Skip to main content

Illumio Core 22. 5 Administration Guide

SIEM Integration for Events

For analysis or other needs, event data can be sent using syslog to your own analytics or SIEM systems.

About SIEM Integration

This guide also explains how to configure the PCE to securely transfer PCE event data in the following message formats to some associated SIEM systems:

  • JavaScript Object Notation (JSON), needed for SIEM applications, such as Splunk®.

  • Common Event Format (CEF), needed for SIEM applications, such as Micro Focus ArcSight®.

  • Log Event Extended Format (LEEF), needed for SIEM applications, such as IBM QRadar®.