Configure integration with SIEM

The Automation Anywhere Control Room supports integration with security information and event management (SIEM) tools for forwarding audit events generated in your Automation Anywhere Control Room. The events are forwarded using the http(s) protocol.

Note:

The mark and logo of Splunk, Sumo Logic, and the Radar are trademarks or registered trademarks of Splunk, Sumo Logic, and Radar, respectively, and are used for identification purposes only.

Important: SIEM integration is supported only on Automation Anywhere hosted Cloud Control Room.

With SIEM integration, audit events generated in your Automation Anywhere Control Room can be sent to analytic tools, such as Splunk, Qradar, Sumologic, and ArcSight. By pushing audit events to SIEM tools, you can leverage the advanced searching and reporting features of SIEM solutions. SIEM integrationFor example, the step-by-step approach for integrating Sumo Logic as SIEM provider is shared below. Use a similar procedure to integrated with any other SIEM solution.

Note:
  • The value in the Event attribute (for example, audit or message) on the SIEM Integration Configuration page serves as a key to find the audit events sent to your SIEM solution. All audit events will be recorded under this category.
  • The following HTTP headers are sent as part of all the audit events that are forwarded to your SIEM solution. Therefore, do not include them as part of the key value pair associated with any audit event:
    • Content-Type: application/json
    • Accept: application/json
.