compliantkubernetes icon indicating copy to clipboard operation
compliantkubernetes copied to clipboard

Published 20 hours ago verified publisher icon elastisys

[0] Audit log to external software

Open raviranjanelastisys opened this issue 1 year ago • 1 comments

Describe the issue

Based on the arch decision , we decided there should be some public documentation how to push audit logs to an external software (QRadar or other tools) so that they have to be able to detect intrusion or suspicious behavior.

We decided users can pull themselves from opensearch . Please refer below links for more details.

https://github.com/opensearch-project/logstash-input-opensearch which perhaps helps you ingest from opensearch and then output to syslog format: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-syslog.html

Definition of Done Public documentation describe how users can pull themselves from opensearch.

raviranjanelastisys avatar May 24 '23 14:05 raviranjanelastisys

testing still in progress

crssnd avatar Dec 18 '23 09:12 crssnd