Forum Discussion
Antony_Hawkins
12 months agoEmployee
You could create a datasource to query the logs and push them to your SIEM’s API log ingestion endpoint (assuming it has one). You would want to use the script cache to carry forward the timestamp of the last log sent during the previous poll. You can use this as an example.
That’s for Audit logs or Collector logs, I presume?
There is no API endpoint to extract logs from LM Logs.
For the Audit Logs question, there is also a Community LogSource, “LM Audit Logs”, Locator: 43W643, that may be of interest.
Related Content
- 30 days ago
- 4 months ago
- 4 months ago