Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
What is an Agent?What is a Policy?Working with Agents - OverviewWorking with Policies - OverviewHow to Assign a PolicyHow to Bulk Assign a PolicyHow to Assign Tags to an AgentHow to Remove an AgentHow to Bulk Assign Watcher PolicyHow to Work with Activity Watcher Policies
How to Create a Policy
How to Create a New Policy Using the Create Policy WizardAbout Results Storage ModeHow to Create a Policy Using the Wizard - Agent Operations - Advanced OptionsHow to Create a Policy Using the Wizard - Additional SettingsHow to Create a Policy Using the Wizard - Additional Settings - Advanced OptionsHow to Create a Policy Using the Wizard - Local Reporting OptionsWhat Log Settings can affect the HIPAA Audit Trail?How to Create a Policy Using the Wizard - Local Logging OptionsHow to Create a Policy Using the Wizard - Local Logging - Advanced OptionsWhat settings in Spirion Sensitive Data Platform impact HIPAA compliance?What Log Settings can affect the GDPR Audit Trail?What settings in Spirion Sensitive Data Platform impact GDPR Compliance?Can Spirion Sensitive Data Platform integrate with SIEM for Audit Log Management?How do I Configure Agent-side Masking for GDPR?What Log Settings can Affect the PCI DSS Audit Trail?What Log Settings can Affect the FERPA Audit Trail?What Log settings can Affect the CMMC audit trail?What Log Settings can Affect the NIST Audit Trail?
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

Can Spirion Sensitive Data Platform integrate with SIEM for Audit Log Management?

Spirion Sensitive Data Platform (SDP) can integrate with SIEM (Security Information and Event Management) platforms for audit log management and security incident handling.

Spirion provides several pathways to export its rich discovery and audit data into tools like Splunk, Microsoft Sentinel, LogRhythm, and QRadar.

1. Web API Integration (The Primary Method)

Spirion SDP exposes a Web API specifically designed to allow SIEMs to "pull" data from the platform.

  • Audit Logs: You can consume audit logs that track user activity, login events, and administrative changes within the console.
  • Match Data: You can export metadata about sensitive data findings (what was found, where, and when) to correlate with other security events in your SIEM.
  • Remediation History: The API provides a record of actions taken (e.g., Shred, Quarantine, Redact), which is essential for proving compliance during an audit.

2. Splunk Integration

Spirion has a dedicated focus on Splunk integration:

  • Spirion for Splunk App: There is a pre-built application that helps visualize Spirion metrics and findings directly within the Splunk dashboard.
  • Splunk Enterprise Security (ES): Spirion can feed data into Splunk ES to help security analysts triage sensitive data "leaks" as security incidents.
  • Pull Architecture: The integration is typically architected for Splunk to pull data from the Spirion API, ensuring a secure and controlled data flow.

3. Playbook-Driven Integration (Webhooks & Scripts)

For real-time alerting and custom workflows, you can use Spirion Playbooks:

  • Execute Script: You can configure a Playbook to run a custom script whenever sensitive data is found in a high-risk location. This script can then send a formatted alert (via Syslog or a REST API call) directly to your SIEM.
  • Webhooks: Playbooks can trigger webhooks to notify external systems of specific findings or remediation events.

4. LogRhythm and Other SIEMs

Spirion supports integration with LogRhythm and other platforms via the SDP Integration Layer.

  • Use Case: Transferring a subset of scan results to the SIEM for triage and security incident handling.
  • Forensics: Aggregating logs from SDP to the SIEM for use in long-term forensic investigations and compliance reporting.

Why Integrate Spirion with your SIEM?

  • Correlated Security: See if a user who just downloaded a large amount of sensitive data (detected by Spirion) is also showing unusual login behavior (detected by your SIEM).
  • Centralized Compliance: Maintain a single "Source of Truth" for all your compliance audit trails (GDPR, HIPAA, PCI DSS) by aggregating Spirion's remediation logs with your other security logs.
  • Faster Incident Response: Automatically create a ticket in your SOC (Security Operations Center) the moment Spirion finds unprotected PII on a public-facing server.

Recommendations

  • Use the API for Audit Logs: For long-term compliance storage, use the Web API to regularly pull audit logs into your SIEM.
  • Mask Data Before Export: Ensure that any "Match Evidence" being sent to the SIEM is masked (redacted) so that you don't inadvertently move sensitive PII/PHI into your SIEM's database.
  • Start with High-Risk Alerts: Don't send every Spirion finding to your SIEM, as it can create excessive noise. Use Playbooks to only send alerts for "Critical" or "High" risk findings.

Summary

Spirion SDP is designed to be a key component of your security ecosystem. Through its Web API, dedicated Splunk App, and Playbook automation, it provides the flexibility to integrate with any modern SIEM for comprehensive audit log management and enhanced data security.

Was this article helpful?

Powered by Product Fruits