The connectors are the entry point for alerts into Siemplify. Their goal is to translate raw input data coming from multiple sources into Siemplify data. The connectors get alerts (or equivalent data – e.g. alarms, correlation events, TI hit-lists etc) from 3rd party tools and forward normalized data into the Data Processing layer. Siemplify platform provides out-of-the-box connectors for most popular security systems used today.

The component is based on in-house development framework that provides Python SDK to develop new connectors in a quick and easy way. The framework supports a variety of input data formats (CSV, JSON, XML, etc) and connection protocols (Files, RESTfull services, SysLog, etc).

The connector framework also provides a mechanism to filter noise data withing a time period (the Overflow Mechanism). This allows users to manage overflow alerts in an easier way.

Key Points

  • The connectors framework supports a variety of input formats (CSV, JSON, XML, etc) and connection protocols (Files, RESTfull services, SysLog, etc)
  • Multiple connector instances can run in parallel to allow scaling out
  • The framework and connector types can be extended with custom Python scripts
  • The Overflow Mechanism – Helps manage noisy data with rule-based configuration
  • The Connectors are managed directly from Siemplify console

Need more help with this?
Click here to open a Support ticket

Thanks for your feedback.