Sink Connector
Sinks for events such as Data Lakes and Security Lakes. Products in this category accept events but do not support querying them back out.
API Reference
For full API documentation see the Sink API Reference.
To create an integration with the Sink connector, use the Create Integration API endpoint, using one of the provider configs below.
Supported Providers
- AWS Security Lake (
sink_aws_security_lake) - AWS Simple Queue Service (
sink_aws_sqs) - Crowdstrike HEC (
sink_crowdstrike_hec) - Elastic (
sink_elasticsearch) - Microsoft Azure Monitor Logs (
sink_azure_monitor_logs) - Sink Test (
sink_mock_sink) - Splunk Enterprise Security (
sink_splunk)
Supported Operators by Provider
| API | AWS Security Lake | AWS SQS | Azure Monitor Logs | Crowdstrike HEC | Elasticsearch | Sink Test | Splunk |
|---|---|---|---|---|---|---|---|
| post_events | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
APIs with Filters
| API | AWS Security Lake | AWS SQS | Azure Monitor Logs | Crowdstrike HEC | Elasticsearch | Sink Test | Splunk |
|---|