Complianceops

Overview

ComplianceOps provides unified compliance monitoring across all log sources. Events tagged with compliance frameworks (PCI-DSS, HIPAA, SOX, GDPR, etc.) from firewalls, identity systems, and applications are aggregated into a single dashboard for audit readiness.

App Function

• Aggregate events with Compliance Framework tags from installed vendor apps
• Provide unified dashboard for cross-vendor compliance visibility
• Assign severity levels based on Event Type (Threat, Privilege Escalation, etc.)
• Alert on high-priority compliance events

Vendor Documentation

This is a LogZilla aggregate app. No external vendor documentation applies.

Device Configuration

No device configuration is required. ComplianceOps automatically processes events from installed vendor apps that call apply_compliance_frameworks().

Incoming Log Format

ComplianceOps processes events tagged by vendor apps. It does not parse raw log formats directly. Vendor apps set the Compliance Framework tag when they call TAXONOMY.apply_compliance_frameworks(event, event_type).

Parsed Metadata Fields

Severity Level Assignment

Log Examples

Privilege Escalation (sudo)

text
Wrap: OnCopyFullscreen
sudo: admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/bin/bash

Failed Authentication

text
Wrap: OnCopyFullscreen
sshd[5678]: Failed password for admin from 192.168.1.100 port 22 ssh2

Successful Login

text
Wrap: OnCopyFullscreen
sshd[5678]: Accepted publickey for admin from 192.168.1.100 port 22

Dashboard

The ComplianceOps dashboard provides:

• Key metrics: Total events, unique frameworks, hosts, users
• Failed authentication and privilege escalation counts
• EPS gauge and time chart for rate monitoring
• Top compliance frameworks distribution
• Event Type and severity distribution
• Top hosts, users, and vendors
• Live event stream with compliance context

Triggers