Answer
It should, but buyers need more than a raw log export. The useful question is whether IBM i events arrive with enough context to separate real risk from background noise ... user identity, privilege use, object access, exit point activity, alert severity, and the system involved.
If SIEM integration flattens IBM i events into generic messages, the security team still cannot investigate quickly. Buyers should test normalization, field mapping, and alert routing before they treat SIEM support as complete.