To configure Hoop to send events to your SIEM, log in with the client and create the webhooks plugin.

hoop login
hoop admin create plugin webhooks

After enabling it, you need to select which connections you want to emit webhook events. Let’s override the plugin and enable it for an existing connection.

hoop admin create plugin webhooks --overwrite --connection bash-default

Once this plugin is created, it will be enabled by default when creating new connections.


Now, you can log in to your dashboard and start configuring endpoints while selecting the messages you want to subscribe to.

hoop admin webhooks-dashboard

Only admin users can open this dashboard.

To view any activity, interact with any connection.

hoop connect bash-default

Accessing the Message Logs link in the dashboard will display the hoop connect event.

Adding Endpoints

To route these messages to your SIEM, add your public endpoint that will receive these messages. Click on the Endpoints link.

You can use Svix Play to test it first.

Accessing the endpoint will contain the messages that have been sent to it.

Event Types

Hoop provides the definition of each event that is sent. To access these definitions, refer to the Event Catalog link.

Consuming Webhooks

Since we use Svix as our webhook service provider, they provide a guide and best practices for securely verifying and consuming webhooks.