Guides

/

Connectors

/

siem

/

Accessed SIEM Provider APIs

SIEM Connector: Accessed Provider APIs

The following APIs are accessed by the SIEM connector.

Microsoft Sentinel

Synqly API	Provider API
GET /v1/siem/events	POST /v1/workspaces/{item}/query
GET /v1/siem/investigations	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents
GET /v1/siem/investigations/{id}	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item}
GET /v1/siem/log-providers	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/tables
PATCH /v1/siem/investigations/{id}	GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item} PUT /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item}

Sumo Logic Cloud SIEM

Synqly API	Provider API
GET /v1/siem/events	POST /api/v1/search/jobs GET /api/v1/search/jobs/{item} GET /api/v1/search/jobs/{item}/messages GET /api/v1/search/jobs/{item}/records
GET /v1/siem/investigations	GET /api/sec/v1/insights
GET /v1/siem/investigations/{id}	GET /api/sec/v1/insights/{item}
GET /v1/siem/investigations/{id}/evidence	GET /api/sec/v1/insights/{item}
GET /v1/siem/log-providers	POST /api/v1/search/jobs GET /api/v1/search/jobs/{item} GET /api/v1/search/jobs/{item}/records
POST /v1/siem/events	POST /receiver/v1/http/{item}

IBM QRadar

Synqly API	Provider API
GET /v1/siem/events	POST /api/ariel/searches GET /api/ariel/searches/{item} GET /api/ariel/searches/{item}/results
GET /v1/siem/investigations	GET /api/siem/offenses
GET /v1/siem/investigations/{id}	GET /api/siem/offenses/{item}
GET /v1/siem/log-providers	GET /api/config/{item}/{item}/{item}
POST /v1/siem/events	POST/

Splunk

Synqly API	Provider API
GET /v1/siem/events	POST /services/search/jobs GET /services/search/jobs/{item} GET /services/search/jobs/{item}/results
GET /v1/siem/log-providers	POST /services/search/jobs GET /services/search/jobs/{item} GET /services/search/jobs/{item}/results
POST /v1/siem/events	POST /services/collector/event

Elasticsearch

Synqly API	Provider API
GET /v1/siem/events	POST /logs-/{item} POST //{item} POST /synqly-data/{item}
GET /v1/siem/log-providers	GET /*
POST /v1/siem/events	POST /logs-synqly-default/_bulk POST /synqly-data/_bulk

CrowdStrike SIEM

Synqly API	Provider API
GET /v1/siem/events	POST /humio/api/v1/repositories/search-all/queryjobs GET /humio/api/v1/repositories/search-all/queryjobs/{item} POST /humio/api/v1/repositories/{item}/queryjobs

Google Security Operations

Synqly API	Provider API
GET /v1/siem/events	GET /v1/events:udmSearch
GET /v1/siem/investigations	GET /v2/detect/rules/-/detections
GET /v1/siem/investigations/{id}	GET /v2/detect/rules/{item}/detections/{item}
GET /v1/siem/investigations/{id}/evidence	GET /v2/detect/rules/{item}/detections/{item}
GET /v1/siem/log-providers	GET /v2/logtypes

Rapid7 InsightIDR

Synqly API	Provider API
GET /v1/siem/events	GET /query/logsets GET /log_search/query/{item} GET /management/logsets GET /log_search/query/logs/{item}
GET /v1/siem/investigations	POST /idr/v2/investigations/_search
GET /v1/siem/investigations/{id}	GET /idr/v2/investigations/{item}
GET /v1/siem/investigations/{id}/evidence	GET /idr/v1/restricted/investigations/{item}/evidence
GET /v1/siem/log-providers	GET /management/logsets
PATCH /v1/siem/investigations/{id}	GET /idr/v2/investigations/{item} PATCH /idr/v2/investigations/{item}

Previous page

Next page