Audit channels

Lenses supports secure channels configuration to allow you fine-tuned audit routing. You can choose from predefined channel types like Splunk (more to be added) or use the webhook capability to plug in with any auditing system that is available via APIs.

Once a channel is created, it can be used by you or any other user with correct permissions to route audits of your choice into this specific channel. It means you can send to Splunk a notification for a specific audit source. It’s up to you now where specific audits will be delivered.

Navigate to audit channels

From the header bar menu, go to Admin panel.
On the side navigation, select Channels under the audits section.

Audit channel types

At this moment, these types of audit channels are supported in Lenses:

List available channels

All configured audit channels are listed (see the screenshot below). From this page, you also edit or delete them. For your convenience, you can sort the results by each column, filter by type, or use the search box to find the channel you need.

Apache Kafka auditing and SIEM for compliance

Create an audit channel

To create a new audit channel, click on the New Audit Channel button from the listing page. First, select the type of channel and then provide the configuration settings.

Create new auditing integration for Apache Kafka

Edit, remove and toggle

Use the edit, delete or toggle icons to manage your auditing channels:

Splunk

If using Splunk for SIEM (Security information and event management) and add a connection to Lenses, all the CRUD operations (Create, Update, Configure, Delete) on a resource of your Streaming Data Platform (Kafka Topics, Kafka Connect, Kafka Quotas, Kafka ACLs and so one) will be captured and transmitted in real-time to Splunk:

Lenses is using the native Splunk event model to ingrate natively with your Splunk instance for advanced compliance and regulatory use cases.