What is a one sentence summary of your feature request?
Enable Directory Manager to send audit log data to SIEM and XDR platforms via a standard method such as syslog using a schema like OCSF.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Directory Manager generates valuable audit logs that provide visibility into identity changes, group modifications, access requests, and policy enforcement—critical events from a security and compliance standpoint. However, this data is currently siloed within the Directory Manager environment and cannot be easily integrated with broader security monitoring platforms like SIEMs or XDRs. Adding the ability to send audit data in real time via syslog using a standard schema like the Open Cybersecurity Schema Framework (OCSF) would allow organizations to centralize identity-related activity alongside other security telemetry. This enhances threat detection, incident response, and compliance reporting by enabling better correlation of identity events with network, endpoint, and application logs.
How do you currently solve the challenges you have by not having this feature?
Today, we use a custom workaround that extracts data directly from the Directory Manager database and formats it manually for ingestion into our SIEM. This approach is fragile, lacks real-time capabilities, and requires ongoing maintenance to stay in sync with schema or application changes—creating operational overhead and risk of data loss or misinterpretation.