Question about the new Enterprise Events Stream API
Hi,
We use Splunk add-on for Box with an app on the Box side to stream events to our Splunk SIEM. Recently, I got an email about the new Enterprise Events Stream API (i.e. admin_logs_streaming) that enables subscribing to all events in a Box enterprise in near real time and recommending to use it instead the Splunk add-on. I have briefly looked at the document but not sure, if it adds any significant benefits. I might be wrong and would appreciate, if someone can point out why I should use Enterprise Events Stream API. Also, I am not a developer, so I am little hesitant to make that change.
Thanks for your help in advance,
Jayesh
-
Official comment
Hi Jayesh,
This guide: Migrating From History To Stream, provides the most succinct comparison of the two stream types. Our recommendation is that all live monitoring use cases be migrated to the new stream type so that late events are not missed by your downstream service. If your only use of the existing API is through Splunk, then I suspect you do not have any development to perform on your side. Please work with your Splunk contacts to understand when they will migrate to the new admin_logs_streaming stream type.
Best regards,
ChaseComment actions
Post is closed for comments.
Comments
2 comments