SIEM Integration

Most SIEM tools support HTTP ingestion of events. You can utilize our webhooks to send events to your SIEM.


To configure Hoop to send events to your SIEM, simply log in with the client and create the webhooks plugin.
hoop login
login on your hoop instance with your user
hoop admin create plugin webhooks
this plugin enables a dashboard to manage webhooks
After enabling it, you need to select which connections you want to emit webhook events. Let's override the plugin and enable it for an existing connection.
hoop admin create plugin webhooks --overwrite --connection bash-default
update the plugin and enable it for the connection bash-default
Once this plugin is created, it will be enabled by default when creating new connections.


Now, you can log in to your dashboard and start configuring endpoints while selecting the messages you want to subscribe to.
hoop admin webhooks-dashboard
open the dashboard in your browser
Only admin users can open this dashboard.
To view any activity, interact with any connection.
hoop connect bash-default
Accessing the Message Logs link in the dashboard will display the hoop connect event.
Image without caption

Adding Endpoints

To route these messages to your SIEM, add your public endpoint that will receive these messages. Click on the Endpoints link.
Image without caption
You can use Svix Play to test it first.
When accessing the endpoint, it will contain the messages that have been sent to it.
Image without caption

Event Types

Hoop provides the definition of each event that is sent. To access these definitions, refer to the Event Catalog link.
Image without caption

Consuming Webhooks

Since we are using Svix as our webhook service provider, they provide a guide and best practices for securely verifying and consuming webhook.

Powered by Notaku