Most SIEM tools support HTTP ingestion of events. You can utilize our webhooks to send events to your SIEM.
Configuring
To configure Hoop to send events to your SIEM, simply log in with the client and create the
webhooks
plugin.shellhoop login
shellhoop admin create plugin webhooks
After enabling it, you need to select which connections you want to emit webhook events. Let's override the plugin and enable it for an existing connection.
shellhoop admin create plugin webhooks --overwrite --connection bash-default
bash-default
Once this plugin is created, it will be enabled by default when creating new connections.
Dashboard
Now, you can log in to your dashboard and start configuring endpoints while selecting the messages you want to subscribe to.
shellhoop admin webhooks-dashboard
Only admin users can open this dashboard.
To view any activity, interact with any connection.
shellhoop connect bash-default
Accessing the Message Logs link in the dashboard will display the
hoop connect
event.Adding Endpoints
To route these messages to your SIEM, add your public endpoint that will receive these messages. Click on the Endpoints link.
You can use Svix Play to test it first.
When accessing the endpoint, it will contain the messages that have been sent to it.
Event Types
Hoop provides the definition of each event that is sent. To access these definitions, refer to the Event Catalog link.
Consuming Webhooks
Since we are using Svix as our webhook service provider, they provide a guide and best practices for securely verifying and consuming webhook.