SIEM Integration
SIEM (Security Information and Event Management) integration allows you to export Deeployd security events to external security tools for centralized monitoring and analysis.
Overview
SIEM integration provides:
- Real-time event streaming
- Centralized security monitoring
- Correlation with other security data
- Compliance reporting
Access Requirements
SIEM integration is available on Enterprise plans only.
Access via Security Center
SIEM configuration is managed through the Security Center:
- Navigate to Security in the top bar
- Click on the SIEM tab
- Configure SIEM destinations
Supported SIEM Platforms
- Splunk
- Datadog
- Elastic Security
- Microsoft Sentinel
- AWS Security Hub
- Custom HTTP endpoints
Configuration
Via Dashboard
- Go to Security Center > SIEM
- Click Add Destination
- Select your SIEM platform
- Configure connection settings
- Select events to export
- Test the connection
- Enable streaming
Via API
const destination = await client.siem.createDestination({
name: 'Splunk Production',
type: 'splunk',
config: {
endpoint: 'https://splunk.company.com:8088',
token: 'your-hec-token',
index: 'deeployd-security'
},
events: ['auth.*', 'admin.*', 'agent.sensitive_action']
});
Event Types
| Event Category | Events |
|---|---|
| Authentication | auth.login, auth.logout, auth.failed, auth.mfa_required |
| User Management | user.created, user.updated, user.deleted, user.role_changed |
| Agent Operations | agent.created, agent.deleted, agent.sensitive_action |
| Admin Actions | admin.*, settings.changed, permission.granted |
| Security Events | incident.*, approval.*, session.terminated |
Event Format
Events are sent in JSON format:
{
"event_type": "auth.login",
"timestamp": "2024-01-15T10:30:00Z",
"actor": {
"user_id": "user-123",
"email": "user@company.com"
},
"details": {
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0...",
"method": "password"
},
"tenant_id": "tenant-abc",
"severity": "info"
}
Feature Availability
| Feature | Enterprise |
|---|---|
| SIEM Destinations | 5 |
| Real-time Streaming | Yes |
| Custom Event Filters | Yes |
| Batch Export | Yes |
Related: Security Center | Audit Logs