-
Notifications
You must be signed in to change notification settings - Fork 455
Added support for collecting audit logs via API #13972
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason to use HTTP JSON here? We would prefer to move to CEL if there is no concrete reason to use this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was not aware of that one. I'll get it switched over and fixed. Thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you
vars: | ||
preserve_original_event: true | ||
assert: | ||
hit_count: 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add final new line.
Also, testing should exercise pagination; at least a first, middle and end page, with the first and middle having more than one event.
] | ||
} | ||
`}} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
show_user: false | ||
description: >- | ||
Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -7,4 +7,4 @@ data_stream: | |||
symlinks: false | |||
|
|||
assert: | |||
hit_count: 1 | |||
hit_count: 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Final new line and pagination.
@@ -7,4 +7,4 @@ data_stream: | |||
symlinks: false | |||
|
|||
assert: | |||
hit_count: 1 | |||
hit_count: 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Final new line and pagination.
@@ -7,4 +7,4 @@ data_stream: | |||
symlinks: false | |||
|
|||
assert: | |||
hit_count: 1 | |||
hit_count: 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Final new line and pagination.
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
Proposed commit message
Added support for collecting audit logs from Turbine via the audit logs API endpoint.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Screenshots