This processor allows entire log entries to be filtered from output. This is intended to assist with reducing output "noise" from vendors who do not allow filtering of audit events in a way that allows their customers to exclude certain events. This is especially useful for vendors such as Github, where Git audit events will contain log entries for interactions against public Git repositories by all Github users - but without actor information provided in these entries.
This pull-request also adjusts the log in the processor handler to allow additions and removals of entire log entries during processing, rather than just additions.
Overview
This processor allows entire log entries to be filtered from output. This is intended to assist with reducing output "noise" from vendors who do not allow filtering of audit events in a way that allows their customers to exclude certain events. This is especially useful for vendors such as Github, where Git audit events will contain log entries for interactions against public Git repositories by all Github users - but without actor information provided in these entries.
This pull-request also adjusts the log in the processor handler to allow additions and removals of entire log entries during processing, rather than just additions.