Forward Audit Events to Your SIEM
DB Audit integrates with leading Security Information and Event Management platforms to provide unified visibility across your security operations. Forward database audit events in real-time with intelligent batching and filtering.
Real-Time Streaming
Events are forwarded within seconds of capture with intelligent batching for optimal performance.
Flexible Filtering
Filter events by type, severity, and database to send only relevant data to your SIEM.
Reliable Delivery
Automatic retries, dead letter queues, and delivery confirmation ensure no events are lost.
Common Configuration Options
All SIEM integrations support these common configuration fields in addition to provider-specific settings.
| Field | Type | Description |
|---|---|---|
| event_types | multiselect | Types of events to forward: audit_events, alerts, ai_detections, policy_violations, classification_findings |
| severity_filter | multiselect | Filter events by severity: critical, warning, info |
| database_filter | array | Limit forwarding to specific databases |
| batch_size | number | Number of events per batch (1-1000), default: 100 |
| flush_interval_seconds | number | Batch flush interval (5-300 seconds), default: 30 |
| retry_attempts | number | Number of retry attempts on failure, default: 3 |
Supported SIEM Platforms
Splunk
Send audit events via HTTP Event Collector (HEC) to Splunk Enterprise or Splunk Cloud.
Microsoft Sentinel
Forward events to Azure Sentinel workspace using the Data Collector API.
IBM QRadar
Integrate with IBM QRadar SIEM for advanced threat detection and correlation.
Elastic Security
Stream events to Elasticsearch for analysis with Elastic Security and Kibana.
CrowdStrike Falcon
Enhance endpoint protection with database activity context in Falcon LogScale.
Palo Alto Cortex XSIAM
Forward database events to Cortex XSIAM for AI-powered security operations.
Google Chronicle
Send events to Chronicle Security Operations for threat detection at scale.
AWS Security Hub
Consolidate database security findings with AWS Security Hub.
Datadog Security
Monitor database activity alongside infrastructure with Datadog Security Monitoring.
Sumo Logic
Ingest audit logs to Sumo Logic for cloud-native security analytics.
ServiceNow SecOps
Create security incidents from database alerts in ServiceNow Security Operations.
SentinelOne
Correlate database activity with endpoint data in SentinelOne Singularity.
Trellix
Feed database audit events to Trellix XDR for extended detection and response.
LogRhythm
Integrate with LogRhythm SIEM for log management and security analytics.
Event Types
Choose which types of events to forward to your SIEM platform.
All database queries, logins, schema changes, and access events.
Triggered alerts from configured rules and thresholds.
Anomalies and threats detected by AI/ML models.
Events that violate configured audit policies.
Data classification results for sensitive data discovery.
Event Format
Events are formatted in JSON with consistent structure across all SIEM integrations.
{
"timestamp": "2024-01-15T10:30:45.123Z",
"event_type": "audit_event",
"severity": "warning",
"source": {
"database": "production-postgres",
"db_type": "postgresql",
"host": "db.example.com",
"port": 5432
},
"actor": {
"user": "app_user",
"client_ip": "10.0.1.50",
"application": "backend-api"
},
"action": {
"type": "SELECT",
"object": "customers",
"schema": "public",
"statement": "SELECT * FROM customers WHERE ...",
"rows_affected": 1500
},
"metadata": {
"session_id": "abc123",
"transaction_id": "txn_456",
"duration_ms": 125
},
"classification": {
"contains_pii": true,
"data_types": ["email", "phone"]
}
}
Ready to Integrate with Your SIEM?
Start forwarding database audit events to your security operations platform in minutes.