Events Framework
The Illumio events framework provides an information-rich, deep foundation for actionable insights into the operations of the Illumio Core.
Overview of the Framework
Auditable events are records of transactions collected from the following management interfaces:
PCE web console
REST API
PCE command-line tools
VEN command-line tools
All actions that change the configuration of the PCE, security policy, and VENs are recorded, including workload firewall tampering.
As required by auditing standards, every recorded change includes a reference to the program that made the change, the change's timestamp, and other fields. After recording, the auditable events are read-only.
Auditable events comply with the Common Criteria Class FAU Security Audit requirements standard for auditing.
Auditing Needs Satisfied by Framework
Need | Description | See topic... |
|---|---|---|
Audit and Compliance | Evidence to show that resources are managed according to rules and regulatory standards. | |
Resource Lifecycle Tracking | All information is necessary to track a resource through creation, modification, and deletion. | |
Operations | Trace of recent changes to resources. | |
Security | Evidence to show which changes failed, such as incorrect user permissions or failed authentication. |
Benefits of Events Framework
The events framework in Core provides the following benefits:
Exceeds industry standards
Delivers complete content
Comprehensive set of event types
Includes more than 200 events
Additional notable system events are generated.
Easily accessible interfaces to capture events:
Event Viewer in the PCE web console
REST API with filtering
SIEM integration
Events are the same across all interfaces.
Designed for customer ease of use
Flattened, common structure for all events
Eliminates former duplicate or multiple events for single actions
Streamed via syslog in JSON, CEF, or LEEF format
Create/Update/Delete REST APIs recorded as events.
Read APIs/GET requests are not recorded because they do not change the Illumio Core.