Connect Your Entire UniFi Ecosystem

Native integration with every UniFi product and the alert channels your team already uses. Set up in minutes, not days.

UniFi Product Integrations

Deep, native integration with every UniFi product for complete visibility.

UniFi Network

Real-time monitoring of all network events including IDS/IPS alerts, firewall logs, client connections, and traffic anomalies.

  • Syslog & CEF ingestion
  • WebSocket real-time events
  • API polling for device status
  • Client tracking & analytics
Learn more

UniFi Protect

Video surveillance integration with motion detection, smart alerts, camera health monitoring, and AI-powered event analysis.

  • Webhook event receiver
  • Motion & smart detection
  • Camera health monitoring
  • Recording alerts
Learn more

UniFi Access

Physical access control monitoring for doors, credentials, and access attempts across your facilities.

  • Door access events
  • Credential management
  • Unauthorized access alerts
  • Visitor tracking
Learn more

UniFi Talk

VoIP system monitoring for call patterns, voicemail activity, and communication security events.

  • Call detail records
  • Voicemail notifications
  • Anomaly detection
  • SIP event logging
Learn more

Protocol Collectors

Every common way a UniFi device can talk to a SIEM — without a gateway appliance or extra agent.

Syslog (UDP / TCP)

Structured parsers for UniFi firewall, Suricata IDS, hostapd wireless, dnsmasq DHCP, and Linux auth — no generic keyword matching.

Point any UniFi device's Remote Syslog at your Sentinel host, port 514 (or 1514 on containerized deployments)

CEF (Common Event Format)

Full ArcSight-compatible CEF decoder with all extension fields, plus CEF-in-syslog wrapping that UniFi devices often use.

Auto-detected on the same syslog port — no separate configuration

NetFlow v5 / v9

Legacy and templated NetFlow parsing with per-exporter template cache. 5-tuple plus bytes/packets/duration.

Enable NetFlow export on UniFi gateway → send to Sentinel UDP 2055

IPFIX (v10)

Modern IETF flow protocol. Same collector, same port — discriminated by the header version field.

Enable IPFIX on UDM / USG → UDP 2055 (aggregated into 60s tumbling windows)

SNMP v1 / v2c Traps

Listen for traps from switches and gateways. Well-known OIDs (linkUp, authFailure, coldStart) map to named events automatically.

Configure SNMP traps on your UniFi devices → UDP 1162 (with optional community filter)

Webhook Ingest

HTTP POST endpoint for UniFi Protect, custom apps, or any tool that can send JSON.

POST JSON to /webhook — auto-routed to the right parser

Controller API Polling

Active polling of UniFi Network, Protect, and Access controllers for events that aren't pushed via syslog.

Provide controller URL + credentials (or API key) in settings

Host Journalctl Tail

Optional collector that pipes the SIEM host's own journalctl through the parser — useful for self-monitoring.

Toggle [host_syslog] enabled = true in config

Alert Channels

Get notified through the tools your team already uses.

Slack

Rich alert messages with severity coloring, quick action buttons, and threaded follow-up updates.

Connect via incoming webhook in minutes

Discord

Embed-formatted alerts with severity badges, perfect for teams using Discord for operations.

Connect via Discord webhook URL

PagerDuty

Escalation policies and on-call routing for critical security alerts that need immediate response.

Connect via PagerDuty integration key

Email

Formatted email notifications with full alert details, delivered to individuals or distribution lists.

Built-in, configure recipients and severity filters

Webhooks

Send alert data to any HTTP endpoint with customizable JSON payloads for custom integrations.

Configure URL, headers, and payload template

REST API

Build custom integrations with our comprehensive REST API. Access alerts, events, rules, and device data programmatically.

  • RESTful endpoints with JSON responses
  • API key authentication with scoped permissions
  • Rate limiting with generous quotas
  • Webhook subscriptions for real-time events
View API Docs 
GET /api/v2/alerts?severity=critical
Authorization: Bearer sk_live_...

Response:
{
  "alerts": [
    {
      "id": "alt_7x9k2m",
      "severity": "critical",
      "rule": "brute-force-ssh",
      "source_ip": "203.0.113.50",
      "timestamp": "2025-01-28T14:32:00Z",
      "status": "open"
    }
  ],
  "total": 1,
  "page": 1
}

Don't see what you need?

We're always adding new integrations based on customer feedback. Let us know what you'd like to see.

Request an Integration

Ready to Secure Your UniFi Network?

Start your 14-day free trial today. No credit card required. Set up in minutes.

Start Free Trial Talk to Sales

Join 500+ organizations already using Sentinel Nerd