Publish data to Elastic SIEM

Hi,

I am trying to ingest some custom security event data (for which there is no Elastic integration) into Elastic SIEM. Looking at this chart:

it seems only way to do so is via Elastic agent.

However I can't install Elastic Agent and I am looking for a ways to publish the event to Elastic SIEM using the REST APIs provided by Elastic (say something like curl -X POST <elastic_url>/_bulk?pretty ). Is this possible ?
Or are there any alternative recommended ways to post security events to Elastic SIEM.

Any inputs are appreciated.

Thanks in advance,
sateesh

From Endpoint Security to SIEM

Certainly it's possible to write documents directly to Elasticsearch. You'll need to create API key in the stack to attach it as http header with each request.

Create API key API | Elasticsearch Guide [8.14] | Elastic

@lesio Thanks for your input, I will try it out. Since the data ingestion page didn't list Elastic APl as one of the possible modes for ingestion, I was bit unsure.

Thanks,
sateesh