What is the recommended method to pull Deep Security events into a SIEM product?

The recommended method to pull Deep Security events into a SIEM product is by pulling directly from Deep Security Manager using Web Services APIs. This approach allows for real-time data access and integration, enabling the SIEM to gather event data accurately and efficiently. Using APIs facilitates automated data retrieval, ensuring the SIEM can continuously receive updates and alerts regarding the security posture, without manual intervention.

Utilizing Web Services APIs also provides granular control over the data being requested, allowing users to tailor the information to their specific needs, such as filtering events by severity, type, or date range. This integration supports more dynamic and responsive security operations than other methods.

While other methods like using an external log collector or syslog servers can be effective in certain contexts, they may introduce latency or require additional configuration that can complicate the integration process. Sending events via email is generally not a scalable solution for large amounts of data and does not provide the richness of interaction that a direct API connection offers. Therefore, leveraging APIs is the most efficient and robust method for integrating Deep Security events with a SIEM system.