SIEM Integration for Events
Event data can be sent using syslog to your own analytics or SIEM systems for analysis or other needs.
About SIEM Integration
This guide also explains how to configure the PCE to securely transfer PCE event data in the following message formats to some associated SIEM systems:
JavaScript Object Notation (JSON) is needed for SIEM applications like Splunk®.
Common Event Format (CEF) is needed for Micro Focus ArcSight®.
Log Event Extended Format (LEEF) is needed for IBM QRadar®.
Illumio Tools for SIEM Integration
Illumio offers other tools for SIEM integration.
Illumio App for Splunk:
Software: Technical Add-on for Illumio and Illumio App for Splunk
Documentation: Illumio App for Splunk Guide 4.x
Illumio App for QRadar:
Software: Illumio App for QRadar
Documentation: Illumio App for QRadar Guide 1.4.0
Illumio App for ServiceNow:
Software: Illumio App for CMDB
Documentation: Illumio App for ServiceNow 2.1.0