Open roman-peeters opened 5 months ago
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@roman-peeters That link requires an account. Are you able to share example logs/documentation for this topic?
@efd6 I see that they have moved the documentation. Normally this link should work: https://backstage.forgerock.com/docs/idcloud/latest/tenants/audit-debug-logs.html#source-descriptions
I made a screenshot of a relevant part:
The "idm-recon" audit event topic is similar to the "idm-sync" or "idm-core" topics which are already included for the integration.
Thanks @roman-peeters. Are you able to provide a small number of sanitised examples that we can use for testing?
According to the ForgeRock documentation there is an additional topic for audit events: idm-recon.
It would be an improvement to add these idm-recon events to the Elastic Integration similar as all the other topics are already included in the integration.