Most SIEM tools support HTTP ingestion of events. You can utilize our webhooks to send events to your SIEM.
To configure Hoop to send events to your SIEM, simply log in with the client and create the
hoop admin create plugin webhooks
After enabling it, you need to select which connections you want to emit webhook events. Let's override the plugin and enable it for an existing connection.
hoop admin create plugin webhooks --overwrite --connection bash-default
Once this plugin is created, it will be enabled by default when creating new connections.
Now, you can log in to your dashboard and start configuring endpoints while selecting the messages you want to subscribe to.
hoop admin webhooks-dashboard
Only admin users can open this dashboard.
To view any activity, interact with any connection.
hoop connect bash-default
Accessing the Message Logs link in the dashboard will display the
To route these messages to your SIEM, add your public endpoint that will receive these messages. Click on the Endpoints link.
You can use Svix Play to test it first.
When accessing the endpoint, it will contain the messages that have been sent to it.
Hoop provides the definition of each event that is sent. To access these definitions, refer to the Event Catalog link.
Since we are using Svix as our webhook service provider, they provide a guide and best practices for securely verifying and consuming webhook.