Kubernetes Auditing DSM specifications
When you configure Kubernetes Auditing, understanding the specifications for the Kubernetes Auditing DSM can help ensure a successful integration. For example, knowing what the supported version of Kubernetes is before you begin can help reduce frustration during the configuration process.
The following table describes the specifications for the Kubernetes Auditing DSM.
Specification | Value |
---|---|
Manufacturer | Kubernetes |
DSM name | Kubernetes Auditing |
RPM file name | DSM-KubernetesAuditing-QRadar_version-build_number.noarch.rpm |
Supported version | Kubernetes API 1.19 |
Protocol | Syslog |
Event format | JSON |
Recorded event types | RequestReceived, ResponseStarted, ResponseComplete |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | Yes |
More information | https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ |