Streaming data from IBM Cloud Logs to SIEM tools
You can stream data from IBM Cloud Logs to other corporate tools such as Security Information and Event Management (SIEM) tools.
Streaming is handled by integrating IBM Cloud Logs with Event Streams.
See Streaming data for information about streaming.
You can use Event Streams with IBM Cloud Logs to stream and manage log data. Event Streams is a scalable, managed Apache Kafka service that lets applications send data by creating messages and sending them to a topic. Applications can subscribe to these topics to receive messages, enabling real-time data processing and analytics.
See Integrating IBM Cloud Logs with Event Streams for information about configuring the integration.
To connect to your Event Streams instance, you need the endpoint URLs for the APIs and the credentials for authentication.
To establish a connection, clients must be configured to use SASL PLAIN or SASL OAUTHBEARER over TLSv1.2 at a minimum and to require a username, and a list of the bootstrap servers. TLSv1.2 ensures that connections are encrypted and validates the authenticity of the brokers (to prevent man-in-the-middle attacks). SASL enforces authentication on all connections. For more information, see Configuring your Kafka API client.