why - Many companies have automation built off ingest of security events/logs. CSD alerts are handled similar to security events, there are actions teams need to take for each alert. To enable automation of these alerts its would be efficient if they are ingested via the same mechanism GLR as that means the same destination receiving the security events will just start picking up the CSD events automatically. Trom the client's perspective, we see CSD alerts the same as Security Events, its data we'd like to ship to our SIEM, handling them both the same way would be ideal.

who - Security teams will benefit from this. With current functionality today we have a few alternative options, all of which are more time consuming or less ideal:

1. set an alert to route CSD events to a email distro. we have a team work the inbox. this is not great for an audit trail which is nice to have for PCI related efforts.

2. we can use F5 API and some automation to pull the lit of alerts daily and forward those to the same GLR end point we have security events going to. this requires extra effort.

3. webhooks.

how - Simply include CSD alerts in Security Events or create a new event type to select in GLR configs separate from HTTP Request and Security events.