Skip to main content

SIEM

Security Information and Event Management (SIEM) systems collect and analyze logs from multiple systems to provide a centralized view of activity. By bringing together audit and event data from different sources, SIEMs support monitoring, alerting, investigation, and operational analysis across an organization.

Files.com delivers audit and activity logs through two methods: direct SIEM integrations and log file streaming. Direct SIEM integrations stream logs to SIEM platforms so the logs can be correlated with other security and infrastructure data for monitoring, alerting, and investigation workflows. Log File Streaming writes logs to files in a folder on your site for file-based access, scheduled processing, and retention. Use direct integrations when you need near real-time events in a SIEM, and Log File Streaming when you need files for batch-oriented or archival workflows.

Direct SIEM Integrations

Direct SIEM integrations deliver logs continuously to SIEM platforms for near real-time monitoring, analysis, and alerting. Files.com provides native integrations with Splunk, Microsoft Sentinel, Sumo Logic, Datadog, and New Relic, streaming logs directly to each platform's supported ingestion endpoints.

For SIEM platforms that are not natively supported, Files.com provides a Generic SIEM Connector, listed as the SIEM (Any Provider) connector. This connector delivers logs in JSON format over HTTP to any SIEM or logging system that accepts that method. It works in cloud-based or on-premises environments and ingests logs without custom collectors or file-based transfers.

Within the SIEM platform, delivered logs can be analyzed alongside other system and application logs. The data is commonly used to monitor authentication activity, file uploads and downloads, configuration changes, automation activity, and connection failures. SIEM platforms apply correlation rules, alerts, and dashboards to support monitoring, investigation, and operational analysis.

Log File Streaming

Log File Streaming writes audit and activity logs to timestamped files at a configured interval. Files are written in JSON or CSV format and stored in a selected destination folder. The destination folder can be located anywhere on your site, including folders on Remote Server Mounts.

Log File Streaming supports workflows that rely on file-based access rather than real-time delivery. The files can be consumed by scheduled processing jobs, used for historical analysis or audits, retained for extended periods, or ingested into analytics systems that operate on batch files.