Event Sinks
NOTE: Previously, this was known simply as "Notification Providers". Since event firing has been generalized for the sake of improving interoperability with SIEM/SOAR systems, it is now referred to as "Event Sinks", acknowledging that external log facilities are valid targets to receive notifications of system events.
Event Sinks are used by the entire AuthJanitor Automation system to communicate with administrator users and/or log-consuming services. Every major event in the system fires a message to the EventDispatcherService, which then propagates the event through all registered Event Sinks. This means you can load multiple Event Sinks which can receive disparate sets of events; for example, registering a remote syslog server to receive all events, but also sending any "Anomalous" category events immediately to an administrator via an e-mail notification.
New Event Sinks must inherit from IEventSink:
public class MyNewEventSink : IEventSink
{
public Task LogEvent(LogLevel logLevel, string source, string eventMessage)
{ /* ... do things based on ILogger's LogLevel ... */ }
public Task LogEvent(AuthJanitorSystemEvents systemEvent, string source, string details);
{ /* ... do things based on a generalized event which provides a detail string ... */ }
public Task LogEvent<T>(AuthJanitorSystemEvents systemEvent, string source, T detailObject);
{ /* ... do things based on a generalized event which provides a detailed system object, like "Resource" or "ManagedSecret" ... */ }
}