SIEM¶
This article explains how to configure Afi audit log ingestion to Splunk or to a similar SIEM system. The following destination channels for log ingestion are supported:
- Splunk HTTP Event Collector (HEC)
- Datadog
- Microsoft Teams
- Google Chats
- Slack
- Webhook (suitable for an arbitrary SIEM system accepting events though webhook)
Audit log export is configured on the Configuration → SIEM tab and includes all audit events for an Afi organization account as well as its child tenants/organizations.