Ingesting RapidIdentity logs into your SIEM/SOAR/MDR solution

There are three options for ingesting RapidIdentity logs into a SIEM (Security Information and Event Management) / SOAR (Security Orchestration, Automation and Response) / MDR (Managed Detection and Response) system(s)

• Using the syslog forward capabilities in RapidIdentity you can send an audit log to a syslog server.    To do this you will need to setup a bridge for your syslog server ip / port, and then use that bridge hostname when configuring where to send the syslog data.   Syslog transport is an industry standard for consuming log data.   If your log aggregation point is on-premise you can simply forward directly to the solution,  If your log aggregation point is in the cloud you will want a robust mechanism to forward those logs and add TLS support.   We recommend working with your SIEM/SOAR/MDR vendor for recommended best practices.  Syslog Configuration details how to configure RapidIdentity for this.

• You can also use the RapidIdentity Security Connector to support this integration.  Once you license the Security Connector our team will turn on this Pub/Sub API

• You can utilize our K-12 specific SIEM/SOAR solution called Security Manager.