Integration with Kubernetes¶
LogSentinel SIEM can serve as a Kubernetes audit log backend. In order to send the audit logs, you have to configure your kubernetes cluster to send audit logs by specifying the --audit-webhook-config-file
parameter. In the config file (which is a standard kubeconfig file) you have to specfiy:
- URL of the webhook -
https://api.logsentinel.com/api/k8s/log?trailsApplicationId={ApplicationId}
, whereApplicationId
is obtained from the API Credentials page - username and password for authentication - use your
organizationId
andsecret
from the API Credentials page