G6Flow® Observer Audit
Component description.
G6Flow Observer Audit helps to decouple audit generation that arises from interaction with the Xposer Server, all the way to Backend Integrators (BEIs) or configured final destinations on the platform; enabling a messaging flow bus along the way to enable high resilience and allow for total message capture within the platform. Additionally, it allows you to enable a final destination to receive messages from other sources and consolidate them in the audit repository of the platform.
Component features
This component has the following specific objectives:
- To collect, in parallel, audit logs received from G6Flow-Xposer Server.
- To activate specific topics for logical separation of audit elements.
- To enable block-based reading components for correct storage of audit information.
- To enable the infrastructure for visualizing and searching audit information to facilitate configuration of detection rules for behavioral monitoring through audit logs.
Component architecture
This component has the following architecture diagram to represent the logical structure of this component within the G6Flow® platform.
The next table, describes the specific components needed to enable the functionality of this component within the G6Flow® platform.
| PARTICIPANT | DESCRIPTION OF ROLE |
|---|---|
| Observer Audit collector | Enables a REST service for collecting audit messaging from configured and authorized sources within the platform. |
| Stream Service | Enables message streaming services to accumulate and publish topic messages for subsequent processing by the function responsible for this task. |
| G6Flow - FXAudit | FxAudit Function, stores processed messages in a time-series database (TSDB), which is the repository where audit data is stored, with a structure that helps partition information fed into it to efficiently manage the volume of data from the observer. |
| TSDB | Time-Series Database, a storage repository for storing audit data, which has a structure that helps partition information fed into it to efficiently manage the volume of data from the observer. |
Compatibility and form factors
!TODO: Add component compatibility and form factor information here.
Configuration and deployment
!TODO: Add component configuration and deployment information here.