SIEM Events
SIEM Events record the outcome of each attempt to deliver log data to your configured SIEM integration. Use these logs to verify that your SIEM destination is receiving data and to diagnose delivery failures.
We retain these logs for 90 days.
Event Types
SIEM events record each delivery attempt to an HTTP-based SIEM destination. A success event confirms that data reached the SIEM provider. A failure event indicates that the delivery did not complete and includes error details.
Admin Email Alerts
Site Administrators can receive email alerts for SIEM delivery failures through the SIEM failures preference in their account settings. This preference covers failure and partial-failure events.
Details Recorded in SIEM Events
Each SIEM Event entry includes the following columns.
| Column | Details |
|---|---|
| ID | ID of the event. Click on the ID to see more details. |
| Status | Status of the delivery attempt: Success, Failure, or Partial_failure. |
| SIEM Destination | The SIEM destination that the delivery was attempted to. |
| Date | Time the event occurred. |