LogSentinel SIEM Integrations¶
There are many ways that you can integrate an existing system or appliance with LogSentinel SIEM in order to collect logs, audit trail and other security events. The two main ways are:
- On-premise integrations via LogSentinel Collector - a collector to be install on one on-premise machine. The collector performs agentless log collection from multiple sources.
- Cloud integrations - multiple cloud integrations are supported directly from the LogSentinel SIEM dashboard.
Additional integration options are:
- Agent - The Wazuh/OSSEC-based agent can be installed on any endpoint to collect local logs and file integrity status. It is connected to the LogSentinel Collector through the ossec connector, which wraps an forwards the collected events.
- LogSentinel SIEM API - send audit logs directly to LogSentinel SIEM by connecting applications via the LogSentinel API.
- LogSentinel endpoints - logs can be sent to LogSentinel SIEM from various tools and platforms, including Kubernetes, Prometheus, Heroku and anything that supports syslog over TLS.
- Third party tools - third party log collection tools can be configured to forward logs to the LogSentinel API.
A (non-exhaustive) list of supported integrations can be found at logsentinel.com/integrations.