Cylancesyslog/SIEM integration cannot successfully deliver syslog messages to a syslog/SIEM server, an email notification will be sent to administrators (built-in role) with a confirmed email address within an organization. The email notification alerts administrators about this syslog issue.
The maximum number of undelivered messages before the syslog/SIEM integration is disabled is 400. The first warning email is sent after 1/3 of the maximum number of undelivered messages are sent. Each message attempts to be sent 10 times before it fails to forward to a syslog/SIEM server and then transitions to a dead-letter queue.