[[_TOC_]] ## Overview This epic is for all the issues that represent a first iteration of emitting instance-level streaming audit events. As we are SaaS-first, this should come after implementing [namespace level events](https://gitlab.com/groups/gitlab-org/-/epics/6122). Consider reading the [parent epic](https://gitlab.com/groups/gitlab-org/-/epics/5925) for additional context. ## Overall Goals * Instance owners should be able to modify a setting within the group settings. e.g. "Audit event HTTP destination." This should take, and validate a URL as its input. * All instance-level audit events should be sent, via HTTPS, as JSON in the same format that we currently store audit logs in `log/audit_json.log` on self-managed instances. ## Implementation Issues 1. Development of this epic's issues should be behind a ~"feature flag" ## Open Questions 1. _How does instance-level and namespace-level configuration interact?_ 1. They don't. They act entirely independently. Group owners can set external targets as can instance administrators. <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->