Documentation

Audit logs streaming

Connect Entitle audit logs to a SIEM, security investigation platform, or any other automation tool.

Suggest Edits

Entitle uses outgoing webhooks to integrate its audit logs changes into the tools that your team already uses. You can use the audit logs webhook to make sure you have all the configuration changes that have been made to your team's tenant configuration as permissions granted and revoked logged within your systems for audit, security investigation, and various process automation purposes.

Connect a SIEM tool

The following steps are required to connect your SIEM tool in Entitle.

1. Set up your SIEM tool

To set up the proper configuration in your SIEM tool, refer to the first section in the following guides, named Setup Audit Logs Webhooks:

2. Create a webhook in Entitle

  1. Log into Entitle with an Admin account.
  2. Go to Entitle's Org settings.
  3. Scroll down to the Audit Logs Webhooks section.
  4. To add an Audit Log Webhook, click the Add button on the right corner
  5. In the row that appears, you will need to fill in specific fields depending on the SIEM tool you aim to integrate in Entitle (you can find the instructions for this step under the Create Audit Log Webhook in Entitle section in each of the guides above).

Updated 7 days ago