SIEM integration – How we do it
We’re devoted to delivering you best-in-class SIEM integrations with third-party platforms across your enterprise. In fact, we believe that integration goes much deeper than our competition in areas outside of traditional “hardcore” security.
LogPoint offers market-leading SAP SIEM integration, and we’re experienced in pulling data from areas like Internet of Things (IoT) devices. It’s part of our commitment to ensuring that our platform scales and works with your needs – whether those fall under compliance, IT operations or business analytics.
LogPoint has four distinct areas where SIEM integrations can be made:
We will support any commercial, off-the-shelf log source free of charge. LogPoint can integrate across multiple areas on the ingest side. Normalization, the most simple and straightforward of these, is the extraction and mapping of key-value pairs to the LogPoint taxonomy.
Entering logs into the system can require different protocols or methods, such as an application programming interface (API) call. Most log sources either feed data in various formats through syslog or through API calls. If you require a new API for fetching logs, these are built at no cost for commercial off-the-shelf solutions.
All SIEM integrations on the ingest side can be delivered as plugins to the LogPoint solution, ensuring fast and easy delivery and deployment.
On the storage side, LogPoint is able to integrate with remote data sources for enrichment and analysis. For example, we can connect to remote databases like ERP SQL servers to analyze corporate data.
We can also query the storage layer directly through the RESTful API to export or analyze data directly from your enterprise applications.
Our customers use SIEM integrations for incident response platforms, ingest threat intelligence feeds and to create tickets in incident management tools.
Incident response integration is executed through the use of our notification framework, offering outbound API calls, invocation of scripts, HTTP/SMTP notifications and syslog.
We also have an extensive Threat Intelligence application.
The Director Fabric allows you to automate and orchestrate the deployment and operation of your SIEM system. Through a rich API, you can run new LogPoint systems, add and remove devices or measure the performance of the platform, among other capabilities.