Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate the Audit Log with common SIEM systems #2580

Open
evilaliv3 opened this issue May 31, 2019 · 2 comments
Open

Integrate the Audit Log with common SIEM systems #2580

evilaliv3 opened this issue May 31, 2019 · 2 comments

Comments

@evilaliv3
Copy link
Member

This ticket is to discuss the possibilities of integration of the Globaleaks audit log (#2579) with external SIEM systems via the most common data formats (e.g CEF/LEEF/Syslog).

It would be valuable to identify the main python libraries and evaluate which are the most useful that could export/convert between the main formats.

@evilaliv3
Copy link
Member Author

@aetdr: would you please annotate here your current analysis of the possibilities of integrating GlobaLeaks with a generic SIEM system?

Expecially i'm interested to know if you can share:

  • which kind of SIEM are you trying to integrate?
  • how are you considering to integrate it?
  • is there any change that we could apply to globaleaks that would help you integrating it your SIEM system that is general enough and that you consider would help other possible integrations?

@aetdr
Copy link

aetdr commented Mar 21, 2022

Hi @evilaliv3

Our SIEM is managed by some other people.
I know it is based on ELK stack.

I believe inhouse implementation, based on plain open-source components.
They plan to use SQLite plugin, I believe it is this one : https://www.elastic.co/guide/en/logstash/current/plugins-inputs-sqlite.html

I will keep you posted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants