Recommended Configuration for known SIEM Platforms
Avanan can integrate with a large number of SIEM platforms.
If you need help in configuring your SIEM platform to integrate with Avanan, contact Avanan Support.
These are the recommended configuration for some of the SIEM platforms.
SIEM Platform |
Transport Method |
Log Format |
|---|---|---|
Splunk |
Splunk HTTP Event Collector (HEC)
|
JSON (Splunk HEC/CIM compatible) |
Rapid7 |
AWS SQS
|
JSON (Rapid7, <8k characters) |
Sumo Logic |
HTTP Collector
|
JSON |
Azure Log Workspace |
Azure Log Workspace
|
JSON |
LogRhythm |
AWS S3 For the fields required for AWS S3, see Supported Transport methods. If a new S3 Bucket is needed, you should follow specific instructions while configuring the S3 bucket. For more details, see Forwarding Events to AWS S3. |
JSON |
McAfee SIEM |
AWS S3 For the fields required for AWS S3, see Supported Transport methods. If a new S3 Bucket is needed, you should follow specific instructions while configuring the S3 bucket. For more details, see Forwarding Events to AWS S3. To receive the logs from S3 bucket to McAfee SIEM, refer to Configuration of Amazon S3 upload feature and McAfee Documentation. |
JSON |
Other |
Avanan can integrate with any SIEM platform. If you need help in configuring your SIEM platform to integrate with Avanan, contact Avanan Support. |