Skip to content

Guides

/

Connectors

/

/

SIEM Connector: Accessed Provider APIs
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

The following APIs are accessed by the SIEM connector.

Rapid7 InsightIDR

Synqly API	Provider API
GET /v1/siem/events	GET /management/logsets GET /query/logsets GET /log_search/query/{item} GET /log_search/query/logs/{item}
GET /v1/siem/investigations	POST /idr/v2/investigations/_search
GET /v1/siem/investigations/{id}	GET /idr/v2/investigations/{item}
GET /v1/siem/investigations/{id}/evidence	GET /idr/v1/restricted/investigations/{item}/evidence
GET /v1/siem/log-providers	GET /management/logsets
PATCH /v1/siem/investigations/{id}	GET /idr/v2/investigations/{item} PATCH /idr/v2/investigations/{item}

Sumo Logic Cloud SIEM

Synqly API	Provider API
GET /v1/siem/events	POST /api/v1/search/jobs GET /api/v1/search/jobs/{item} GET /api/v1/search/jobs/{item}/messages GET /api/v1/search/jobs/{item}/records
GET /v1/siem/investigations	GET /api/sec/v1/insights
GET /v1/siem/investigations/{id}	GET /api/sec/v1/insights/{item}
GET /v1/siem/investigations/{id}/evidence	GET /api/sec/v1/insights/{item}
GET /v1/siem/log-providers	POST /api/v1/search/jobs GET /api/v1/search/jobs/{item} GET /api/v1/search/jobs/{item}/records
POST /v1/siem/events	POST /receiver/v1/http/{item}

Splunk Enterprise Security

Synqly API	Provider API
GET /v1/siem/alerts	GET /servicesNS/-/-/saved/searches
GET /v1/siem/events	POST /services/search/jobs GET /services/search/jobs/{item} GET /services/search/jobs/{item}/results
GET /v1/siem/log-providers	POST /services/search/jobs GET /services/search/jobs/{item} GET /services/search/jobs/{item}/results
POST /v1/siem/events	POST /services/collector/event

IBM QRadar SIEM

Synqly API	Provider API
GET /v1/siem/events	POST /api/ariel/searches GET /api/ariel/searches/{item} GET /api/ariel/searches/{item}/results
GET /v1/siem/investigations	GET /api/siem/offenses
GET /v1/siem/investigations/{id}	GET /api/siem/offenses/{item}
GET /v1/siem/log-providers	GET /api/config/{item}/{item}/{item}
POST /v1/siem/events	POST/

Microsoft Sentinel

Synqly API	Provider API
GET /v1/siem/alerts	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/alertRules
GET /v1/siem/events	POST /v1/workspaces/{item}/query
GET /v1/siem/investigations	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents
GET /v1/siem/investigations/{id}	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item}
GET /v1/siem/log-providers	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/tables
PATCH /v1/siem/investigations/{id}	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item} PUT /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item}
POST /v1/siem/events	POST /dataCollectionRules/{item}/streams/Custom-ASimEvent

Elastic SIEM

Synqly API	Provider API
GET /v1/siem/alerts	POST /api/{item}/signals/search
GET /v1/siem/events	POST /logs-/{item} POST //{item} POST /synqly-data/{item}
GET /v1/siem/log-providers	GET /*
POST /v1/siem/events	POST /logs-synqly-default/_bulk POST /synqly-data/_bulk

OpenSearch

Synqly API	Provider API
GET /v1/siem/events	POST /logs-/{item}/{item} POST //{item}/{item} POST /e2e/{item}/{item}
GET /v1/siem/log-providers	GET /*
POST /v1/siem/events	POST /logs-synqly-default/_bulk POST /e2e/_bulk

Previous page

Next page