Security Event Token
This SCIM server is configured to emit Security Event Tokens (SET). A SET is a JSON Web Token (JWT) that represents a security event in a standardized format. It is defined in RFC8417.
A SET contains information about the security event, such as the event type, timestamp, subject, and additional context. It is used for auditing, monitoring, and analyzing security-related activities within a system.
Specifically for SCIM, the SCIM Profile for Security Event Tokens defines how SET tokens in a SCIM environment should be structured.
Retrieve Events
To retrieve events, you can make a GET request to the /events
endpoint. This will return a list of recent security events. This endpoints implements (parts of) RFC8936: Poll-Based Security Event Token (SET) Delivery Using HTTP.
The request can include the following parameters:
ack: A list of event identifiers
maxEvents: This is the maximum number of events that the server will return in a single response.
shouldReturnImmediately: This is a boolean value that determines whether the server should return immediately if there are no events to retrieve. This server only supports
true
.
Ackknowledge Events
After processing the SETs, the SET Recipient acknowledges received SETs and can poll for more.