![](http://content.invisioncic.com/Meset/set_resources_11/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
YossiC
-
Posts
5 -
Joined
-
Last visited
Kudos
-
YossiC gave kudos to j91321 in Trigger event to Syslog
Unfortunately we don't send Trigger Event through syslog. These events can be quite large (for example if the triggering event is a Script event). The supported way of doing this is to fetch additional data through REST API after you receive the syslog message, I believe the "event" field is present in the latest version in
GET /api/v1/detections/{id} even though it is missing in the documentation.
-
YossiC received kudos from j91321 in Local Admin Additions
Seems the rule is depednant on "Audit Security Group Management". Events are being recorded only after this is enabled.