Access to SIEM data via API | Voters

Access to SIEM data via API

Dov _

I need to access SIEM data through the API, but it seems that this data is not yet available. Having access to SIEM data via the API would be crucial for my operations, as it is more important to me than other data types.

Created by Autopilot

December 3, 2024

John Long-White

We'd also like to see this added; in its current state of GUI only its extremely limited, especially for those of us under a compliance framework that need extensive reporting and evidence collection.

Use Cases:

Compliance auditing (admin logins, config changes, privileged actions)
Automated incident investigation (timeline reconstruction)
Security monitoring dashboards
Integration with SOAR platform

Owen Carey

I would also like this.
More ways to manipulate and access our data is always good. 
We're looking to build some internal tools and being able to access the data this way would be very convenient

Paco Iglesias

Crucial, indeed. Otherwise it's just read only, currently kind of useless for any type of alerting or integration we want to do with it. We are forced to have a Splunk instance side by side while already paying for Huntress' SIEM.

The API endpoint for the SIEM from which one can perform queries from a SOAR for example would be a super typical scenario in most MSSPs out there

Eclipse

I 2nd this.

I'm working on some internal tooling and require access to ITDR and SIEM data via the api. Currently this is still not present in documentation.