AuditLog.create!(
actor_id: current_user.id,
action: 'member.approve',
target_type: 'Member',
target_id: member.id,
ip_address: request.remote_ip,
index=auth sourcetype=linux_secure "Failed password" | stats count by src_ip, user | where count > 20
index=proxy "POST" url="*/oauth/token" | stats count by client_ip | where count > 100
index=endpoint process_name=powershell.exe command_line="*EncodedCommand*"