SIEM / Log Management Connectors¶
SIEM and log management connectors provide AI agents with access to centralized security event data, search and correlation capabilities, and orchestration workflows. Agents use these connectors to query logs, manage incidents, execute automated playbooks, and enrich investigations with correlated event data.
Most read operations in this category are LOW risk. Write operations such as creating correlation rules or modifying playbook configurations carry MEDIUM to HIGH risk depending on their blast radius.
| Connector | Operations | Risk Levels | Description |
|---|---|---|---|
| Splunk | 20 | LOW, MEDIUM, HIGH | Splunk Enterprise and Cloud operations for search queries, saved searches, alert management, and knowledge object administration |
| Splunk SOAR | 33 | LOW, MEDIUM, HIGH | Splunk SOAR (formerly Phantom) operations for playbook execution, container management, action runs, and asset configuration |
| Microsoft Sentinel | 31 | LOW, MEDIUM, HIGH | Microsoft Sentinel operations for incident management, hunting queries, analytics rules, watchlists, and automation rules |
| Google Chronicle | 27 | LOW, MEDIUM, HIGH | Google Chronicle SIEM operations for UDM search, entity lookups, detection rule management, and retrohunt execution |
| Elastic Security | 37 | LOW, MEDIUM, HIGH | Elastic Security operations for detection rules, alerts, timelines, exception lists, and Elasticsearch query execution |
| IBM QRadar | 33 | LOW, MEDIUM, HIGH | IBM QRadar operations for offense management, AQL searches, reference set manipulation, log source configuration, and rule tuning |
| Cortex XSOAR | 33 | LOW, MEDIUM, HIGH | Palo Alto Cortex XSOAR operations for incident management, playbook execution, indicator management, and war room interactions |
| Datadog Security | 30 | LOW, MEDIUM, HIGH | Datadog Security Monitoring operations for signal management, detection rules, log queries, and security dashboard management |
| Sumo Logic | 33 | LOW, MEDIUM, HIGH | Sumo Logic Cloud SIEM operations for insight management, log search, entity enrichment, and match list administration |
| Exabeam | 30 | LOW, MEDIUM, HIGH | Exabeam operations for notable event management, user timeline queries, watchlist management, and Advanced Analytics searches |
| CrowdStrike LogScale | 28 | LOW, MEDIUM, HIGH | CrowdStrike Falcon LogScale (formerly Humio) operations for log queries, dashboards, alerts, scheduled searches, and parser management |
| Securonix | 30 | LOW, MEDIUM, HIGH | Securonix SIEM operations for threat management, policy violations, Spotter search queries, and entity risk score lookups |
| Swimlane | 32 | LOW, MEDIUM, HIGH | Swimlane SOAR operations for record management, applet execution, dashboard queries, and workflow automation |