SIEM Integration for Port's Audit log | Voters

SIEM Integration for Port's Audit log

Matar Peles

Some customers would like the option to automatically report Port's information to an external SIEM system for security concern. 
https://www.ibm.com/topics/siem#:~:text=Security%20information%20and%20event%20management,chance%20to%20disrupt%20business%20operations.
First and most important are the changes of Port's audit log

August 20, 2024

Guy Berman

Merged in a post:

Audit logs | Load to s3

Manyatha A R

2 days ago

Guy Berman

marked this post as

open

Guy Berman

marked this post as

planned

Guy Berman

marked this post as

exploring

Lucas Kenda

We also need to integrate the audit log with our SIEM. For other applications, this is typically achieved through webhooks or by exporting the data to an S3 bucket, from where it is collected and processed by the SIEM.

Matan Grady

Matar Peles can you share more context?

Guillaume Hanique

+1!
Right now a Data Source's Audit Log is clipped to 1000 records. For (health care FDA auditing) it could be useful to retain all Audit Logs to provide evidence that data is (ALCOA) Accurate and Complete.
("Useful", not "Required". The "O" in ALCOA stands for "Original": we always have the Original data that was ingested into Port that we could use to provide evidence that the data in Port is Complete and Accurate).

Manyatha A R

Loading the audit logs into S3 bucket.

This will be more helpful.