Skip to main content

REST APIs 25.1 Developer Guide

SIEM Integration for Events

Event data can be sent using syslog to your own analytics or SIEM systems for analysis or other needs.

About SIEM Integration

This guide also explains how to configure the PCE to securely transfer PCE event data in the following message formats to some associated SIEM systems:

  • JavaScript Object Notation (JSON) is needed for SIEM applications like Splunk®.

  • Common Event Format (CEF) is needed for Micro Focus ArcSight®.

  • Log Event Extended Format (LEEF) is needed for IBM QRadar®.

Illumio Tools for SIEM Integration

Illumio offers other tools for SIEM integration.

Illumio App for Splunk:

Illumio App for QRadar:

Illumio App for ServiceNow: