Currently, our SIEM support relies on allowing the SIEM server to query our Database.
Your SOC team should build their queries based on these tables:
1.dbo.auditing -Ethical Wall violation
2.dbo.dlp_rules_log - DLP violations
3. dbo.security_auditing - general actions that are not ethical wall or DLP