SIEM Destinations
Send curated, masked, enriched telemetry to security platforms.
Examples
Enables
Reduced ingest volumeConsistent masking before SIEMLonger retention via archive routing
Integrations
Works with your tools, without locking you to them
LyftData connects to your SIEM, observability, warehouse, and storage platforms through a growing catalog of documented integrations — all delivered through one declarative pipeline model.
Instead of building different ingestion paths for different tools, you define one Job and route its outputs into the platforms your teams already use. No vendor agents. No per-tool scripts. No pipeline drift.
Sources → LyftData → Destinations
Sources
EDR, Windows Events, syslog, APIs
LyftData
Declarative jobs + governed channels
Destinations
SIEM, storage, analytics, observability
The Integration Catalog at a Glance
LyftData supports a broad ecosystem across five categories:
Observability Platforms
Deliver high-signal events into log analytics and APM tools.
Examples
New Relic
Enables
Cleaner dashboards and faster triagePredictable ingest billingShared telemetry for SRE + Platform
Storage & Lakes
Keep full-fidelity copies in your own cloud storage for years.
Examples
Enables
Cheap historical archivesReplay into new toolsTraining sets for ML teams
Security & OS Sources
Read directly from EDR, Windows Events, syslog, and APIs without agents.
Examples
Custom HTTP Pollers
Enables
Consistent ingestion across regionsOne masking policy everywhereFaster onboarding of new sources
Analytics & Warehouses
Send structured outputs to analytics teams without brittle ETL.
Examples
BigQuery
Databricks
Enables
Shared telemetry for security + dataFaster investigations with cross-tool queriesVendor-neutral workflow handoffs
Integrate once. Deliver everywhere.
Inputs flow into Jobs, Actions describe transformations, Channels clone governed streams, and Outputs deliver to every destination you choose.
Input → Actions → Channels → Destinations
Why this matters
Define once
You define Inputs/Actions once, not per vendor.
Clone streams
Channels clone governed streams to multiple tools.
Switch without migrations
Switching SIEM/observability tools is an Output change, not a migration.
Example integration flow
One Job ingests EDR telemetry and fans out to multiple destinations:
Input
Read EDR logs from CrowdStrike and Windows Events.
Filter
Actions drop duplicates and filter noise.
Mask
Actions mask employee IDs and enrich IPs.
Split channels
Fan out governed streams into multiple lanes.
Destinations
Send curated outputs to Splunk, S3, and Snowflake.
Each step is defined once in the Job and versioned, so governed changes flow safely to every lane.
Result: curated SIEM ingest, cheap archives, and analytics visibility — no duplicated pipelines.
Key connectors
Browse common sources and destinations teams start with, grouped by category.
SIEM
Splunk HEC
Filter, mask, and enrich before ingesting into Splunk.
Microsoft Sentinel
Stream governed events via Azure Blob + Sentinel connectors.
Elastic Security
Send curated, masked telemetry into Elastic.
Observability
Datadog
Deliver only the high-signal metrics and logs you choose.
Elastic Logs
Deliver high-signal events into Elastic logs.
New Relic
New Relic
Route governed telemetry into New Relic.
Storage
Amazon S3
Archive full-fidelity logs for years in your own buckets.
Google Cloud Storage
Keep full-fidelity archives in GCS for replay.
Azure Blob
Route long-term archives into Azure Blob.
Analytics
Snowflake
Keep analytics teams in sync with security telemetry.
BigQuery
BigQuery
Send structured outputs to BigQuery.
Databricks
Databricks
Stream governed telemetry into Databricks.
Walk through Server → Jobs → Workers in detail.
Want to see what you can actually build?Explore the capabilities unlocked by this model.
Ready to choose a plan?See how CE, Eval, and Licensed tiers compare.