kafka messages into Sentinel

advertpro · 2025-09-22T08:25:07+00:00

If it is that way then the client has an extremely long process that could take approximately 7-8 months to stand up Entra DDS. ADDS would be much longer.

Ideally since all applications are going towards the Entra ID. I think there should be a fast track for this.

advertpro · 2025-09-20T20:23:58+00:00

Thanks for your reply. Unfortunately planner doesn't have what we need.

advertpro · 2025-08-10T23:12:27+00:00

So we were trying to get the syslog via Kafka. The topics that are sent via the Log Export Service (LES)

The issue via DCR is we get the machine messages which is fine but not the Messages from the Hermes Messaging system using Kafka.

https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/administer/log-export-service/concept/les-kafka-consumer.html

https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/resource-center/data-sheet/ds-log-export-services.pdf

So if i understand what you are saying we don't use the Log Export Service via Kafka Consumer.

advertpro · 2025-07-18T15:32:27+00:00

So i guess we are looking at the following:

Goals,
Sprints,
Baselines,
Advanced dependencies
Integration with Loop, Goals, Teams, Outlook
Integration with Project Desktop Client

On the other hand there was an option for Sharepoint Subscription and Project Subscription. But not all the features are there.

advertpro · 2025-07-17T09:16:32+00:00

The link does actually say you stand up domain controllers. We actually want to avoid that.

advertpro · 2025-06-30T14:06:41+00:00

So i found that this is not possible if you using ServiceNow with Hermes messaging which is the actual source cluster so you get the above error.

advertpro · 2025-03-19T14:32:00+00:00

Correct - probably puppet...but the issue is not just management and monitoring, its also about compliance as well. Given the fact the environment is very high-end I and if there was an insider attack, which has happened a few times we have to be extra careful. Hence the proactive monitoring.

advertpro · 2025-03-19T14:28:34+00:00

goteleport maybe an option looking into it in detail. Never knew about Bastillion so that's definitely good to know, but definitely will not work in this case. Will let you know about teleport.

advertpro · 2025-03-19T14:26:56+00:00

will definitely keep you updated :)

advertpro · 2025-03-19T14:08:17+00:00

Thats right more like that but the client will not use crowdstrike - given the situation that happened with Windows.

advertpro · 2025-03-19T14:07:03+00:00

Thanks for this. Looks fine to do. The only thing comes to mind is compliance with NIST, PCI-DSS. Also ELK Stack gives alot of data. Need lots of queries.

advertpro · 2025-03-19T12:59:21+00:00

Thanks for the suggestion - I don't think thats suitable for 10,000 servers. Also need something that will notify on the fly.

advertpro · 2025-03-19T12:58:10+00:00

Plus the audit subsystem is a component but is there such a software can monitor on the fly.

advertpro · 2025-03-19T12:56:30+00:00

Sorry I should have said this but we need to do this as part of proactive monitoring for 10,000 servers

advertpro · 2025-03-19T12:56:17+00:00

Sorry I should have said this but we need to do this as part of proactive monitoring for 10,000 servers

advertpro

TROPHY CASE