Audit logs are core components of security and observability in Kubernetes. This post explains how to ingest and store Kubernetes audit logs in Parseable. Additionally, we'll see how to setup alerts on these logs to get notified when a specific event occurs. In this example, we'll setup an alert to get notified when a user (service-account) accesses a secret.
pb is a command line tool designed to fit developer's toolkit and help debug issues faster. You can point pb to a Parseable for instance, query and analyze logs, directly from the comfort of command line. The focus is to meet the users where they are, and not force them to switch contexts into different dashboards. pb is written in Go and available as a single static binary for all the major platforms.