Integrating Alerts in SIEM Products
ObserveIT alerts can be easily integrated into an organization's existing SIEM system, providing real-time alerting and reporting capabilities.
The log file from ObserveIT activity alerts can be exported for integration into SIEM monitoring software. Third-party monitoring and management tools (such as, Microsoft System Center Operation Manager, IBM QRadar, HP ArcSight, Splunk, McAfee SIEM/ELM) can parse the ObserveIT log file, and create events, triggers, and alerts, based on text strings of information that appear inside the log file.
In this version of ObserveIT, integration is provided with the HP ArcSight SIEM monitoring software, by enabling the export of ObserveIT log data in ArcSight CEF format. For details, see Integration using CEF Logs.
ObserveIT data can also be integrated into SIEM monitoring software by providing the log data in database API format. For instructions, please refer to Integration using ObserveIT RESTful API.
Following is an example of an activity dashboard showing alerts that can be viewed and analyzed in the "Splunk" SIEM monitoring software.
From this dashboard view, by clicking the Video icon, you can link directly to the session's video recordings at the exact location where the alert was generated.