# SIEM Connector: Accessed Provider APIs The following APIs are accessed by the SIEM connector. ## Rapid7 InsightIDR | Synqly API | Provider API | | --- | --- | | GET /v1/siem/events | GET /management/logsetsGET /query/logsetsGET /log_search/query/{item}GET /log_search/query/logs/{item} | | GET /v1/siem/investigations | POST /idr/v2/investigations/_search | | GET /v1/siem/investigations/{id} | GET /idr/v2/investigations/{item} | | GET /v1/siem/investigations/{id}/evidence | GET /idr/v1/restricted/investigations/{item}/evidence | | GET /v1/siem/log-providers | GET /management/logsets | | PATCH /v1/siem/investigations/{id} | GET /idr/v2/investigations/{item}PATCH /idr/v2/investigations/{item} | ## Sumo Logic Cloud SIEM | Synqly API | Provider API | | --- | --- | | GET /v1/siem/events | POST /api/v1/search/jobsGET /api/v1/search/jobs/{item}GET /api/v1/search/jobs/{item}/messagesGET /api/v1/search/jobs/{item}/records | | GET /v1/siem/investigations | GET /api/sec/v1/insights | | GET /v1/siem/investigations/{id} | GET /api/sec/v1/insights/{item} | | GET /v1/siem/investigations/{id}/evidence | GET /api/sec/v1/insights/{item} | | GET /v1/siem/log-providers | POST /api/v1/search/jobsGET /api/v1/search/jobs/{item}GET /api/v1/search/jobs/{item}/records | | POST /v1/siem/events | POST /receiver/v1/http/{item} | ## Splunk Enterprise Security | Synqly API | Provider API | | --- | --- | | GET /v1/siem/alerts | GET /servicesNS/-/-/saved/searches | | GET /v1/siem/events | POST /services/search/jobsGET /services/search/jobs/{item}GET /services/search/jobs/{item}/results | | GET /v1/siem/log-providers | POST /services/search/jobsGET /services/search/jobs/{item}GET /services/search/jobs/{item}/results | | POST /v1/siem/events | POST /services/collector/event | ## IBM QRadar SIEM | Synqly API | Provider API | | --- | --- | | GET /v1/siem/events | POST /api/ariel/searchesGET /api/ariel/searches/{item}GET /api/ariel/searches/{item}/results | | GET /v1/siem/investigations | GET /api/siem/offenses | | GET /v1/siem/investigations/{id} | GET /api/siem/offenses/{item} | | GET /v1/siem/log-providers | GET /api/config/{item}/{item}/{item} | | POST /v1/siem/events | POST/ | ## Microsoft Sentinel | Synqly API | Provider API | | --- | --- | | GET /v1/siem/alerts | GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/alertRules | | GET /v1/siem/events | POST /v1/workspaces/{item}/query | | GET /v1/siem/investigations | GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents | | GET /v1/siem/investigations/{id} | GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item} | | GET /v1/siem/log-providers | GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/tables | | PATCH /v1/siem/investigations/{id} | GET /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item}PUT /subscriptions/{item}/resourceGroups/{item}/providers/Microsoft.OperationalInsights/workspaces/sentinel-e2e/providers/Microsoft.SecurityInsights/incidents/{item} | | POST /v1/siem/events | POST /dataCollectionRules/{item}/streams/Custom-ASimEvent | ## Elastic SIEM | Synqly API | Provider API | | --- | --- | | GET /v1/siem/alerts | POST /api/{item}/signals/search | | GET /v1/siem/events | POST /logs-*/{item}POST /*/{item}POST /synqly-data/{item} | | GET /v1/siem/log-providers | GET /* | | POST /v1/siem/events | POST /logs-synqly-default/_bulkPOST /synqly-data/_bulk | ## OpenSearch | Synqly API | Provider API | | --- | --- | | GET /v1/siem/events | POST /logs-*/{item}/{item}POST /*/{item}/{item}POST /e2e/{item}/{item} | | GET /v1/siem/log-providers | GET /* | | POST /v1/siem/events | POST /logs-synqly-default/_bulkPOST /e2e/_bulk |