Working on standing up jumpcloud as a PoC. They have an API available for a SIEM to call out to it and pull back in logging info. I can’t find any info on creating an event source to be able to facilitate pulling that info into the platform. Has anyone here done anything similar (with jumpcloud or any 3rd party platform using an API)?
Hey Scott,
just like with any unsupported integration or event source, our Custom Log options are your best bet. We have the listen on network port, watch directory or tail file, or s3 bucket as common options for ingesting Raw Logs as they as for use in Dashboarding and Alerting.
It would mean scripting against the third party API to ingest these events through one of the custom log options.
David