Design: SIEM integration - log format and shipping

## Context

From CloudPAM Open Questions doc: Need to decide on SIEM integration approach for enterprise audit log shipping.

## Key Questions
- What log format? CEF, JSON, OCSF?
- What shipping mechanisms? Syslog, Kafka, S3/GCS, webhook?
- What events beyond CRUD? Auth failures, discovery anomalies, drift detection?

## Current State
- Audit logging table exists (migration 0004)
- Audit middleware captures mutations with actor/resource/changes
- No external shipping mechanism yet

## Recommendation
- JSON format (most flexible, widely supported)
- Webhook + S3/GCS shipping for v1
- CEF/OCSF as optional formatters for enterprise customers

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Design: SIEM integration - log format and shipping #93

Context

Key Questions

Current State

Recommendation

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Design: SIEM integration - log format and shipping #93

Description

Context

Key Questions

Current State

Recommendation

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions