If I have syslog data from my ESXi hosts going to a SIEM, do I also need ESXi host events?  For example, some SIEM solutions are capable of both ingesting Syslog info from an individual ESXi host, but also connecting to the host via the ESXi API, and pulling event information such as you would see in vSphere Client.  The vSphere client information is more meaningful and easier to report on in your SIEM.  However, if you are pulling event data anyway from the vCenter API, and from ESXi syslogs, do you need to also get data from individual ESXI hosts' APIs?