Audit logs to NSS

audit
nss
(Lmay) #1

Hello,
There is an existing ER for this feature already, but we really need an ETA for steaming Audit logs to NSS.

Thank you

(Lidor Pergament) #2

Hi @Lmay,

There is no ETA for delivering this capability via NSS. Our current recommendation for customers is to use the Audit Log APIs to retrieve the logs and push them into your SIEM environment using the SIEM’s ingestion API/SDK. We recently launched in beta an update to our Splunk App that takes of this in Splunk environments. Adding @skottieb to share more details.

1 Like
(Scott Bullock) #3

Hi @Lmay,
As per @lpergament’s note, we’re on the cusp (in final beta now) of launching a new Splunk integration that leveraged the existing Audit Log retrieval solution via our API. This will also include some reusable python code, making the retrieval and parsing of the Admin Audit logs super simple and adaptable for many systems, not just Splunk.

What do you use today for log collection and storage? Feel free to DM if if you’d prefer to discuss privately.

Cheers,
@skottieb

1 Like