# SIEM Integration

{% hint style="info" %}
This feature is available in the **Premium plan and higher**.
{% endhint %}

SIEM Integration enables secure and efficient log forwarding to your Security Information and Event Management (SIEM) system for analysis and threat detection. Data is transmitted in 1-minute intervals, ensuring timely delivery and processing. Additionally, our [API Integration](https://support.goodaccess.com/configuration-guides/features/api-integration) allows SIEM systems to take automated actions, such as blocking users when threats are detected.

## Prerequisites

* A SIEM system that supports the **JSON** log format and can receive logs via **Syslog (UDP, TCP, or TCP with TLS)**.

## Configuration guide

{% hint style="info" %}
Please refer to your SIEM system's documentation for details on port/protocol you should use.
{% endhint %}

[Log in to the GoodAccess **Control Panel**, and go to **Settings** > **SIEM**.](https://app.goodaccess.com/siem/)

Check **Enable SIEM Integration**, and connect your SIEM system.

* **Host** - Enter your SIEM system's Hostname/IP
* **Port** - Specify the port number used for communication
* **Protocol -** Choose between:
  * TCP
    * When using TCP, we strongly recommend enabling encrypted communication via **TLS**. To enable TLS, upload a valid **CA certificate**.
  * UDP
* **Data exported to SIEM** - Choose from:
  * Admin Logs
  * Threat Blocker Logs
  * Device Posture Check Logs
  * Gateway Access Logs

Click **Save**.

<figure><img src="https://418253935-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FiJ406Lpi9EKoWDi7GFL7%2Fuploads%2Ft63diV429JKvcqeAL7Cr%2FFeatures_SIEM_Integration_01.PNG?alt=media&#x26;token=1f9d1c52-cdb7-45e6-bed6-9b6306baa049" alt="SIEM Integration setup wizard."><figcaption><p>SIEM Integration setup wizard</p></figcaption></figure>

You have now successfully set up the integration between GoodAccess and your SIEM system.