We will be closed Monday, September 1st in observance of the U.S. Labor Day holiday. More info »

SIEM Integration

SIEM Integration | CEF / Syslog

Secret Server logs events to Security Information and Event Management (SIEM) platforms that support CEF or Syslog formats.

These events can be correlated on the SIEM side so administrators can be alerted when specific events occur on the system. When an administrator sets up a filter for events such as Unlimited Administration being turned on, user lockout, heartbeat failure or Secret expiration, the events are logged with different alert levels depending on their severity.

ArcSight, Splunk, and LogLogic are some of the SIEM and Log Management tools that work with Secret Server. Most SIEM and Log Management tools support Syslog format and are therefore compatible with Secret Server.

Thycotic is an official technology partner with Splunk. There is a Secret Server app in the Splunk apps store which aggregates the data coming from Secret Server around privileged account activity and presents the information in the Splunk dashboard.

Thycotic is also an ArcSight CEF certified partner. (screenshot below)

CEFFull