Sink Connector
Sinks for events such as Data Lakes and Security Lakes. Products in this category accept events but do not support querying them back out.
API Reference
For full API documentation see the Sink API Reference.
To create an integration with the Sink connector, use the Create Integration API endpoint, using one of the provider configs below.
Supported Providers
- Amazon Security Lake (
sink_aws_security_lake) - Amazon Simple Queue Service (SQS) (
sink_aws_sqs) - CrowdStrike Falcon® Next-Gen SIEM (HEC) (
sink_crowdstrike_hec) - Elasticsearch (
sink_elasticsearch) - Google Security Operations (Chronicle Compatibility) (
sink_google_sec_ops) - Google Security Operations (
sink_google_security_operations) - Microsoft Azure Monitor Logs (
sink_azure_monitor_logs) - OpenSearch (
sink_opensearch) - Splunk Enterprise Security (
sink_splunk) - Synqly Test Provider (
sink_mock_sink)
Supported Operators by Provider
| API | Amazon Security Lake | Amazon SQS | Microsoft Azure Monitor Logs | CrowdStrike Next-Gen SIEM (HEC) | Elasticsearch | Google Security Operations | Google Security Operations | Test Provider | OpenSearch | Splunk Enterprise Security |
|---|---|---|---|---|---|---|---|---|---|---|
| post_events | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
APIs with Filters
| API | Amazon Security Lake | Amazon SQS | Microsoft Azure Monitor Logs | CrowdStrike Next-Gen SIEM (HEC) | Elasticsearch | Google Security Operations | Google Security Operations | Test Provider | OpenSearch | Splunk Enterprise Security |
|---|