← Back to Documentation

SIEM Integration

Stream security events to your SIEM platform

Supported SIEMs

  • Splunk
  • Microsoft Sentinel
  • Elastic Security
  • Sumo Logic
  • Datadog
  • Any syslog-compatible SIEM

Configuration

Configure SIEM forwarding in Settings → Integrations → SIEM:

  1. Select your SIEM platform
  2. Enter your SIEM endpoint URL
  3. Configure authentication (API key or certificate)
  4. Select which event types to forward
  5. Test the connection

Event Format

{
  "event_type": "security_finding",
  "severity": "high",
  "timestamp": "2024-01-08T12:00:00Z",
  "device_id": "dev_abc123",
  "finding": {
    "id": "find_xyz789",
    "title": "Firewall disabled",
    "description": "System firewall is not enabled"
  }
}
Webhooks APISlack Integration