Why It Matters
Security teams depend on reliable log management for:
- Forensic investigations
- Regulatory retention requirements
- Real-time threat analysis
- Cross-platform event correlation
Without controlled export and retention:
- Logs may be overwritten
- Evidence becomes incomplete
- SIEM visibility fragments
- Compliance exposure increases
What are Log Export & Retention Controls?
Core Functional Components
-
Configurable Log Retention Policies
Organizations can define:
- Retention duration
- Archival timelines
- Storage scope
- Compliance-aligned governance policies
Supports both operational monitoring and regulatory mandates. -
Secure Log Storage & Access Controls
Log visibility is restricted by:
- Role
- Administrative privileges
- Audit authorization
Prevents unauthorized modification, deletion, or tampering. -
Structured Log Export
Export logs in structured formats suitable for:
- SIEM ingestion
- Audit documentation
- Incident investigation
- Compliance submission
- Date range
- User identity
- Event category
- Risk level
-
SIEM Integration Support
Identity logs integrate with:
- Enterprise SIEM platforms
- Security analytics environments
- Incident response workflows
Enhances centralized threat detection and cross-platform correlation. -
Compliance-Ready Log Preservation
Ensure identity activity records are retained in alignment with:
- Internal governance policies
- Regulatory expectations
- Legal documentation requirements
Log integrity supports defensibility during audits and investigations.
Feature Blocks
Identity logs are structured in CEF format for seamless ingestion into enterprise security monitoring systems.
Supports centralized event correlation and analytics.
Restrict who can:
- View logs
- Export logs
- Modify retention policies
Maintain structured records suitable for:
- Audit defense
- Regulatory review
- Incident documentation
- SIEM-Ready Log Formatting
- Access-Controlled Log Management
- Evidence Preservation for Legal & Compliance
Benefits
-
Strengthen Incident Investigation
Preserve detailed identity records for forensic reconstruction.
-
Support Compliance Retention Requirements
Align with internal and regulatory retention mandates.
-
Improve SIEM Visibility
Enhance cross-system threat detection through structured log integration.
-
Reduce Risk of Log Loss
Protect critical identity evidence from overwrite or deletion.
-
Increase Governance Control
Maintain oversight over log access and retention policies.
Technical Guidance
Your Security Analysts can download exported logs and upload or transfer them to your SIEM platform for deeper analysis. For automation, work with the Rainbow Secure team to configure a custom ETL process for scheduled log ingestion.
- Step 1: Navigate to the Log Analytics Workspace linked to Sentinel.
- Step 2: Go to Settings > Tables > Create > New Custom Log (DCR-based).
- Step 3: Provide a name (e.g., RSSSO_Logs_CL).
- Step 4: Upload the sample CEF file. Sentinel identifies rows automatically.
- Step 5: Use a KQL transformation during ingestion to parse CEF: source | extend parse_cef(RawData)
- Step 6: Define the file path where future logs will be stored (e.g., C:\Logs*.txt or /var/log/rssso/*.log).
- Step 1: Go to Settings > Data Inputs > Files & Directories.
- Step 2: Select New Local Input and browse to the exported file.
- Step 3: Set Sourcetype to cef (preferred if add-on is installed).
- Step 4: If no add-on exists, define a custom sourcetype such as rssso:cef.
- Step 5: Save and search — fields like src_ip and user become searchable.
- Step 1: Go to Admin > Log Sources.
- Step 2: Create a New Log Source.
- Step 3: Select Log Source Type: Universal CEF.
- Step 4: Choose Protocol Configuration: Log File.
- Step 5: Configure:
• Service Type: Local or SFTP
• Log File Pattern: .*.txt - Step 6: Deploy changes. QRadar parses Signature ID and Severity automatically.
- Step 1: Navigate to SentinelOne Console > Visibility > Data Lake.
- Step 2: Select Add Data > Custom Logs.
- Step 3: Upload the exported file.
- Choose the CEF Parser under Parser Configuration.
- Step 5: For automation, configure SentinelOne Agent Log Collection to monitor the export directory.
Frequently Asked Questions
-
Can retention periods be customized?
Yes. Retention policies are configurable according to organizational requirements.
-
Can logs be exported for SIEM ingestion?
Yes. Logs are structured in CEF format and ready for external ingestion.
-
Are logs protected from unauthorized access?
Yes. Log visibility and export permissions are role-restricted.
-
Does this support compliance retention requirements?
Yes. Configurable retention policies align with governance standards.
Pricing & Editions
Available as:
- Compliance Reporting module
- As part of Rainbow Secure IAM Packages
- Custom SIEM integration Services –
complimentary to Enterprise IAM Package - Integrated with MFA, SSO, PAM &
Risk Monitoring
Pricing depends on:
- User volume
- Log storage scope
- Integration complexity
Are You Ready For The Action?
With Rainbow Secure:
- Identity logs are retained securely
- SIEM integration is streamlined
- Exports are structured in CEF format
- Compliance evidence is preserved