Log when scheduled queries are denylisted to TLS logger - Githubissues

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

https://fleetdm.com

Other

3.09k stars 426 forks source link

Log when scheduled queries are denylisted to TLS logger #17493

Open noahtalerman opened 7 months ago

noahtalerman commented 7 months ago

Goal

User story
As an endpoint operator,
I want to logs when scheduled queries are denied to be sent to the TLS logger
so that I can pipe these logs into my SIEM or log aggregation tool.

Context

Product designer: TODO

Here's a related osquery issue: osquery/osquery#6790

Changes

Product

[ ] UI changes: TODO
[ ] CLI usage changes: TODO
[ ] REST API changes: TODO
[ ] Permissions changes: TODO
[ ] Outdated documentation changes: TODO
[ ] Changes to paid features or tiers: TODO

Engineering

[ ] Database schema migrations: TODO
[ ] Load testing: TODO

ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

Requires load testing: TODO
Risk level: Low / High TODO
Risk description: TODO

Manual testing steps

Step 1
Step 2
Step 3

Testing notes

Confirmation

[ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
[ ] QA (@____): Added comment to user story confirming successful completion of QA.

noahtalerman commented 7 months ago

Hey @Patagonia121, heads up, we discussed this request at feature fest.

We decided not to draft this one in the upcoming design sprint (4.49).

Removing from feature fest board.