SIEM & Log Forwarding

Exporting Authentication Logs Directly to your SIEM tool

In the Validia Platform, connecting your Know-Your-People verifications from Zoom, Microsoft Teams, and other video conferencing platforms is simple and efficient. Validia provides a straightforward API to retrieve identity verification logs and includes guidelines to help you import these logs into your preferred SIEM tool.

Coming Soon: Direct Links to Select SIEM Tools

Retrieving Logs

You can quickly and easily pull down your verification logs with the following command! (see API Setup for details on retrieving your access key)

CURL

curl -X GET \
  "https://api.validia.ai/siem-verifications?start_time={EPOCH_START_TIME}&end_time={EPOCH_END_TIME}&limit=1000" \
  -H "Authorization: Bearer {YOUR_ACCESS_TOKEN}"

Python

import requests

url = "https://api.validia.ai/siem-verifications"
headers = {
    "Authorization": "Bearer {YOUR_ACCESS_TOKEN}"
}
params = {
    "start_time": "{EPOCH_START_TIME}",
    "end_time": "{EPOCH_END_TIME}",
    "limit" : "1000"
}

response = requests.get(url, headers=headers, params=params)

# Print the response
print(response.json())

# Optional: Handle errors
if response.status_code != 200:
    print(f"Error: {response.status_code}")
    print(response.text)

If you do not include start_time, end_time, or limit, the following defaults will apply:

  • start_time: 1 hour ago

  • end_time: Now

  • limit: 1000

Working with the logs

The API will return a list of verification events, each containing the following fields:

  • id: Unique numeric identifier

  • bot_id: UUID or string identifier for the source bot

  • epoch_timestamp: Unix timestamp

  • name: User or entity name

  • confidence: Float between 0 and 1

  • organization: Organization identifier

Recommended Practices

Timestamp Conversion

Convert the epoch_timestamp field into your SIEM's preferred format.

  • Example: epoch_timestamp = 1726074384

  • Converts to: ISO 8601 format

Normalize Confidence Scores

  • The confidence field is on a 0–1 scale

  • Multiply by 100 if needed to convert to a percentage

  • Recommended interpretation:

    • High: > 0.8

    • Medium: 0.6 – 0.8

    • Low: < 0.6

Create Correlation Rules

Consider creating rules in your SIEM for patterns like:

  • Multiple low-confidence events from the same bot_id within a short time window

  • Sudden drops in confidence scores over time

PreviousCalendarNextSSO & Identity Providers

Last updated

Was this helpful?