Skip to content

Guides

/

Connectors

/

/

SIEM Accessed Provider Endpoints
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

CrowdStrike Falcon® Next-Gen SIEM

Operation	Provider Endpoints
Post Events	POST /services/collector
Query Alerts	GET /incidents/queries/incidents/v1
Query Events	GET /humio/api/v1/repositories/search-all/queryjobs/{jobId} POST /humio/api/v1/repositories/investigate_view/queryjobs POST /humio/api/v1/repositories/search-all/queryjobs

Elastic SIEM

Operation	Provider Endpoints
Post Events	POST /{index}/_bulk
Query Alerts	POST /api/detection_engine/signals/search
Query Events	POST /{index}/_async_search
Query Log Providers	GET /{index}

OpenSearch SIEM

Operation	Provider Endpoints
Post Events	POST /{index}/_bulk
Query Events	POST /{index}/_plugins/_asynchronous_search
Query Log Providers	GET /{index}

IBM QRadar SIEM

Operation	Provider Endpoints
Get Investigation	GET /api/siem/offenses/{id}
Post Events	POST
Query Events	GET /api/ariel/searches/{searchId} GET /api/ariel/searches/{searchId}/results POST /api/ariel/searches
Query Investigations	GET /api/siem/offenses
Query Log Providers	GET /api/config/event_sources/log_source_management/log_sources

Rapid7 InsightIDR

Operation	Provider Endpoints
Get Evidence	GET /idr/v1/restricted/investigations/{id}/evidence
Get Investigation	GET /idr/v2/investigations/{id}
Patch Investigation	GET /idr/v2/investigations/{id} PATCH /idr/v2/investigations/{id}
Query Events	GET /log_search/query/logs/{logId} GET /log_search/query/{logId} GET /management/logsets GET /query/logsets
Query Investigations	POST /idr/v2/investigations/_search
Query Log Providers	GET /management/logsets

Microsoft Sentinel

Operation	Provider Endpoints
Get Investigation	GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{id}
Patch Investigation	GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{id} PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{id}
Post Events	POST /dataCollectionRules/{ruleId}/streams/{streamName}
Query Alerts	GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules
Query Events	POST /v1/workspaces/{workspaceId}/query
Query Investigations	GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents
Query Log Providers	GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/tables

Splunk Enterprise Security

Operation	Provider Endpoints
Post Events	POST POST /services/collector/event
Query Alerts	GET /servicesNS/-/-/saved/searches
Query Events	GET /services/search/jobs/{jobId} GET /services/search/jobs/{jobId}/results POST /services/search/jobs
Query Log Providers	GET /services/search/jobs/{jobId} GET /services/search/jobs/{jobId}/results POST /services/search/jobs

Sumo Logic Cloud SIEM

Operation	Provider Endpoints
Get Evidence	GET /api/sec/v1/insights/{id}
Get Investigation	GET /api/sec/v1/insights/{id}
Post Events	POST /receiver/v1/http/{httpCollectorCode}
Query Events	GET /api/v1/search/jobs/{jobId} GET /api/v1/search/jobs/{jobId}/messages GET /api/v1/search/jobs/{jobId}/records POST /api/v1/search/jobs
Query Investigations	GET /api/sec/v1/insights
Query Log Providers	GET /api/v1/search/jobs/{jobId} GET /api/v1/search/jobs/{jobId}/records POST /api/v1/search/jobs

Previous page

Next page