Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document differences between events for sync servers and telemetry #1326

Open
mlw opened this issue Apr 11, 2024 · 1 comment
Open

Document differences between events for sync servers and telemetry #1326

mlw opened this issue Apr 11, 2024 · 1 comment
Labels
docs Documentation-related issues

Comments

@mlw
Copy link
Member

mlw commented Apr 11, 2024

We should be explicit about how Santa is designed to interact with sync servers. This interaction is focused on enabling delivery of updated rules and configuration to clients. Logs/telemetry is separate and not currently intended to be streamed to the sync server.
@mlw mlw added the docs Documentation-related issues label Apr 11, 2024
@pmarkowsky
Copy link
Contributor

My $0.02 is to add the following definition:

  • Events are specific things we want the user / sync service to approve
  • Logs are Santa's official record of what it observed and how it responded.

This means that anything we call anEvents is to be managed by the sync service. Logs on the other hand can be ingested by any logging system, SIEM or whatever. A sync service may use logs e.g. to figure out which rules are actually in use but aren't explicitly required.

Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Documentation-related issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlw @pmarkowsky