Skip to content

LogSentinel SIEM Integrations

There are many ways that you can integrate an existing system or appliance with LogSentinel SIEM in order to collect logs, audit trail and other security events. The two main ways are:

Additional integration options are:

  • Agent - The Wazuh/OSSEC-based agent can be installed on any endpoint to collect local logs and file integrity status. It is connected to the LogSentinel Collector through the ossec connector, which wraps an forwards the collected events.
  • LogSentinel SIEM API - send audit logs directly to LogSentinel SIEM by connecting applications via the LogSentinel API.
  • LogSentinel endpoints - logs can be sent to LogSentinel SIEM from various tools and platforms, including Kubernetes, Prometheus, Heroku and anything that supports syslog over TLS.
  • Third party tools - third party log collection tools can be configured to forward logs to the LogSentinel API.

A (non-exhaustive) list of supported integrations can be found at logsentinel.com/integrations.

 

Configure single sign-on access to the LogSentinel Platform

Configure single sign-on (SSO) to the LogSentinel Platform using an external identity provider (IdP). This feature allows you to authenticate and control user access to the LogSentinel Platform from your existing single sign-on solution.

If you decide to use SSO authentication, Platform Administrators will no longer be able to add users to the LogSentinel Platform. All new users must be added through your external IdP.

Before you begin

Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. This SSO login standard has significant advantages over logging in using a traditional username and password, the most important of which is that users do not need to provide their credentials directly to the LogSentinel Platform to sign in.

Any IdP you want to use must meet the SAML 2.0 compliance requirements, which you can read about here: https://en.wikipedia.org/wiki/SAML-based_products_and_services

To test whether your IdP is compliant, you can use these free SAML testing tools: