Views:
The API does not provide endpoints for obtaining and manipulating Server & Workload Protection event data. Instead, we encourage you to forward system and security events to an external syslog server or security information and event management (SIEM) server.
SIEMs enable you to effectively act on the event data that you collect. The following typical tasks are easy to implement with a SIEM:
  • Create dashboards to easily monitor the status of your security and recognize problems as they occur.
  • Automate alerting when specific events occur so that you can react quicky.
  • Store event data for the long term so that you can recognize trends and also to adhere to compliance regulations if needed.
  • Amalgamate data to see how events from all of your business systems are affecting each other.
To learn how to integrate Server & Workload Protection with a syslog or SIEM, see Forward Server & Workload Protection events to a Syslog or SIEM server.