Log Management

SIEM/SEIM/SOAR Integration

SurePassID Universal MFA integrates with security information, event management, security orchestration, automation, and response tools.


Security Information and Event Management (SIEM) or Security Event and Information and Management (SIEM) tools collect log and event data that is generated by host systems, security devices, and applications and collate it on a centralized platform. SIEM/SEIM tools sort the data into categories, such as ransomware activity, failed and successful MFA logins, and other potentially malicious activity. When SIEM/SEIM tools identify a potential security issue, an alert is generated, triggering an automated or human response based on security policies.

Security Orchestration, Automation and Response (SOAR) platforms are a collection of security software solutions and tools for browsing and collecting data from a variety of sources. SOAR solutions then use a combination of human and machine learning to analyze this diverse data in order to comprehend and prioritize incident response actions.

How SurePassID works with SIEM/SEIM/SOAR tools

SurePassID Universal MFA uses Event Log Synchronization (ELS) to securely pull MFA audit trail events and integrate them with an SIEM tool. ELS filters specify the MFA event types that are eligible to be pulled. The ELS application is installed on your servers and is a component of the SurePassID Local Agent.

The following MFA event types can be synchronized to a SIEM tool:

  • Severe
  • Warning
  • Success
  • Action Required
  • Informational

The Event Log Sync Application uses https for transport security by default. If more security is needed, PKI and X.509 certificates can be used.

Event Log Synchronization Syntax

EventLogSync -ln=loginname -lp=loginpassword

loginname: is your SurePassID account login name
loginpassword: is you SurePassID account login password

Automate MFA Logging

Securely integrate MFA events with your SIEM tool – automatically. No manual steps or workarounds are needed.

Take Action in Real-Time

MFA prevents 99.9% of cyber attacks, but action-required alerts still require action. Enable your admins to respond in real-time.

Comply with Security Audits

By integrating SurePassID with your SIEM tool, you benefit from a full audit trail of MFA events for any given time period.

Ready to experience the SurePassID difference?

Contact us and bring our MFA expertise to bear on your unique requirements. Or begin our free trial and see how easy it is to secure your universe with SurePassID Universal MFA.

Contact Us
Start Your Free Trial