Coralogix complements Alcide kAudit by creating one pane of glass through which DevSecOps as well as other teams like engineering and CS can view logs from different parts of the infrastructure in a consolidated way. Beyond just visualizing the data, Coralogix gives all these teams powerful analysis tools and helps identify correlations between applications and components events using ML-techniques.
Coralogix can also put logs in the context of the application’s lifecycle in the CI/CD process – allowing you to assess the impact of every change to your infrastructure.
The end result is faster problem identification and time to resolution.
kAudit can send two log categories to Coralogix:
Alcide kAudit findings are streamed to Coralogix enabling them to be analyzed and viewed using the Coralogix UI, queries, and visualizations.
Exporting kAudit findings is available via the kaudit-integrationConfigMap.
URL: https://api.coralogix.com/api/v1/logs
The private key: Input your Coralogix private key
Reference: https://coralogix.com/integrations/coralogix-rest-api/
body fields:
applicationName: application
subsystemName: subsystem
logEntries: each log has timestamp, severity, category
Note: the ConfigMap should already exist where kAudit has been deployed.
Edit kaudit-integration-<your cluster name> ConfigMap and add the integrations that you wish.
Example configuration:
apiVersion: v1
kind: ConfigMap
metadata:
name: kaudit-integration-<your cluster name>
namespace: alcide-kaudit
labels:
app: kaudit
app-name: kaudit # kAudit instance
data:
audit-integration: |
- type: detections
target:
target-type: http-api
http-api-uri: 'https://api.coralogix.com/api/v1/logs'
http-api-token: 'Private-key'
stopped: true
- type: selections
target:
target-type: http-api
http-api-uri: 'https://api.coralogix.com/api/v1/logs'
rate-limit: 10
data-filter:
entity-no-match: ^system:|^admin$
rules-match: ^exec|unsafe$
report: details
UI:
In Alcide, select the Integrations tab and go to the Detections Integrations Configuration section, which is used to configure integrations for threat intel logs.
Select HTTP API as your target.
In the URL box, enter https://api.coralogix.com/api/v1/logs
Under Entities Types, select the types that you want to forward threat intel about.
Under Detection Categories, select the categories you wish to forward.
Under Detection Confidence, select your desired levels of confidence. Coralogix recommends selecting at least high and medium.
Optionally, you can create whitelist and blacklist filters on entities using the Entities Matching and Entities Not Matching boxes.
Then, go to the Selected Audit Entries Integration Configuration section, located underneath the previous section. This section is used to configure integrations for audit logs.
Select HTTP API as your target.
In the URL box, enter https://api.coralogix.com/api/v1/logs
To see how you can use Coralogix, visit: https://blog.alcide.io/get-operational-security-insights-and-alerts-for-kubernetes-using-alcide-kaudit-and-coralogix