Syslog and API Client Integration on SaaS Security API
Learn how to configure SaaS Security API to interface
with syslog servers and API clients for monitoring and data collection.
You can configure SaaS Security API to interface with
syslog servers and API clients. Organizations that have standardized
on a specific Security Information and Event Management (SIEM) tool
can leverage this feature for monitoring, data collection, and other
workflows.
- Syslog Receiver—With a SaaS Security syslog integration, your can add a syslog receiver (for example, Splunk) to enable SaaS Security API to push log information to external syslog servers.
- API Client—With a SaaS Security API client integration, you can add a third-party API client (for example, Cortex XSOAR) to pull log information from SaaS Security API and perform incident and remediation actions.
SaaS Security API supports one syslog receiver or one API
client app with access to log data. Delete the existing configuration
before you add a new one. If you want to use both Splunk and Cortex
XSOAR, directly connect Splunk to Cortex XSOAR using the Splunk integration, and
create a Client ID and Client Secret for Cortex XSOAR to directly
connect to SaaS Security API.
