Skip to main content
This section is a catalog. Pick a source, follow a short setup guide, then validate that:
  • logs are ingesting
  • dashboards populate (after provisioning)
  • alerting can be enabled (built-in or custom)
If you’re brand new, start with the guided checklist: Start here.

The mental model

Almost every integration follows this pattern:
  1. Ingest events (API integration or syslog)
  2. Store events in your SIEM datastore (Wazuh Indexer / OpenSearch-backed)
  3. (Often) build alerts in Graylog → alerts land in gl-events*
  4. CoPilot shows alerts in Incident Management → Alerts → operators open Cases

First-wave integrations

Network connectors (syslog)