Lenses supports secure channels configuration to allow you fine-tuned audit routing. You can choose from predefined channel types like Splunk (more to be added).
Once a channel is created, it can be used by you or any other user with correct permissions to route audits of your choice into this specific channel. It means you can send to Splunk a notification for a specific audit source. It’s up to you now where specific audits will be delivered.
Navigate to audit channels
- From the header bar menu, go to Admin panel.
- On the side navigation, select Channels under the audits section.
Audit channel types
At this moment, these types of audit channels are supported in Lenses:
List available channels
All configured audit channels are listed (see the screenshot below). From this page, you also edit or delete them. For your convenience, you can sort the results by each column, filter by type, or use the search box to find the channel you need.
Create an audit channel
To create a new audit channel, click on the New Audit Channel button from the listing page. First, select the type of channel and then provide the configuration settings.
Edit an audit channel
From the listing page, click on the edit icon that is visible next to each channel. A modal window will appear where you can change the name, connection, or other additional settings.
Delete an audit channel
If you don’t need a channel anymore, you can also remove it by clicking on the trash icon that is visible next to each channel. A check will be made if there are any audits assigned to this channel and information presented to you in such a case, so you can be sure you don’t delete any channel that is being used.
Toggle an audit channel
To enable or disable the audit channel, click on the toggle under the
Route Audits column.