    
    - Navigate to **Applications → Applications**
    - Click **Create Application**
        
        
        - Enter a name
        - Choose the type: **Machine to Machine**
    - Click **Create**
3. **Authorize the Auth0 Management API**
    
    
    - When prompted, select **Auth0 Management API**
    - Grant the required scopes depending on the data you want to collect: 
        - **Login Activity: `read:logs`, `read:users`**
        - **MFA Logs: `read:logs`**
        - **Failed Logins: `read:logs`**
        - **User Access Logs:<span style="mso-tab-count: 1;"> `read:logs`, `read:users`</span>**
    - Click **Authorize**
4. **Get the Required Credentials**
    
    
    - Go to **Applications → Applications**
    - Select your created app
    - Go to the **Settings** tab
    - Copy the following values: 
        - **Client ID**: Used for authentication
        - **Client Secret**: Used with Client ID for API access
        - **Auth0 Domain**: Your tenant domain (e.g., your-tenant.us.auth0.com)
        - **Base URL**: Your Auth0 API base URL (e.g., https://your-tenant.us.auth0.com) — same as Domain but with https:// prefix)
5. **These values will be entered into the integration form required on Aquila**

#### <span style="color: rgb(53, 152, 219);">**Permissions Reference (Auth0 M2M App)**</span>

Ensure the app is granted the following scopes from the **Auth0 Management API**:

<div class="_tableContainer_80l1q_1" id="bkmrk-data-stream-scope-re"><div class="_tableWrapper_80l1q_14 group flex w-fit flex-col-reverse" tabindex="-1"><table border="1" class="w-fit min-w-(--thread-content-width)" data-end="3411" data-start="2868" style="width: 99.1667%; border-collapse: collapse; border-style: solid;"><thead data-end="2957" data-start="2868"><tr data-end="2957" data-start="2868"><th data-col-size="sm" data-end="2890" data-start="2868" style="width: 30.8821%;">Data Stream</th><th data-col-size="sm" data-end="2920" data-start="2890" style="width: 34.0218%;">Scopes Required</th><th data-col-size="sm" data-end="2957" data-start="2920" style="width: 35.0962%;">Why Needed</th></tr></thead><tbody data-end="3411" data-start="3048"><tr data-end="3138" data-start="3048"><td data-col-size="sm" data-end="3071" data-start="3048" style="width: 30.8821%;">**Login Activity**</td><td data-col-size="sm" data-end="3101" data-start="3071" style="width: 34.0218%;">`read:logs`, `read:users`</td><td data-col-size="sm" data-end="3138" data-start="3101" style="width: 35.0962%;">View login records and user info</td></tr><tr data-end="3229" data-start="3139"><td data-col-size="sm" data-end="3162" data-start="3139" style="width: 30.8821%;">**MFA Logs**</td><td data-col-size="sm" data-end="3192" data-start="3162" style="width: 34.0218%;">`read:logs`</td><td data-col-size="sm" data-end="3229" data-start="3192" style="width: 35.0962%;">Pull logs related to MFA events</td></tr><tr data-end="3320" data-start="3230"><td data-col-size="sm" data-end="3253" data-start="3230" style="width: 30.8821%;">**Failed Logins**</td><td data-col-size="sm" data-end="3283" data-start="3253" style="width: 34.0218%;">`read:logs`</td><td data-col-size="sm" data-end="3320" data-start="3283" style="width: 35.0962%;">Detect login failure events</td></tr><tr data-end="3411" data-start="3321"><td data-col-size="sm" data-end="3344" data-start="3321" style="width: 30.8821%;">**User Access Logs**</td><td data-col-size="sm" data-end="3374" data-start="3344" style="width: 34.0218%;">`read:logs`, `read:users`</td><td data-col-size="sm" data-end="3411" data-start="3374" style="width: 35.0962%;">Track user sessions &amp; activity</td></tr></tbody></table>

</div></div>####  

#### <span style="color: rgb(53, 152, 219);">**Aquila Integration Configuration**</span>

##### **AQUILA – Auth0 Integration**

**1.** Log in to AQUILA click here - **[CyTech - AQUILA](https://cytechint.io/)**. Choose **Cyber Monitoring** and click the **small arrow icon** to redirect you to the Cyber Monitoring Dashboard.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/scaled-1680-/pvtVUycKNLpiyZFP-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/pvtVUycKNLpiyZFP-image.png)

2\. In the dashboard, choose **Cyber Incident Management (SIEM and XDR)**.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/scaled-1680-/i68EMO7YfIStKeyl-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/i68EMO7YfIStKeyl-image.png)

3\. Navigate through the top left icon and click the Collapse/Expand button.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/scaled-1680-/llqjBgJ5b1dlLdh8-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/llqjBgJ5b1dlLdh8-image.png)

4\. Navigate the "**Cyber Incident Monitoring"** then hover the **"Cyber Incident Management"** till you see the settings.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/scaled-1680-/z4rUEJDEBmsHf9kd-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/z4rUEJDEBmsHf9kd-image.png)

5\. Click the "**Settings** and Navigate through **Settings&gt;Log Source&gt;Search Bar (Search the Source to Add)&gt;Add to Agent**.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/scaled-1680-/qMBu98h6WaqojM41-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/qMBu98h6WaqojM41-image.png)

6\. Choose your **Log Collector**. *(If you not yet installed your **Log Collector** please refer to this link -* [**Log Collector** **Installation.**](https://docs.cytechint.io/books/log-collector-installations))

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/scaled-1680-/1VIERSAN80moG8fG-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/1VIERSAN80moG8fG-image.png)

**7. In the integration settings follow the instructions given below.**

- Click the **drop arrow** to display the contents needed for the integration setup.
- Choose the Integration between **via Webhooks** or **API requests.**

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/scaled-1680-/ykuDBJDprHeuotlo-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/ykuDBJDprHeuotlo-image.png)

- Scroll down and go to the Auth0 Logs section.
- This one is for **Log** **Events via Webhooks**. Enter the required fields **Local Address, Listen Port,** and **Webhook Path**

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/scaled-1680-/mhLQQNTaU7n192Uu-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/mhLQQNTaU7n192Uu-image.png)

- This one is for **Log Events via API Requests**. Input the credentials: **Base** **URL,** **Client ID and the Client Secret Value**.
- Finally, click **Next** to install the log source integration.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/scaled-1680-/c4h9UGcTveuXoV6W-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-07/c4h9UGcTveuXoV6W-image.png)

8\. Wait for the **Successful** window to display, this will confirm the successful integration.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/scaled-1680-/CNFzJRIuFuvZIEdI-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/CNFzJRIuFuvZIEdI-image.png)

*If you need further assistance, kindly contact our support at* ***support@cytechint.com*** *for prompt assistance and guidance.*