We provide a number of options for getting alerts into your SIEM:
- Standard notification channels: Many SIEM systems can ingest events via email/SMS. Simply adding your SIEM to the list of emails/phone numbers that receive alerts will get data into the system with minimal effort
- API: We have a REST API which you can query for incidents. These are returned in JSON format
- Web-hook: We support custom web-hooks for alerting. When an alert fires, it will be POSTed in JSON format to an HTTP(S) endpoint of your choosing. While we support HTTP, we strongly recommend that you use HTTPS
- Syslog: We are able to push logs to a Syslog compatible receiver using RFC5424 compliant logs. Due to the nature of the setup, this cannot be done through the console. Please contact Canary support if you would like to implement Syslog. More information can be found here: http://help.canary.tools/hc/en-gb/articles/syslog-configuration
All of these notification options are configurable through your console, except for Syslog