Configure integration with SIEM

The Automation Anywhere Control Room supports security information and event management (SIEM) tools ingesting logs from your tenant's Audit logs.

Note:

The Splunk mark and logo, the Sumo Logic mark and logo, and the Radar mark and logo are trademarks or registered trademarks of Splunk, Sumo Logic, and Radar, respectively, and are used for identification purposes only.

Important: SIEM integration is supported only on Cloud deployments.
With SIEM integration, audit logs can be sent to analytic tools, such as Splunk, Qradar, Sumologic, and ArcSight. By pushing audit log entries to SIEM tools, you can integrate and leverage the advanced searching and reporting features of SIEM solutions. When configured, the Control Room audit logs are forwarded to the configured SIEM server.
SIEM Integration
Configure a SIEM server step by step so that Automation 360 sends the audit messages to the SIEM server. In the following example, Sumo Logic is used as the SIEM provider. Use the same procedure to configure any other SIEM server.
Note: The Event attribute value on the SIEM Integration Configuration page, when you configure a SIEM server in the Control Room, is defined by the SIEM providers. Contact your SIEM providers for this value.