Looking for IDnow Virtual Appliance Syslog / Webhook Documentation

Hi everyone,
Does anyone here have experience forwarding IDnow logs to a SIEM?

I’m specifically looking for official IDnow documentation on:

Syslog forwarding from the IDnow Virtual Appliance

Event‑based webhook/callback configuration

Any integration guides that describe how IDnow exports logs or events

I have admin access to the IDnow platform, but I’m not finding a working documentation URL. If anyone knows where IDnow hosts their technical docs or how to request them, I’d appreciate the guidance.

Thanks in advance!

Most patterns I’ve seen involve periodic polling of the search API endpoint (pull) or scheduling a workflow to query the search API endpoint and push them to the SIEM.

To my knowledge there’s no documentation that directly addresses this use case. SSF transmitter may be an option soon but since SSF is relatively new it will take a while for tools to adopt it

Keep in mind that the VA is only going to be aware of the work that is in its queue, not necessarily the other auditable events that are occurring in the cloud tenant

There is a Splunk add-on that polls the search api every 5 minutes from Splunk to aggregate event data.

https://community.sailpoint.com/t5/Identity-Security-Cloud-Wiki/SailPoint-Identity-Security-Cloud-AuditEvent-Add-on-for-Splunk/ta-p/77123

Other than that, there are no SIEM integrations. Syslog is not supported from the SaaS or from the VAs. Keep in mind that the VAs are pretty locked down - you can’t install any agents or anything like that. You could perhaps setup something that uses SSH to regularly review the CCG log, but that’s a noisy log.

Other than that I don’t know of any path towards getting data into a SIEM. You might find this idea worth supporting: https://ideas.sailpoint.com/ideas/GOV-I-1470

Matt