It's a good idea, but that option should have enable/disable feature or send only to local SIEM. For example - when I want to use CE solution, I don't want to send so significant logs to XC cloud
Currently in XC Cloud, during a security event, the payload that triggered the event is often missing or not fully visible in the event logs. This lack of visibility makes it challenging to understand why exactly the event was triggered. Consequently, when application teams request logs or evidence to validate the event or perform RCA, there's no native option to extract or share those logs or take a snapshot of the payload for analysis.
Guest
It's a good idea, but that option should have enable/disable feature or send only to local SIEM.
For example - when I want to use CE solution, I don't want to send so significant logs to XC cloud
Currently in XC Cloud, during a security event, the payload that triggered the event is often missing or not fully visible in the event logs. This lack of visibility makes it challenging to understand why exactly the event was triggered. Consequently, when application teams request logs or evidence to validate the event or perform RCA, there's no native option to extract or share those logs or take a snapshot of the payload for analysis.