# SIEM (Vectra Brain ingesting logs) SIEM Event Forwarding functionality is available in your Vectra UI at *Settings > External Connectors > SIEM*. The attached document speaks to the capabilities of the feature. !! Please note: * Vectra plans to deprecate the Kerberos event ingestion functionality of this feature and rename it to "DHCP Log Ingestion" in a future release. * With the existing implementation, Windows Security Event Log data was limited to ingesting only Kerberos event 4768 and this data was only used by this feature to provide naming artifacts used by Vectra's automated Host ID capability. The data did not help to feed Kerberos learnings that were used by Vectra's Privileged Access Analytics AI models. * Windows Event Log Ingestion (WELI) is also available in *Settings > External Connectors.* * WELI accepts both 4768 and 4769 Kerberos events. * WELI feeds both Host ID and Kerberos learning needed for PAA detections. * Please only use SIEM Event Forwarding to feed DHCP log data into Vectra and use WELI for Windows Security Event Log Kerberos messages. * Enabling both of these integrations is considered a best practice. ### Attachments {% file src="/files/zCjyJ1WEMqLAiCXPbiuF" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vectra.ai/configuration/setup/external-connectors/siem-vectra-brain-ingesting-logs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.