SIEM integration

If you are using a Security Information and Event Management (SIEM) solution and you want the ability to view and analyze Absolute 7 events in your SIEM application, along with events from other sources, you can set up an integration between the two systems using the Absolute SIEM Connector.

NOTE  If you are currently using the Classic SIEM Connector to send alert events to your SIEM application, you do not need to disable that Connector to use the Absolute 7 SIEM Connector. The events sent by the Classic version are different from the events sent by the Absolute 7 version, so the two versions can run in parallel.

The SIEM Connector uses the syslog protocol A protocol that allows event data from different types of systems to be transmitted in a standardized format to a central repository. to send events to a SIEM application, such as RSA® Security Analytics, HP ArcSight, or Splunk®. You can configure the SIEM Connector to send any events that are logged in Absolute and shown on the Events page in the History area.

List of logged events

Alternatively, you can use the SIEM Events API to return a list of configured event records for your account once you have configured the SIEM Connector.