SIEM Integrations

This section explains how to integrate the data in the audit log, a record of all system activity, with your security information and event management (SIEM) products.

SIEM Integration Structure

The characteristics and functionality of an integration can be adjusted as needed using the following path: Company > Company Settings > SIEM Integrations.

Integration Name

The name of the integration.

Integration Type

The type of the integration.

Status

Active or Inactive status of the integration.

Date Created

The creation date of the integration.

Action

Edit or delete an integration

Creating New Integration

From the main menu, go to Company > Company Settings > SIEM Integrations. Then click on the + NEW button to create a new SIEM configuration.

The information on the SIEM configuration edit page is detailed in the table below.

Configuration Details

Integration Name

SIEM configuration name

History Logs

Select this option to ensure that all data in the audit log will be transferred to your SIEM solution. TIP: If this feature is inactive, only the audit log data recorded after defining the SIEM integration will be transferred to your SIEM solution.

Integration Type

SIEM integration type.

The next section describes how to initiate an integration.

Integrations

The platform supports the following SIEM products, please click on it to view the related documentation.

FAQ

Q: What are the kinds of information/logs which can be sent to a SIEM like Sentinel from Keepnet?

A: All audit information/logs under Company > Audit Log is sent to the SIEM server.

PreviousJumpcloud SCIM Integration NextSplunk Integration

Last updated 9 months ago

Was this helpful?