SaaS Security
Syslog and API Client Integration on Data Security
Table of Contents
Syslog and API Client Integration on Data Security
Learn how to configure Data Security to interface
with syslog servers and API clients for monitoring and data collection.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
You can configure Data Security to interface with
syslog servers and API clients. Organizations that have standardized
on a specific Security Information and Event Management (SIEM) tool
can leverage this feature for monitoring, data collection, and other
workflows.
- Syslog Receiver—With a SaaS Security syslog integration, your can add a syslog receiver (for example, Splunk) to enable Data Security to push log information to external syslog servers.
- API Client—With a SaaS Security API client integration, you can add a third-party API client (for example, Cortex XSOAR) to pull log information from Data Security and perform incident and remediation actions.
Data Security currently supports one Syslog receiver AND one API client app
with access to log data. So, you can use the two protocols and connect SIEM and SOAR
software separately. However, Data Security does not support using multiple
Syslog receivers or multiple API clients concurrently. Alternatively, if you want to use
both Splunk and Cortex XSOAR, directly connect Splunk to Cortex XSOAR
using the Splunk integration, and create a Client ID and
Client Secret for Cortex XSOAR to directly connect to Data Security.
