SIEM Integrations
This section explains how to integrate the data in the audit log, a record of all system activity, with your security information and event management (SIEM) products.
SIEM Integration Structure
The characteristics and functionality of an integration can be adjusted as needed using the following path: Company > Company Settings > SIEM Integrations.
Integration Name | The name of the integration. |
Integration Type | The type of the integration. |
Status | Active or Inactive status of the integration. |
Date Created | The creation date of the integration. |
Action | Edit or delete an integration |
Creating New Integration
From the main menu, go to Company > Company Settings > SIEM Integrations. Then click on the + NEW button to create a new SIEM configuration.
The information on the SIEM configuration edit page is detailed in the table below.
Configuration Details
Integration Name | SIEM configuration name |
History Logs | Select this option to ensure that all data in the audit log will be transferred to your SIEM solution. TIP: If this feature is inactive, only the audit log data recorded after defining the SIEM integration will be transferred to your SIEM solution. |
Integration Type | SIEM integration type. |
The next section describes how to initiate an integration.
Integrations
The platform supports the following SIEM products, please click on it to view the related documentation.
FAQ
Q: What are the kinds of information/logs which can be sent to a SIEM like Sentinel from Keepnet?
A: All audit information/logs under Company > Audit Log is sent to the SIEM server.
Last updated