Control D supports SIEM Log streaming using Fluent Bit (in Alpha) for select organization customers.

We chose Fluent Bit for exporting log data to SIEM (Security Information and Event Management) solutions because of its:

• Flexible Output Formats: Send logs to various Fluent Bit supported outputs like Splunk, S3, or Elasticsearch (all major platforms supported)
• Secure Transmission: The system uses well known TLS encryption to ensure secure log transmission between components⁠ (forwarders and receivers)⁠​
• Isolated Customer Data: Each customer gets their own Fluent Bit forwarder which prevents configuration errors from affecting other customers and ensures better security isolation⁠.

Links

Check out the Integration documentation and Log Field reference below:

• Integration: General Purpose
• Integration: Splunk
• Log Field Reference

Architecture

Outbound IP addresses (allowlisting)

If your SIEM receiver (or upstream firewall/WAF) only accepts traffic from known sources, you can allowlist the outbound (egress) IP addresses used by Control D’s SIEM log streaming senders.

Current sender egress IPs:

Notes

• These IPs are intended for source allowlisting only (the IPs your SIEM will see as the sender).
• Subject to change: while these are static today, infrastructure changes may require updates. Contact support if your environment can’t tolerate changes.