Most SIEM tools support HTTP ingestion of events. You can utilize our webhooks to send events to your SIEM.

Configuring

To configure Hoop to send events to your SIEM, simply log in with the client and create the webhooks plugin.

shell
hoop login

shell
hoop admin create plugin webhooks

this plugin enables a dashboard to manage webhooks

After enabling it, you need to select which connections you want to emit webhook events. Let's override the plugin and enable it for an existing connection.

shell
hoop admin create plugin webhooks --overwrite --connection bash-default

update the plugin and enable it for the connection bash-default

💡

Once this plugin is created, it will be enabled by default when creating new connections.

Dashboard

Now, you can log in to your dashboard and start configuring endpoints while selecting the messages you want to subscribe to.

shell
hoop admin webhooks-dashboard

open the dashboard in your browser

💡

Only admin users can open this dashboard.

To view any activity, interact with any connection.

shell
hoop connect bash-default

Accessing the Message Logs link in the dashboard will display the hoop connect event.

Adding Endpoints

To route these messages to your SIEM, add your public endpoint that will receive these messages. Click on the Endpoints link.

💡

You can use Svix Play to test it first.

When accessing the endpoint, it will contain the messages that have been sent to it.

Event Types

Hoop provides the definition of each event that is sent. To access these definitions, refer to the Event Catalog link.

Consuming Webhooks

Since we are using Svix as our webhook service provider, they provide a guide and best practices for securely verifying and consuming webhook.

https://docs.svix.com/receiving/introduction

SIEM Integration

Configuring

Dashboard

Adding Endpoints

Event Types

Consuming Webhooks