⬡

SIEM Integration Hub

Integration Layer

◀ API

Common Interface

MCP

Model Context Protocol

Capabilities

tools/list

tools/call

resources/read

prompts/get

notifications

Protocol Translation

→REST → MCP Tools

→OAuth/JWT → MCP Auth

→Webhooks → MCP Events

→Syslog (514) → MCP Ingest

→CEF/LEEF → MCP Normalized

→GELF/Beats → MCP Streams

→SNMP → MCP Telemetry

→HEC/S3 → MCP Batch

Secrets ▶

Secret Management

Delinea

Secret Server

Privileged Access Management

SS REST API Endpoints

GET/api/v1/secrets/{id}

POST/api/v1/secrets

POST/api/v1/secrets/{id}/check-out

POST/api/v1/secrets/{id}/check-in

GET/api/v1/secrets/{id}/audits

POST/api/v2/secrets/rotate

MCP Workflow

1

SIEM needs API credentials

2

MCP Server receives tool call

3

MCP fetches secret from Delinea SS

4

Secret injected into SIEM API call

5

Audit log written to both systems

Agent Requirement Key

◆Required— Must install

◈Recommended— Recommended

◇Optional— Optional

○No— Agentless

Legend:

SaaS

SaaS/Hybrid

Hybrid

Open Source

Software/SaaS

●SYSLOG ●CEF REPO ● DELINEA

@bertblevins · delinea.com