Your security events, in your SIEM
LoginMaster sends all authentication and security events directly to your SIEM. Three integration methods, ten compatible platforms, zero complex configurations.
Three integration methods
Choose the method that best fits your infrastructure. LoginMaster supports the main communication standards for SIEMs.
Webhook JSON
LoginMaster sends events in real time to your SIEM via HTTPS. Just configure your endpoint URL and events will arrive instantly.
- Real-time push via HTTPS
- Structured JSON payload
- Single URL configuration
- Automatic retry on failure
Syslog CEF/TLS
Event delivery in standard CEF (Common Event Format) over encrypted TLS connection. Natively compatible with most enterprise SIEMs.
- Industry-standard CEF format
- Encrypted TLS connection
- Native SIEM compatibility
- Automatic event parsing
REST API
Your SIEM queries LoginMaster to retrieve events on-demand. Ideal for platforms that prefer the pull model or for custom integrations.
- On-demand pull model
- Event filtering by type and date
- Pagination and rate limiting
- API key authentication
Compatible with leading SIEMs
LoginMaster has been tested and validated with the most widely adopted SIEM platforms on the market. If your SIEM is not listed, contact us to verify compatibility.
Splunk
Enterprise Security and SOAR
IBM QRadar
SIEM and threat intelligence
Microsoft Sentinel
Cloud-native SIEM on Azure
Elastic SIEM
SIEM on Elastic Stack (ELK)
Google Chronicle
SecOps and threat detection
Micro Focus ArcSight
Enterprise SIEM and compliance
LogRhythm
SIEM and SOC automation
Wazuh
Open source SIEM and XDR
Sumo Logic
Cloud SIEM and analytics
Datadog Security
Monitoring and security analytics
Event catalog
LoginMaster tracks and sends all security-relevant events to your SIEM. Here are the main event categories available.
Authentication
Login, logout, failed attempts, account lockouts, password resets, and access from new devices.
2FA Verification
2FA activation and deactivation, successful and failed verifications, backup code generation.
Sessions
Session creation, renewal, revocation, and expiration. Multiple sessions and sessions from anomalous IPs.
Administration
User modifications, role assignments, project configuration updates, and API key management.
Security
Detected brute-force attempts, access from suspicious IPs, access pattern anomalies, and policy violations.
How it works
Integrating LoginMaster with your SIEM takes three simple steps.
Configure the connector
From the LoginMaster dashboard, choose the integration method (Webhook, Syslog, or API) and enter your SIEM parameters.
LoginMaster sends the events
Once activated, LoginMaster automatically starts sending all security events to your SIEM in the chosen format.
Your SIEM receives them
Events appear in your SIEM ready to be correlated, analyzed, and used in your detection and alerting rules.
Frequently Asked Questions
LoginMaster is compatible with Splunk, IBM QRadar, Microsoft Sentinel, Elastic SIEM, Google Chronicle, ArcSight, LogRhythm, Wazuh, Sumo Logic, and Datadog Security. Thanks to standard protocols (Webhook JSON, Syslog CEF, REST API), it can integrate with any SIEM that supports these formats.
No. LoginMaster sends events directly to your SIEM via standard protocols. No agent, collector, or additional software needs to be installed on your infrastructure.
Yes. All integration methods use encrypted connections. Webhooks travel over HTTPS, Syslog uses TLS, and REST APIs are protected by HTTPS and API key authentication.
Yes. From the LoginMaster dashboard, you can configure which event categories to send to your SIEM: authentication, 2FA, sessions, administration, security. You can also filter by severity or by specific project.
Basic configuration takes just a few minutes: choose the integration method, enter your SIEM parameters, and activate the connector. Our team is available to support you with more complex configurations.
LoginMaster implements an automatic retry mechanism with exponential backoff. Events are buffered and re-sent as soon as the SIEM becomes reachable again, ensuring no event is lost.
Ready to connect LoginMaster to your SIEM?
Request a personalized demo and we'll show you how to integrate LoginMaster with your SIEM in minutes.