Skip to content

docs: Audit Logs & SIEM Integration guide (hold for v4.3 GA)#405

Merged
justin-tahara merged 4 commits into
mainfrom
jtahara/audit-logging-docs
Jul 1, 2026
Merged

docs: Audit Logs & SIEM Integration guide (hold for v4.3 GA)#405
justin-tahara merged 4 commits into
mainfrom
jtahara/audit-logging-docs

Conversation

@justin-tahara

Copy link
Copy Markdown
Contributor

Description

Customer-facing documentation for the SIEM-compatible audit logging feature: a new admin guide, admins/auditing/audit_logs.mdx, added under the existing Auditing nav group.

Covers:

  • What the audit stream captures (authentication, user/access management, configuration & resources) — presented in customer terms
  • The OCSF-shaped event schema + an example event
  • Step-by-step setup: LOG_FORMAT=json → ship logs → filter the onyx.audit stream → route to your SIEM
  • Copy-paste log-shipper snippets (Vector + Fluent Bit)
  • Compliance mapping (SOC 2 CC7, NIST 800-53 AU family)

Scoped to self-hosted v4.3+ (forwarding requires control of the log pipeline), with a pointer to contact us for Onyx Cloud delivery.

⚠️ Draft — do not merge until v4.3 GA

The underlying feature (the full audit taxonomy) is on main but ships in v4.3. Holding this until v4.3 is released so the docs don't advertise a capability ahead of GA. The doc already states "available in Onyx v4.3 and later."

How Has This Been Tested?

  • docs.json validates as JSON; new page registered in the Auditing group.
  • Components (AccordionGroup, CodeGroup, Steps, Note/Tip/Info) match existing repo usage; internal link /security/contact_us resolves.

Customer-facing guide for forwarding Onyx's structured audit-event stream
to a SIEM (Splunk/Sentinel/Elastic/Chronicle/Security Lake): what's
captured, the OCSF-shaped event schema, and step-by-step log-shipper setup
(Vector + Fluent Bit) with the onyx.audit logger filter. Added under the
existing "Auditing" nav group. Scoped to self-hosted v4.3+.
@mintlify

mintlify Bot commented Jun 23, 2026

Copy link
Copy Markdown

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
onyx 🟢 Ready View Preview Jun 23, 2026, 11:26 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

Adds an "Event reference" section: every audit action grouped by OCSF class
with its trigger, resource_id, and key extra fields — what a SIEM team needs
to build detection rules. Notes the append-only stability guarantee.
@justin-tahara justin-tahara marked this pull request as ready for review July 1, 2026 14:52
@justin-tahara justin-tahara merged commit 599f33d into main Jul 1, 2026
4 checks passed
@justin-tahara justin-tahara deleted the jtahara/audit-logging-docs branch July 1, 2026 22:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants