Auditing Kibana's user events


I have some questions about monitoring access/events done by Kibana's users. Here are some examples of events im interested in:

  • Create/Delete/Update/Enable/Disable rules
  • Create/Update/Close cases
  • Close/Delete alerts

My goal is to be able to justify every actions made on rules/cases/alerts.

Is it possible to delete alerts ? Ive found no options for it but I wanted a confirmation

Is it possible to monitor the events listed above ?

Those events are listed as supported by the Audit Logging feature, check the documentation for more details

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.