Integration with Kubernetes

LogSentinel SIEM can serve as a Kubernetes audit log backend. In order to send the audit logs, you have to configure your kubernetes cluster to send audit logs by specifying the --audit-webhook-config-file parameter. In the config file (which is a standard kubeconfig file) you have to specify:

• URL of the webhook - https://api.logsentinel.com/api/k8s/log?trailsApplicationId={ApplicationId}, where ApplicationId is obtained from the API Credentials page
• username and password for authentication - use your organizationId and secret from the API Credentials page

Here is an example webhook config file.