Skip to content

LogSentinel SIEM Integrations

There are many ways that you can integrate an existing system or appliance with LogSentinel SIEM in order to collect logs, audit trail and other security events. The two main ways are:

Additional integration options are:

  • Agent - The Wazuh/OSSEC-based agent can be installed on any endpoint to collect local logs and file integrity status. It is connected to the LogSentinel Collector through the ossec connector, which wraps an forwards the collected events.
  • LogSentinel SIEM API - send audit logs directly to LogSentinel SIEM by connecting applications via the LogSentinel API.
  • LogSentinel endpoints - logs can be sent to LogSentinel SIEM from various tools and platforms, including Kubernetes, Prometheus, Heroku and anything that supports syslog over TLS.
  • Third party tools - third party log collection tools can be configured to forward logs to the LogSentinel API.

A (non-exhaustive) list of supported integrations can be found at