SIEM Log Forwarding¶
VaultStream supports real-time event streaming to Security Information and Event Management (SIEM) platforms.
Supported Formats¶
| Format | Transport | Use Case |
|---|---|---|
| Syslog (RFC 5424) | TCP/TLS | Splunk, ArcSight, QRadar |
| JSON Lines | HTTPS (webhook) | Sumo Logic, Datadog |
| CEF | Syslog | ArcSight, Micro Focus |
Configuration¶
- Navigate to Settings → SIEM in the Partner Portal
- Select your SIEM platform and format
- Provide the endpoint URL or syslog server address
- Choose event categories to forward
- Test the connection
- Enable forwarding
Event Categories¶
| Category | Recommended |
|---|---|
| Authentication events | Always |
| Administrative actions | Always |
| Content operations | Recommended |
| Playback events | Optional (high volume) |
| System health | Recommended |
Rate & Volume¶
Typical event volume: 500–5,000 events/hour per 1,000 active viewers, depending on category selection.
Contact your solutions architect for volume estimation for your deployment.