We provide several options for getting alerts into your SIEM:
- Standard notification channels: Many SIEM systems can ingest events via email/SMS. Simply adding your SIEM to the list of emails/phone numbers that receive alerts will get data into the system with minimal effort
- API: We have a REST API, which you can query for incidents. These are returned in JSON format
- Webhook: We support custom webhooks for alerting. When an alert fires, it will be POSTed in JSON format to an HTTP(S) endpoint of your choosing. While we support HTTP, we strongly recommend that you use HTTPS. eg, Slack, Splunk
- Syslog: We can push logs to a Syslog-compatible receiver using RFC5424-compliant logs. Due to the nature of the setup, this cannot be done through the Console. Please contact Canary support if you would like to implement Syslog or read this article.
All of these notification options are configurable through your Console, except for Syslog.