[Feature Request] FULL AUDITNG of USER ACTIVITIES

[Wloody2]

Request Type

Feature Request

Feature Description

We are looking for auditing users activities - simple who changed any value in the case. This information is contained in the live feed (API: stream of audit).

The feature is importat for us. Can you say how much time takes the implementation?

Possible Solutions

Create new kind of time line event - for example named as "Audit" and store users activities into time line.

Complementary information

(add anything that can help identifying the problem such as log excerpts, screenshots, configuration dumps etc.)

[b3belov]

Hello!
Some time ago I had the same problem.
My workaround for this was:

• Create webhook notification with trigger to any event
• Create webhook listener for above notification ( I use Node-Red. In case you have Splunk, you can create data input and inject webhooks directly into Splunk.)
• Convert incoming data to syslog message and send it to SIEM / syslog / etc.

Since this is just workaround and it requires additional intermediate to process webhook, it would be great to have such possibility to make it directly from TheHive.