Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Security Information and Event Management (SIEM) integration

Author: Government Digital Service

Security Information and Event Management (SIEM) integration

Direct integration with your organisation’s SIEM tool will allow you to receive all the misconfiguration and vulnerability data collected by DNS Check and the Vulnerability Monitoring Service.

You’ll be able to create automatic alerts about the issues we share with you and view them on a dashboard to make it easier to monitor, prioritise and respond.

Benefits of using SIEM integration

With this service, you can:

  • automatically create alerts for domain misconfigurations and vulnerability issues
  • send alerts to the right teams
  • triage quickly to prioritise and resolve problems efficiently
  • help your SOC team locate issues easily, reducing investigation time
  • build clear dashboards to monitor activity and generate reports
  • access guidance and support from the domain and vulnerability knowledge base

What SIEM integration does

SIEM integration gives you visibility of all the vulnerabilities that we collect through DNS Check and the Vulnerability Monitoring Service.

Monitoring occurs throughout the day. If you are using an API, you will always collect the most current data.

If you collect data from an S3 bucket, the data will be updated every 6 hours.

Available SIEM tool integrations

We provide integration guidance for:

  • Microsoft Sentinel
  • Splunk
  • Logpoint
  • CymruSOC members

We select integrations where the SIEM is able to ingest data without substantial changes to our export formats and through our common paths which are:

  • API
  • AWS Simple Queue Service (SQS) and S3 bucket
  • AWS S3 bucket directly

We can also help you with the implementation to make sure the data feed is presented correctly and any dashboards and alerts are set up properly.

GDS cannot customise data for individual organisations and you will only be able to see your own organisation’s data feed.

Register for SIEM integration

To get started, complete our online registration form. A member of the team will get in touch to help you get set up.

During registration, you’ll be asked if you want to sign up for both SIEM integration and the Vulnerability Monitoring Service.

We recommend choosing both services so we can provide a more comprehensive scan of your domains and help you stay ahead of potential risks.

Actions for your team

To keep your SIEM integration running smoothly and ensure vulnerabilities are addressed quickly, you should:

  • maintain your SIEM environment so that it can receive and action alerts from the data feed
  • make sure your security team monitors and acts on high and critical priority vulnerabilities
  • tell us about any changes to your registered domains and sub-domains
  • report any data feed issues promptly to GDS
  • provide GDS with an up to date contact list in case of issues

Reporting issues

If you have any issues with the data feed, you can report them by emailing  support@domains.gov.uk, for example:

  • service disruptions
  • unusual alert patterns
  • false positives
  • miscategorised issues, or issues with the wrong impact rating

We will manage any issues you report using our internal management processes. We aim to resolve urgent issues as quickly as possible. We’ll give you a clear timeline for resolving any issues you report.

Support from our team

We’ll keep you informed about any changes that could affect your SIEM connection, such as updates to data formats, dashboards, or feed timings.

We will support you by:

  • monitoring UK public sector domains
  • providing regular, prioritised vulnerability data
  • making sure our data feed to your SIEM is stable and secure
  • responding in a timely way to any issues you report
  • offering you technical guidance on managing vulnerabilities

Contact

If you need more information email support@domains.gov.uk

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now