Kafka
AlphaSOC supports ingesting telemetry data directly from Apache Kafka topics. The Kafka transport utilizes SASL/PLAIN authentication to establish a secure connection with your Kafka cluster and consumes messages from designated topics.
To set up Kafka as a data transport, please provide AlphaSOC with the following parameters required to establish a connection to your Kafka cluster:
Authentication Settings
| Field | Type | Description | Example |
|---|---|---|---|
username | string | SASL/PLAIN username | "kafka-user" |
password | string | SASL/PLAIN password | "secret123" |
Connection Settings
| Field | Type | Description | Example |
|---|---|---|---|
brokers | string[] | Kafka broker addresses (host:port) | ["kafka1.example.com:9092", "kafka2.example.com:9092"] |
topic | string | Kafka topic to consume from | "security-events" |
group_id | string | Consumer group identifier | "alphasoc-consumer" |
Ensure that the topic and consumer group are properly configured in your Kafka cluster, and that the specified user has the necessary permissions to read from the topic and commit offsets within the consumer group.
Permission Requirements
To ensure the Kafka transport can successfully consume messages, the configured user must have READ permissions on the specified Kafka topic and consumer group. This allows AlphaSOC to access the messages in the topic and commit offsets within the consumer group.
1. Allow READ on the topic
kafka-acls.sh --bootstrap-server your-broker:9092 \
--command-config admin-client.properties \
--add \
--allow-principal User:alphasoc-user \
--operation Read \
--topic your-topic
2. Allow READ on the consumer group
kafka-acls.sh --bootstrap-server your-broker:9092 \
--command-config admin-client.properties \
--add \
--allow-principal User:alphasoc-user \
--operation Read \
--group your-consumer
Upon successful configuration, messages consumed from the specified Kafka topic will be processed and analyzed by AlphaSOC. For additional questions or help, contact support@alphasoc.com.