Tutorial: Send only access events for specific applications to your SIEM
A use case for using the customization rules for Access Visibility log events is provided here.
CloudConnexa Log Streaming writes logs to your AWS S3 bucket. Your SIEM or other log collection systems can then ingest these logs.
The volume of Access Visibility log events streamed for a large, busy CloudConnexa deployment can be overwhelming. Log streaming configuration enables you to customize Access Visibility log events that are streamed directly from the source, rather than filtering the relevant ones using your Security Information and Event Management (SIEM) system.
Here are some examples of how you can use the customization rules to hone in on just the Access Visibility log events that are important to you.
Application Focus: From all the Applications configured on your WPC, if you are interested in the access log events for just a few, or you want events for all the Applications except a few. For example, if you want logs of all allowed or blocked traffic flows to only the 'HQ WebApp' or to all Applications except the 'HQ WebApp'.
IP Services Focus: From all the IP Services configured on your WPC, if you are interested in the access log events for just a few, or you want events for all the Applications except a few. For example, if you want logs of all allowed or blocked traffic flows to only the 'HQ WebApp' or to all IP Services except the 'HQ WebApp'.
To configure the customization rules, refer to Customize the streamed log events