SIEM Connector
The Synqly SIEM provider connects your application to your customers' SIEMs. Synqly supports writing and querying events to and from SIEMs.
API Reference
For full API documentation see the SIEM API Reference.
To create an integration with the SIEM connector, use the Create Integration API endpoint, using one of the provider configs below.
Supported Providers
- CrowdStrike Falcon Next-Gen SIEM (
siem_crowdstrike) - Elastic SIEM (
siem_elasticsearch) - Google Security Operations (
siem_google_chronicle) - Microsoft Sentinel (
siem_sentinel) - QRadar (
siem_q_radar) - Rapid7 InsightIDR (
siem_rapid7_insightidr) - SIEM Test (
siem_mock_siem) - Splunk Enterprise Security (
siem_splunk) - Sumo Logic Cloud SIEM (
siem_sumo_logic)
Supported Operators by Provider
| API | CrowdStrike SIEM | Elasticsearch | Google Security Operations | SIEM Test | IBM QRadar | Rapid7 InsightIDR | Microsoft Sentinel | Splunk | Sumo Logic Cloud SIEM |
|---|---|---|---|---|---|---|---|---|---|
| post_events | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ |
| query_events | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| get_evidence | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ |
| get_investigation | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ |
| patch_investigation | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ |
| query_investigations | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ |
| query_log_providers | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |