> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rad.security/llms.txt
> Use this file to discover all available pages before exploring further.

# SIEM Integrations

> Forward security events and logs from RAD Security to your SIEM platform.

Integrate RAD Security with your Security Information and Event Management (SIEM) platform to centralize security monitoring and correlation.

## Benefits

<CardGroup cols={2}>
  <Card title="Centralized Monitoring" icon="chart-line">
    Consolidate RAD Security events with other security data sources
  </Card>

  <Card title="Advanced Correlation" icon="diagram-venn">
    Correlate runtime security events with network, endpoint, and cloud logs
  </Card>

  <Card title="Compliance Reporting" icon="file-check">
    Aggregate logs for compliance requirements and audit trails
  </Card>

  <Card title="Long-term Retention" icon="database">
    Store security events in your SIEM for extended retention periods
  </Card>
</CardGroup>

## Supported Integrations

<AccordionGroup>
  <Accordion title="Splunk Enterprise" icon="s">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/siem/splunk-enterprise-setup)

    Forward RAD Security events to Splunk Enterprise for advanced analytics and correlation.

    **Key Features:**

    * HTTP Event Collector (HEC) integration
    * Bi-directional data flow
    * Query API support
    * Advanced correlation
  </Accordion>

  <Accordion title="CrowdStrike Falcon NextGen SIEM" icon="crow">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/siem/crowdstrike-falcon-nextgen-siem-setup)

    Stream security events to CrowdStrike Falcon NextGen SIEM for unified threat analysis.

    **Key Features:**

    * Bi-directional data flow
    * OAuth2 authentication
    * HEC data ingestion
    * Advanced threat correlation
  </Accordion>

  <Accordion title="Google Security Operations" icon="google">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/siem/google-security-operations-setup)

    Connect your Google Security Operations (Chronicle) instance for cloud-native threat detection and investigation.

    **Key Features:**

    * Service account authentication
    * Least-privilege custom IAM role
    * UDM event search
    * Optional event ingestion
  </Accordion>

  <Accordion title="Microsoft Sentinel" icon="microsoft">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/siem/microsoft-sentinel-setup)

    Pull security alerts and events from your Microsoft Sentinel workspace for unified, offline threat analysis.

    **Key Features:**

    * Entra ID OAuth client credentials
    * Least-privilege read-only access
    * Native alert and event sync
    * ASIM-normalized table queries
  </Accordion>

  <Accordion title="Rapid7 InsightIDR" icon="chart-line">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/siem/rapid7-insightidr-setup)

    Connect with Rapid7 InsightIDR for user behavior analytics and incident detection.

    **Key Features:**

    * User behavior analytics
    * Attacker behavior detection
    * Automated investigation
    * Incident response
  </Accordion>
</AccordionGroup>

## Event Types

RAD Security can forward the following event types to your SIEM:

<Accordion title="Runtime Security Events">
  * Process executions
  * Network connections
  * File system access
  * Container activities
  * Kubernetes events
</Accordion>

<Accordion title="Threat Detection Events">
  * Anomaly detections
  * Policy violations
  * AI agent activities
  * Suspicious behaviors
  * Attack indicators
</Accordion>

<Accordion title="Platform Events">
  * User activities
  * Configuration changes
  * Integration status
  * System health
</Accordion>

## Getting Started

<Steps>
  <Step title="Configure SIEM Endpoint">
    Set up a data ingestion endpoint in your SIEM platform
  </Step>

  <Step title="Add Integration">
    Configure the SIEM integration in RAD Security's Data Sources
  </Step>

  <Step title="Select Event Types">
    Choose which event types to forward to your SIEM
  </Step>

  <Step title="Test Connection">
    Verify events are being received and parsed correctly
  </Step>
</Steps>

## Next Steps

<CardGroup cols={2}>
  <Card title="Alerts & Incidents" icon="bell" href="/rad-security/platform/workspace">
    Configure alert rules and incident management
  </Card>

  <Card title="Data Sources" icon="database" href="/rad-security/integrations/data-sources">
    Connect additional data sources
  </Card>
</CardGroup>