System Integrations

Go to > Cyber Incident Monitoring

Microsoft Office 365 integration currently supports user, admin, system, and policy actions...

Introduction  The GitHub integration collects events from the GitHub API.  https://docs.g...

Introduction  The Windows integration allows you to monitor the Windows OS, services, applicatio...

Introduction  The Sysmon for Linux integration allows you to monitor the Sysmon for Linux, which...

Introduction  With 1Password Business, you can send your account activity to your security infor...

Introduction  The Bitbucket integration collects audit logs from the audit log files or the audi...

Introduction  The AWS CloudTrail integration allows you to monitor AWS CloudTrail  Reference: h...

Introduction  The Amazon GuardDuty integration collects and parses data from Amazon GuardDuty Fi...

Introduction  The AWS Security Hub integration collects and parses data from AWS Security Hub RE...

Introduction  This document shows information related to AWS Integration.   The AWS integration...

Introduction  Cisco Meraki offers a centralized cloud management platform for all Meraki devices...

Introduction  Secure Endpoint offers cloud-delivered, advanced endpoint detection and response a...

Introduction  Cisco Umbrella is a cloud security platform that provides an additional line of de...

Introduction  Cloudflare integration uses Cloudflare's API to retrieve audit logs and traffic lo...

Introduction  This integration is for CrowdStrike products. It includes the following datasets f...

Introduction  Connecting Dropbox  Use the Workplace Search Dropbox connector to automatically c...

Introduction  This document shows information related to F5 Integration.   The F5 BIG-IP integr...

Introduction  This integration is for Fortinet FortiGate logs sent in the syslog format.  Pre...

Introduction  Introduced in GitLab Starter 8.4. Support for Amazon Elasticsearch was introduced ...

Introduction  Google Workspace (formerly G Suite) is a suite of cloud computing, productivity an...

Introduction  The JumpCloud integration allows you to monitor events related to the JumpCloud Di...

Introduction  The Mimecast integration collects events from the Mimecast API.  Assumpti...

Introduction  This integration is used to fetch logs and metrics from MongoDB.  Assumpt...

Introduction  The Okta integration collects events from the Okta API, specifically reading from ...

Introduction  This integration is for Pulse Connect Secure.  https://www.ivanti.com/pro...

Introduction  Slack is used by numerous organizations as their primary chat and collaboration to...

Introduction  The System integration allows you to monitor servers, personal computers, and more...

Remote File Copy via TeamViewer   Identifies an executable or script file remotely downloaded vi...

Introduction  This integration is for Zscaler Internet Access logs. It can be used to receive lo...

This integration periodically fetches logs and metrics from vSphere vCenter servers.   Compatibi...

The SentinelOne integration collects and parses data from SentinelOne REST APIs. This integration...

Custom Windows Event Logs Collect and parse logs from any Windows event log channel with Elastic...

Introduction Windows Event Forwarding (WEF) allows the collection of event logs from multiple Wi...

Overview This PowerShell script forwards Windows event logs to a Linux server using the syslog p...

Overview The Sophos Central integration allows you to monitor Alerts and Events logs. Sophos Cen...

Introduction  The Bitbucket integration collects audit logs from the audit log files or the audi...

Palo Alto Cortex XDR Integration Using the Cortex XDR APIs, you can integrate Cortex XDR with th...

Introduction  Elastic Stack security features can be configured to authenticate users through Ac...

The Microsoft SQL Server integration package allows you to search, observe, and visualize the SQL...

Introduction This document shows information related to Azure Active Directory Integration.The A...

ESET PROTECT allows you to efficiently manage ESET products across workstations and servers withi...

ESET Threat Intelligence provides advanced, real-time insights into global cybersecurity threats,...

This manual explains how to get started monitoring the security posture of your Azure CSP using t...

The Azure Resource Manager (ARM) endpoint is the primary entry point for interacting with the Azu...

The Cisco Email Security Appliance (ESA) integration is a comprehensive solution for managing and...

Overview The Cisco Nexus integration allows users to monitor Errors and System Messages. The Cis...

BitDefender GravityZone supports SIEM integration using "push notifications", which are JSON mess...

Overview The Bitwarden integration allows users to monitor collections, events, groups, members ...

Introduction This guide will walk you through setting up Rsyslog for log forwarding between a cl...

Configure Syslog Monitoring STEP 1 - Configure a Syslog server profile.  Select Device-->...

Method 1: Using GUI Configure log forwarding Sign in to the Meraki Dashboard with adminis...

Configure the Vault to Forward syslog Messages to PTA The system logger of the Vault must be con...

How to Configure Windows Event Forwarding for User Awareness Cato Networks’ User...

How to Send Logs to a Remote Syslog Server Summary: This article briefly describes how to confi...

Log Forwarder EventLog Analyzer's Syslog Forwarder transmits logs from various sources to a dest...

Method 1: Network logs forwarding The Network logs forwarding page ("Settings" > "System Setti...

Authentication  The Secure Endpoint API requires access via an authenticated and authorized acco...

Overview This integration with Microsoft Office 365 supports the ingestion of user, administrato...

Step 1: Create an Event Hub for Microsoft Entra ID Logs Go to Azure Portal > Event Hubs > Cr...

 Here are the necessary steps to resolve the issue. Step 1: Go to your Azure Portal and log in...

Get started with CSPM for AWS Overview This page explains how to get started monitoring t...

To fully integrate the Cato Networks API with the Elastic Stack (ELK Stack), you can follow this ...

Please follow these instructions: Step 1: Log in to your Fortinet FortiGate Admin portal and n...

The Application Insights Integration allows users to collect metrics from Azure Application Insig...

Requirements   To integrate with Google Cloud Platform (GCP), you need to set up the following: ...

Overview This page explains how to get started monitoring the security posture of your cloud ass...

Overview The Application Insights Integration allows users to retrieve application insights metr...

GitHub Integration The GitHub integration collects events from the GitHub API(external, opens in...

Please refer to these instructions to enable Cloud Asset API. To enable the Cloud Asset API fo...

Go to the Google Cloud Console. Navigate to IAM. Click on "IAM & Admin" in the left...

Setup Log Sink Using Google Cloud Console Navigate to "Logging" > "Log Router" > "Create Sin...

This Google Cloud integration collects and analyzes a wide range of logs and metrics to provide c...

Why Whitelist in Office 365? Whitelisting ensures the CyTech - AQUILA Phishing Simulation(PS) Mo...

Why Whitelist in Office 365? Whitelisting ensures the CyTech - AQUILA Phishing Simulation(PS) Mo...

Steps to Get Client ID and Client Secret in CrowdStrike Falcon Log in to the Falcon Console ...

Whitelist Cisco IronPort (ESA) for CyTech – AQUILA Phishing Simulation Why Whitelist in Cisco Ir...

OneLogin (via SCIM)  Introduction:  OneLogin gives users the ability to access the applications...

To automatically fetch user accounts into Azure (e.g., for Azure Active Directory / Microsoft Ent...

Introduction This guide outlines how to configure Syslog filters on Palo Alto Networks firewalls...

To automatically fetch user accounts into Okta without needing to manually import them, you shoul...

JumpCloud Intoduction JumpCloud allows you to automate user account creation and syncing withou...

Introduction This guide explains how to send security alerts from CrowdStrike Falcon to your Sec...

STEP 1: Enable APIs You’ll need access to one of the following APIs: Cloud Identity API (fo...

SonarQube Introduction SonarQube is a self-hosted or cloud-enabled tool that scans source code ...

Requirements You Must Have Why You Need It Elastic Agent installed ...

Qualys VMDR Integration Guide  Integrate Qualys Vulnerability Management, Detection and Response...

Purpose This document outlines the procedure to integrate Varonis DatAlert or DatAdvantage with ...

To integrate Cisco AMP for Endpoints (now part of Cisco Secure Endpoint) with Elastic, follow the...

STEP 1: Enable Log Sending from Secureworks This step happens inside your Secureworks dashboard....

1. Overview This document explains how to integrate KnowBe4 with a SIEM solution using the KnowB...

Endpoint Detection and Responce (EDR) - Manual Installation Endpoint Detection and Response (E...

Endpoint Detection and Responce (EDR) - Automatic Installation Endpoint Detection and Response (...

When Elastic Agent installs Endpoint, they connect locally to share status and updates. If this c...

GitHub Integration Introduction Elastic’s GitHub integration allows you to ingest GitHub logs, ...

Authentication To use this CSPM Google Cloud Platform (GCP) integration, you need to set up a ...

This Google Cloud integration collects and analyzes a wide range of logs and metrics to provide c...

Cloudflare Logs Integration Manual Cloudflare logs provide detailed insights into client connect...

1Password Events Reporting Integration Manual With 1Password Business, you can forward account a...

This integration collects syslog messages from SonicWall firewalls. It has been tested with Enhan...

Cisco Meraki provides a centralized cloud management platform for devices like MX Security Applia...

Login to Cisco Meraki Dashboard: Go to the Meraki Dashboard and log in with your credentials...

Step 1: Install rsyslog1. Open terminal.2. Run the following commands: sudo apt update sudo apt...

Log in to SonicWall UI Open a web browser Go to your SonicWall’s IP (e.g., https://192.168....

Google Workspace Integration Overview The Google Workspace integration collects and parses...

1. Overview Cato Networks is a cloud-native Secure Access Service Edge (SASE) platform that conv...

Overview The Salesforce integration enables you to monitor your Salesforce instance. Salesforce ...

Summary of Actions Required: Register an app in Microsoft Entra ID and configure API permissions...

Mimecast Integration Guide Integrate Mimecast with your security platform via API to collect ema...

Auth0 Integration Guide Integrate Auth0 to ingest identity-related logs such as login attempts, ...

Integrating Digital Guardian (DG) with AQUILA for security log ingestion typically involves expor...

Overview To properly install and configure Elastic Defend manually without a Mobile Device Manag...