Sinks for events such as Data Lakes and Security Lakes. Products in this category accept events but do not support querying them back out.
For full API documentation see the Sink API Reference.
To create an integration with the Sink connector, use the Create Integration API endpoint, using one of the provider configs below.
- Amazon S3 (
sink_aws_s3) - Amazon Security Lake (
sink_aws_security_lake) - Amazon Simple Queue Service (SQS) (
sink_aws_sqs) - CrowdStrike Falcon® Next-Gen SIEM (HEC) (
sink_crowdstrike_hec) - Elasticsearch (
sink_elasticsearch) - Google Security Operations (Chronicle Compatibility) (
sink_google_sec_ops) - Google Security Operations (
sink_google_security_operations) - IBM QRadar Sink (
sink_q_radar) - Microsoft Azure Monitor Logs (
sink_azure_monitor_logs) - OpenSearch (
sink_opensearch) - Splunk Enterprise Security (
sink_splunk) - Synqly Test Provider (
sink_mock_sink)
| API | Amazon S3 | Amazon Security Lake | Amazon SQS | Microsoft Azure Monitor Logs | CrowdStrike Next-Gen SIEM (HEC) | Elasticsearch | Google Security Operations | Google Security Operations | Test Provider | OpenSearch | IBM QRadar Sink | Splunk Enterprise Security |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| post_events | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| API | Amazon S3 | Amazon Security Lake | Amazon SQS | Microsoft Azure Monitor Logs | CrowdStrike Next-Gen SIEM (HEC) | Elasticsearch | Google Security Operations | Google Security Operations | Test Provider | OpenSearch | IBM QRadar Sink | Splunk Enterprise Security |
|---|