Platform
Integrations
SIEM Integrations
Overview

SIEM Integrations

SIEM (Security Information and Event Management) integrations allow NordStellar to forward your security findings directly into your SIEM platform, so your security team can monitor, correlate, and respond to external threats alongside the rest of your security telemetry.

Instead of logging in to the NordStellar platform to review new findings, your SIEM receives them automatically and in near real time. This lets your SOC build alerts, dashboards, hunting queries, and automated response playbooks around NordStellar data using the tools they already work in.

What Gets Sent

Once a SIEM integration is enabled, NordStellar forwards new alert findings as structured JSON events. The finding types include:

  • Leaked credentials — exposed employee and customer credentials
  • Data breaches — company data exposed in third-party breaches
  • Malware infections — credentials and data captured by info-stealer malware
  • Dark web activity — mentions across forums, Telegram channels, ransomware leak sites, and marketplaces
  • Domain permutations — typosquatting and look-alike domains used for impersonation or phishing
  • Consumer credentials — exposed customer account credentials
  • Attack surface vulnerabilities — issues detected on your external attack surface across web applications, network services, and DNS
ℹ️

Only findings that generate an alert are forwarded to your SIEM. Each event is delivered as a structured JSON record containing the finding details and the time it was detected.

Common Concepts

All SIEM integrations on NordStellar share a few common configuration options:

  • Integration name: A descriptive label to help you identify the integration.
  • Project scope: You can apply the integration to all projects in your organization, or limit it to specific selected projects. When set to all projects, the integration automatically includes any projects added in the future.
  • Send existing events: When you first connect an integration, you can optionally backfill historical findings from a chosen start date, in addition to receiving all new findings going forward.
  • Include consumer credentials' passwords: Controls whether plaintext passwords from consumer credential findings are included in the forwarded events. Leave this off if you do not want passwords leaving the platform.
ℹ️

Only users with Organization Admin permissions can set up or manage SIEM integrations.

Available Integrations

Please follow the detailed guide for the SIEM platform you wish to integrate.

Microsoft Sentinel Integration
OktaMicrosoft Sentinel
NordStellar © 2026Privacy Policy