In each of our Twistlock releases, we publish some truly remarkable features to improve our key platform pillars.
In the latest release, we added cool capabilities like our Cloud Native Application Firewall enhancements, serverless security features, and the awesomely-good-looking image vulnerabilities by layer feature.
Then there are things which, whilst important, are just dull — like audit. No one likes audit. Even people working in audit don’t like audit. It’s the frayed, grey cardigan of the IT world. Yes, audit is important. Yes, it’s a fundamental part of IT security. Yes, I’d rather be watching paint dry.
However, I am a professional (which probably comes as a shock to most of you reading), I will not be placed in the blog writing equivalent of the boredom room! Twistlock isn’t getting rid of me that easily. I will not be cowed into writing a sensible post!
So, join me friends and come with me on a voyage of discovery, of dashing daring-do and, perhaps, romance!
Syslog data at your fingertips
In addition to our integrations with Jira, Slack or even sending emails to people about alerts, syslog remains the core integration with our customers’ centralised logging, SIEM tooling, and alerting software. Syslog is time served – it’s robust, people already have the mechanisms in place etc.
From the beginning we have seen this benefit and log direct to syslog. We do so in a standard format and by connecting to the syslog socket /dev/log.
In our 2.3 release we have made it easier to setup – you can now do so directly in Console. In addition, you can setup verbose logging to capture all vulnerability and compliance issues, as well as all process information.
(That was the voyage of discovery)
Twistlock always made this data available via our extensive API, but customers asked for the data to go to syslog. So, now it can go to syslog! Every product release is driven by our customers, and this addition is a great feature request we’re proud to add.
Above, you can see the syslog configuration tab. Now, users can look at our documentation for the syslog patterns for each event that comes from a Defender:
- Container runtime audit
- Access audit
- Application firewall
- Network firewall
- Process audit
Twistlock also includes each event from Console:
- Container scan
- Image scan
- Host scan
- Registry scan
- Compliance Issue
- Vulnerability Issue
You can have that alerting, logging, SIEM integration, etc. routed appropriately!
Even though this post is a little cavalier, logging is an essential part of any security solution. With our standardised output and clear documentation it’s a simple process to put in place a robust solution for your environment.
Already got Twistlock? Then give our world-class support a shout (firstname.lastname@example.org) and they’ll be happy to walk you through it. Interested in seeing a demo or trying out the market leading cloud native security software? Ping me or visit: https://www.twistlock.com/get-twistlock/
- Twistlock Product
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Cryptomining Malware Emerges
I have been watching for the spread of malware that, primarily, uses c...
Calling the Twistlock API from PowerShell
The Problem This morning, a colleague was looking for situations where...
What Makes Distributed Security ‘Cloud Native’: Podcast Overview
I caught up with Scott Fulton III on this edition of The New Stack Mak...
Reflections on the 20th Anniversary of Open Source Technology
Exactly twenty years ago in February 1998, the term “open source” ...
A Checklist for DevSecOps When Choosing a Container Security Provider
If there was ever a time when integrating security into DevOps was str...