Your analysis of the issue is impressive. It is clear that the establishment of an industry-wide standard for handling security logging is essential. Just as SaaS products routinely declare their support for standards like OAuth, SAML, and SCIM, we should advocate for vendors to provide audit logs in a standardized format and ensure the ability to query them through a standardized API. While the Common Event Format (CEF) offers a potential solution, its effectiveness in addressing the core issue is uncertain. What is evident is the lack of a uniform approach to delivering audit logs to customers, representing a significant opportunity for innovation and enhancement.
This only looks at security logging. It assumes legacy vendor costs and physics. It presumes the limited vendors that can only do schema / normalizatkon at ingest. Federated search doesn’t deal with the many aggregation scenarios for the full range of logging use cases. Axiom.co is slashing the costs and providing a system that adapts to highly variable log schemas and formats.
Your analysis of the issue is impressive. It is clear that the establishment of an industry-wide standard for handling security logging is essential. Just as SaaS products routinely declare their support for standards like OAuth, SAML, and SCIM, we should advocate for vendors to provide audit logs in a standardized format and ensure the ability to query them through a standardized API. While the Common Event Format (CEF) offers a potential solution, its effectiveness in addressing the core issue is uncertain. What is evident is the lack of a uniform approach to delivering audit logs to customers, representing a significant opportunity for innovation and enhancement.
This only looks at security logging. It assumes legacy vendor costs and physics. It presumes the limited vendors that can only do schema / normalizatkon at ingest. Federated search doesn’t deal with the many aggregation scenarios for the full range of logging use cases. Axiom.co is slashing the costs and providing a system that adapts to highly variable log schemas and formats.