docs: Audit Logs & SIEM Integration guide (hold for v4.3 GA)#405
Merged
Conversation
Customer-facing guide for forwarding Onyx's structured audit-event stream to a SIEM (Splunk/Sentinel/Elastic/Chronicle/Security Lake): what's captured, the OCSF-shaped event schema, and step-by-step log-shipper setup (Vector + Fluent Bit) with the onyx.audit logger filter. Added under the existing "Auditing" nav group. Scoped to self-hosted v4.3+.
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
Adds an "Event reference" section: every audit action grouped by OCSF class with its trigger, resource_id, and key extra fields — what a SIEM team needs to build detection rules. Notes the append-only stability guarantee.
jmelahman
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Customer-facing documentation for the SIEM-compatible audit logging feature: a new admin guide,
admins/auditing/audit_logs.mdx, added under the existing Auditing nav group.Covers:
LOG_FORMAT=json→ ship logs → filter theonyx.auditstream → route to your SIEMScoped to self-hosted v4.3+ (forwarding requires control of the log pipeline), with a pointer to contact us for Onyx Cloud delivery.
The underlying feature (the full audit taxonomy) is on
mainbut ships in v4.3. Holding this until v4.3 is released so the docs don't advertise a capability ahead of GA. The doc already states "available in Onyx v4.3 and later."How Has This Been Tested?
docs.jsonvalidates as JSON; new page registered in the Auditing group.AccordionGroup,CodeGroup,Steps,Note/Tip/Info) match existing repo usage; internal link/security/contact_usresolves.