Global Rail / Console docs
PlatformPricingSign in
Integrations

SIEM

Forward Console events to Splunk, Sentinel, or any syslog-compatible SIEM.

Formats

  • HEC-compatible JSON for Splunk.
  • Log Analytics for Microsoft Sentinel.
  • RFC 5424 syslog over TLS for everything else.

Event types

Authentication, role changes, run lifecycle, finding lifecycle, evidence exports. The full schema is documented under Reference.