LogSentinel SIEM Cloud Integrations¶
Cloud services (SaaS and IaaS) are a must when it comes to security monitoring. In LogSentinel SIEM, you can connect to a number of supported cloud service via the Integrations menu.
We support logs for:
- Amazon Web Service
- Microsoft Azure
- Google Cloud Platform
Our list of supported SaaS is growing. For each service there's a unique combination of steps that you have to follow, and our UI is providing clear instructions, e.g. where to get a tenant ID and how to obtain API credentials. We support major vendors like:
- Microsoft 365 (formerly Office 365)
- Google Workspace (formerly G Suite)
You can find a more complete (though non-exhaustive) list here.
Monitoring other SaaS¶
Some less popular SaaS don't offer log collection APIs, so other ways are required in order to not be left in the dark
Cloud access security brokers (CASB)¶
If you have a CASB (or a secure web gateway), we can collect its logs about each SaaS. They are usually in the form of access logs.
If you don't have a CASB or SGW, we have a lightweight CASB-like proxy that can be intalled in your infrastructure and all SaaS requests should go through it, allowing us to collect the respective logs.
CASB and SGW work only if every employee is working from the office network and that's not always the case. We also support browser plugins that can be installed on your employees computers to track their access to SaaS (the plugin can be configured to only monitor specific websites in order to comply with local privacy regulations)