Security logs (SIEM) FAQ
Check the list of frequently asked questions (FAQs) about Security Information and Event Management (SIEM) logs in DataStream 2:
| Question | Answer |
|---|---|
| Is there any difference between the data received from SIEM API and security logs in DataStream 2? | No. The DataStream 2 SIEM solution sends the data using the same schema as for the SIEM API. This allows you to seamlessly migrate to DataStream with your existing event parser. See the SIEM API schema on GitHub. DataStream offers additional features, such as delivery retry in case of data upload failure, uploading logs to third-party destinations with custom headers and dynamic variables in filenames, mTLS authentication, and log data localization for data stored and processed within the European Union (EU). |
| Does fetching data from the SIEM API impact my security log streams in DataStream 2 and vice versa? | No. You can use both solutions simultaneously without impacting each other, as long as collecting data for SIEM integration is enabled in your security configuration. |
| I stopped using the SIEM API to fetch events, can I disable SIEM integration data in my security config? | No. DataStream requires keeping SIEM integration data enabled in your security configuration. |
| I configured some exceptions in the SIEM settings. Do they work with DataStream security logs? | Yes. Your security configuration controls what events are logged in your DataStream security logs. |
| Some of the SIEM API data fields are Base64-encoded. Can I fetch them as text in security logs? | No. Security logs in DataStream use the same schema as the SIEM API. Some fields may be Base64-encoded to ensure special characters (including those used in the attack) are properly logged. |
Updated about 24 hours ago