This feature is available ✔️ for:
Role: Subscription Owner
Plan: Enterprise
SIEM stands for Secure Information & Event Management and it refers to softwares which support threat detection, compliance and security incident management through the collection and analysis of security events, as well as a wide variety of other event and contextual data sources. The main goal of such services is to provide a near real-time detection of security threats based on the defined alerts.
📝 Note: Before you enable the SIEM integration in your Tresorit subscription you need to sign the Data Processing Agreement, which you can find under the Billing tab in your Admin Center.
With the integration to SIEM providers our approach is to forward a selected set of events to the dedicated provider of our customer. The events can be selected during the configuration flow on the Settings tab of your Admin Center. The required events can be modified.
The currently available event groups:
- User Activity (e.g. login & logout related events)
- Domain User Management (e.g. invite, suspend, delete actions)
- Admin Activity (e.g. integration setups, policy modifications)
We currently support the log forwarding towards Microsoft Sentinel, for the setup documentation please visit How to integrate to Microsoft Sentinel.
💡 Are you using another provider? Submit a request directly in your Admin Center.