# Alcide kAudit

Copy as Markdown[Open in ChatGPT](https://chatgpt.com/?q=Read%20https%3A%2F%2Fdocs-docusaurus.kinsta.page%2Fintegrations%2Fsecurity%2Falcide-kaudit.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)[Open in Claude](https://claude.ai/new?q=Read%20https%3A%2F%2Fdocs-docusaurus.kinsta.page%2Fintegrations%2Fsecurity%2Falcide-kaudit.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)

Stream Alcide kAudit findings to Coralogix, enabling you to view, analyze and monitor your logs using cutting-edge tools.

## Overview[​](#overview "Direct link to Overview")

Coralogix complements Alcide kAudit by creating one pane of glass through which DevSecOps as well as other teams like engineering and CS can view logs from different parts of the infrastructure in a consolidated way. Beyond visualizing the data, Coralogix gives all these teams powerful analysis tools and helps identify correlations between applications and components events using ML-techniques.

Coralogix can also put logs in the context of the application’s lifecycle in the CI/CD process – allowing you to assess the impact of every change to your infrastructure. The end result is faster problem identification and time to resolution.

kAudit can send two log categories to Coralogix:

* Policy Findings: The K8s audit log entries that show violations of the policy which are configured by the Sec and DevOps team.

* Detections: Suspicious behavior with potential security risks to the K8s cluster which is automatically detected by kAudit.

## Configuration[​](#configuration "Direct link to Configuration")

Alcide kAudit findings are streamed to Coralogix, enabling you to view, analyze and monitor your data.

Exporting kAudit findings is available via the kaudit-integrationConfigMap.

URL: <!-- -->https\://ingress./logs/v1/singles<!-- -->. Input your Coralogix [domain](https://docs-docusaurus.kinsta.page/user-guides/account-management/account-settings/coralogix-domain/.md).<br /><!-- -->Private Key: Input your Coralogix [](https://docs-docusaurus.kinsta.page/user-guides/account-management/api-keys/send-your-data-api-key/.md)[Send-Your-Data API key](https://docs-docusaurus.kinsta.page/user-guides/account-management/api-keys/send-your-data-api-key/.md)<br /><!-- -->Reference: <https://coralogix.com/integrations/coralogix-rest-api/>

```
body fields:

applicationName: application

subsystemName: subsystem

logEntries: each log has timestamp, severity, category
```

Note: the ConfigMap should already exist where kAudit has been deployed.<br /><!-- -->Edit `kaudit-integration-<your cluster name>` ConfigMap and add the integrations that you wish.

Example configuration:

```
apiVersion: v1

kind: ConfigMap

metadata:

name: kaudit-integration-<your cluster name>

namespace: alcide-kaudit

labels:

app: kaudit

app-name: kaudit # kAudit instance

data:

audit-integration: |



- type: detections

target:

target-type: http-api

http-api-uri: 'https://ingress.eu2.coralogix.com/logs/v1/singles'

http-api-token: 'Private-key'

stopped: true

- type: selections

target:

target-type: http-api

http-api-uri: 'https://ingress.eu2.coralogix.com/logs/v1/singles'

rate-limit: 10

data-filter:

entity-no-match: ^system:|^admin$

rules-match: ^exec|unsafe$

report: details
```

UI:

In Alcide, select the **Integrations** tab and go to the **Detections Integrations Configuration** section, which is used to configure integrations for threat intel logs.

Select **HTTP API** as your target.

In the URL box, enter <!-- -->https\://ingress./logs/v1/singles<!-- -->.

Under Entities Types, select the types that you want to forward threat intel about.

Under Detection Categories, select the categories you wish to forward.

Under Detection Confidence, select your desired levels of confidence. Coralogix recommends selecting at least high and medium.

Optionally, you can create whitelist and blacklist filters on entities using the Entities Matching and Entities Not Matching boxes.

Then, go to the Selected Audit Entries Integration Configuration section, located underneath the previous section. This section is used to configure integrations for audit logs.

Select HTTP API as your target.

In the URL box, enter <!-- -->https\://ingress./logs/v1/singles<!-- -->.

## Additional resources[​](#additional-resources "Direct link to Additional resources")

|                     |                                                                                                 |
| ------------------- | ----------------------------------------------------------------------------------------------- |
| Coralogix Endpoints | [Coralogix Endpoints](https://docs-docusaurus.kinsta.page/integrations/coralogix-endpoints/.md) |
