Hello,
I am looking to see if anyone is integrating their NetWrix products with SIEM for cybersecurity monitoring purposes. Really looking for integrating with Elastic, but want to see how others are doing this generically.
1 Like
Hello 
,
I’m a developer so I don’t interact with customer setups very often, but from what I heard SIEM integration is pretty widely used in Threat Manager.
When working on formatting Entra ID messages in SIEM, I used Splunk Entreprise Security to check my results.
On that setup I had it working using the LEEF template.
I saw your post and links about Elastic, thank you that’s super interesting 
, having a look at these.
2 Likes
Hey Nicholas,
As Ashley mentioned, many organizations leverage SIEMs to consume data from Netwrix products. Alerts from Netwrix Threat Manager and the raw Active Directory events from Netwrix Threat Prevention are definitely high on the list of event types organizations send to their SIEMs.
Thanks!
1 Like
Sounds great! Would enjoy hearing from the consumers on how well that works and if any have attempted Elastic ingest yet. Thanks!