Skip to content

Guides

/

Connectors

/

/

SIEM Accessed Provider Endpoints
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

CrowdStrike Falcon® Next-Gen SIEM

Operation	Provider Endpoints
Post Events	POST /services/collector
Query Alerts	POST /alerts/combined/alerts/v1
Query Events	GET /humio/api/v1/repositories/search-all/queryjobs/{jobId} POST /humio/api/v1/repositories/investigate_view/queryjobs POST /humio/api/v1/repositories/search-all/queryjobs

Google Security Operations (Chronicle Compatibility)

Operation	Provider Endpoints
Get Evidence	GET /v2/detect/rules/{ruleId}
Get Investigation	GET /v2/detect/rules/{ruleId}
Post Events	POST /v2/udmevents:batchCreate
Query Alerts	GET /v2/detect/rules/-/detections GET /v2/detect/rules/{ruleId}
Query Events	GET /v1/events:udmSearch
Query Investigations	GET /v2/detect/rules/-/detections
Query Log Providers	GET /v2/logtypes

Google Security Operations

Operation	Provider Endpoints
Post Events	POST /v1alpha/projects/synqly/locations/us/instances/{customerId}/events:import
Query Events	GET /v1alpha/projects/synqly/locations/us/instances/{customerId}:udmSearch
Query Log Providers	GET /v1alpha/projects/synqly/locations/us/instances/{customerId}/logTypes

OpenSearch SIEM

Operation	Provider Endpoints
Post Events	POST /{index}/_bulk
Query Events	POST /{index}/_plugins/_asynchronous_search
Query Log Providers	GET /{index}

Panther SIEM

Operation	Provider Endpoints
Get Alert	POST /public/graphql
Post Events	POST /http/{logSourceId}
Query Alerts	POST /public/graphql
Query Events	POST /public/graphql
Query Log Providers	POST /public/graphql

Rapid7 InsightIDR

Operation	Provider Endpoints
Get Alert	GET /idr/at/alerts/{id} GET /idr/at/alerts/{id}/actors GET /idr/at/alerts/{id}/evidences
Get Evidence	GET /idr/v1/restricted/investigations/{id}/evidence
Get Investigation	GET /idr/v2/investigations/{id} GET /idr/v2/investigations/{id}/rapid7-product-alerts
Patch Investigation	GET /idr/v2/investigations/{id} PATCH /idr/v2/investigations/{id}
Query Alerts	POST /idr/at/alerts/ops/search
Query Events	GET /log_search/query/logs/{logId} GET /log_search/query/{logId} GET /management/logsets GET /query/logsets
Query Investigations	POST /idr/v2/investigations/_search
Query Log Providers	GET /management/logsets

Splunk Enterprise Security

Operation	Provider Endpoints
Get Alert	GET /services/alerts/fired_alerts/{id} GET /servicesNS/-/-/saved/searches/Test Alert
Post Events	POST POST /services/collector/event
Query Alerts	GET /services/alerts/fired_alerts/{id}
Query Events	GET /services/search/jobs/{jobId} GET /services/search/jobs/{jobId}/results POST /services/search/jobs
Query Log Providers	GET /services/search/jobs/{jobId} GET /services/search/jobs/{jobId}/results POST /services/search/jobs

Previous page

Next page