Skip to main content

SIEM Integration

Forward NeuralTrust audit logs to your SIEM platform for centralized security monitoring, compliance reporting, and incident response.

Benefits

  • Centralized monitoring — View NeuralTrust events alongside your other systems
  • Compliance — Meet requirements for security event aggregation (SOC2, ISO 27001, HIPAA)
  • Incident response — Faster detection through correlation with other security events
  • Custom alerting — Create alerts in your SIEM based on NeuralTrust events

Supported Platforms

PlatformAuthentication
SplunkHEC Token
Elastic (ELK Stack)API Key
IBM QRadarSEC Token
Microsoft SentinelEntra ID (OAuth)
DatadogAPI Key
You only need to configure one SIEM platform. Choose the one your organization uses.

Configure Your SIEM

Go to SettingsSIEM, select your provider, and enter the required credentials.
Step 1: Get your Splunk HEC Token
  1. Log in to your Splunk instance
  2. Go to SettingsData InputsHTTP Event Collector
  3. Click New Token or use an existing one
  4. Copy the Token Value and your HEC endpoint URL
Step 2: Configure in NeuralTrust
  1. Go to SettingsSIEM
  2. Select Splunk as the provider
  3. Enter your Endpoint URL, HEC Token, and Index
  4. Click Save
Step 1: Get your Elastic API Key
  1. Log in to Elastic Cloud or your self-hosted Kibana
  2. Go to Stack ManagementAPI Keys
  3. Click Create API Key and copy it (only shown once!)
  4. Note your Elasticsearch endpoint
Step 2: Configure in NeuralTrust
  1. Go to SettingsSIEM
  2. Select Elastic as the provider
  3. Enter your Endpoint URL, API Key, and Index
  4. Click Save
Step 1: Get your QRadar SEC Token
  1. Log in to QRadar Console
  2. Go to AdminAuthorized Services
  3. Create a new authorized service and copy the SEC Token
Step 2: Configure in NeuralTrust
  1. Go to SettingsSIEM
  2. Select IBM QRadar as the provider
  3. Enter your Endpoint URL, SEC Token, and Log Source
  4. Click Save
Step 1: Create an App Registration in Azure
  1. Go to Azure PortalMicrosoft Entra IDApp registrations
  2. Create a new registration and copy Client ID and Tenant ID
  3. Create a Client Secret (copy immediately!)
Step 2: Create a Data Collection Rule (DCR)
  1. Go to Azure MonitorData Collection Rules
  2. Create a rule and note the DCR Immutable ID and Stream Name
  3. Grant Monitoring Metrics Publisher role to your App Registration
Step 3: Configure in NeuralTrust
  1. Go to SettingsSIEM
  2. Select Microsoft Sentinel as the provider
  3. Enter Tenant ID, Client ID, Client Secret, DCR Immutable ID, and Stream Name
  4. Click Save
Step 1: Get your Datadog API Key
  1. Log in to Datadog
  2. Go to Organization SettingsAPI Keys
  3. Create or copy an existing API key
Step 2: Configure in NeuralTrust
  1. Go to SettingsSIEM
  2. Select Datadog as the provider
  3. Enter your Endpoint URL, API Key, and Service name
  4. Click Save

Select Event Categories

After connecting your SIEM, choose which events to forward:
  1. In SettingsAudit Logs, click the SIEM Integration button
  2. Toggle the categories you want to send:
    • Authentication — Login/logout events
    • User Management — User and role changes
    • SSO Security — SSO and SCIM events
    • API Access — API key events
    • Administrative — Config changes
  3. Click Save

Event Format

Events are sent as JSON: 
{
  "timestamp": "2026-01-15T10:30:00.000Z",
  "eventType": "auth.login.success",
  "eventCategory": "authentication",
  "status": "success",
  "actor": { "id": "user-uuid", "email": "[email protected]" },
  "context": { "ipAddress": "192.168.1.100", "teamId": "team-uuid" }
}

Troubleshooting

IssueSolution
Events not appearingVerify endpoint URL and credentials
Authentication failedRegenerate API key/token
Connection disconnectedCheck firewall allows NeuralTrust IPs