SIEM

Security Information and Event Management (SIEM) systems collect and analyze logs from multiple systems to provide a centralized view of activity. By bringing together audit and event data from different sources, SIEMs support monitoring, alerting, investigation, and operational analysis across an organization.

Files.com provides two flexible ways to deliver audit and activity logs: direct SIEM integrations and log file streaming. Direct SIEM integrations stream logs to SIEM platforms so they can be correlated with other security and infrastructure data, used for monitoring, alerting, and investigation workflows. Log File Streaming writes logs to files in a folder on your site for file-based access, scheduled processing, and retention. Providing both options allows logs to be consumed either as near real-time events in a SIEM or as files for batch-oriented and archival workflows, depending on how the data is used.

Direct SIEM Integrations

Direct SIEM integrations deliver logs continuously to SIEM platforms for near real-time monitoring, analysis, and alerting. Files.com provides native integrations with SIEM platforms including Splunk, Microsoft Sentinel, Sumo Logic, Datadog, and New Relic, allowing logs to be streamed directly using supported ingestion endpoints.

For SIEM platforms that are not natively supported, Files.com provides a Generic SIEM Connector, listed as the SIEM (Any Provider) connector. This connector delivers logs in JSON format over HTTP to any SIEM or logging system that supports this method. It can be used in cloud-based or on-premises environments and allows logs to be ingested without requiring custom collectors or file-based transfers.

Within the SIEM platform, delivered logs can be analyzed alongside other system and application logs. This data is commonly used to monitor authentication activity, file uploads and downloads, configuration changes, automation activity, and connection failures. SIEM platforms apply correlation rules, alerts, and dashboards to support monitoring, investigation, and operational analysis.

Log File Streaming

Log File Streaming writes audit and activity logs to timestamped files at a configured interval. Files are written in JSON or CSV format and stored in a selected destination folder. The destination folder can be located anywhere on your site, including folders on Remote Server Mounts.

Log File Streaming is used for workflows that rely on file-based access rather than real-time delivery. These files can be consumed by scheduled processing jobs, used for historical analysis or audits, retained for extended periods, or ingested into analytics systems that operate on batch files.