Sink Connector
Sinks for events such as Data Lakes and Security Lakes. Products in this category accept events but do not support querying them back out.
API Reference
For full API documentation see the Sink API Reference.
To create an integration with the Sink connector, use the Create Integration API endpoint, using one of the provider configs below.
Supported Providers
- AWS Security Lake (
sink_aws_security_lake) - AWS Simple Queue Service (
sink_aws_sqs) - Crowdstrike HEC (
sink_crowdstrike_hec) - Elastic (
sink_elasticsearch) - Google Security Operations (Chronicle Compatibility) (
sink_google_sec_ops) - Google Security Operations (
sink_google_security_operations) - Microsoft Azure Monitor Logs (
sink_azure_monitor_logs) - OpenSearch (
sink_opensearch) - Sink Test (
sink_mock_sink) - Splunk Enterprise Security (
sink_splunk)
Supported Operators by Provider
| API | AWS Security Lake | AWS SQS | Azure Monitor Logs | Crowdstrike HEC | Elasticsearch | Google Security Operations | Google Security Operations | Sink Test | OpenSearch | Splunk |
|---|---|---|---|---|---|---|---|---|---|---|
| post_events | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
APIs with Filters
| API | AWS Security Lake | AWS SQS | Azure Monitor Logs | Crowdstrike HEC | Elasticsearch | Google Security Operations | Google Security Operations | Sink Test | OpenSearch | Splunk |
|---|