SIEM Integration
SIEM (Security Information and Event Management) integration allows you to export MeetLoyd security events to external security tools for centralized monitoring and analysis.
Enterprise Feature
SIEM integration is available on Enterprise plans only.
Why SIEM Integration?
- Centralized monitoring: Correlate MeetLoyd events with your other security data
- Real-time streaming: Events flow to your SIEM as they happen
- Compliance reporting: Unified audit trail across all your systems
- Threat detection: Use your SIEM's analytics to detect anomalies in agent behavior
Supported SIEM Platforms
| Platform | Description |
|---|---|
| Splunk | Enterprise security analytics |
| Datadog | Cloud monitoring and security |
| Elastic Security | Open-source SIEM |
| SumoLogic | Cloud-native analytics and SIEM |
| Custom HTTP endpoints | Any system that accepts webhooks (including Microsoft Sentinel, AWS Security Hub, and others) |
Event Types
| Event Category | Events |
|---|---|
| Authentication | Login, logout, failed attempts, MFA events |
| User Management | Created, updated, deleted, role changed |
| Agent Operations | Created, deleted, sensitive actions |
| Admin Actions | Settings changes, permission grants |
| Security Events | Incidents, approvals, session terminations |
Event Format
Events are sent in JSON format with a consistent structure including event type, timestamp, actor details (user ID, email), action details (IP address, user agent, method), tenant ID, and severity level.
MeetLoyd also supports CEF (Common Event Format) for ArcSight and Splunk, and LEEF (Log Event Extended Format) for IBM QRadar.
Feature Availability
| Feature | Enterprise |
|---|---|
| SIEM Destinations | Up to 5 |
| Real-time Streaming | Yes |
| Custom Event Filters | Yes |
| Batch Export | Yes |
Related: Security Center | Audit Logs