SIEM Integration
Stream security events to Splunk, Datadog, or custom endpoints.
Stream real-time security events to your SIEM for centralized monitoring and compliance.
Supported Integrations
| Platform | Method |
|---|---|
| Splunk | HTTP Event Collector (HEC) |
| Datadog | HTTP API |
| Sentinel | HTTP Data Collector |
| Custom | Webhook (CEF or JSON) |
Configuration
- Go to External Config in the dashboard.
- Enable SIEM Integration.
- Enter your platform's API key or HEC token.
- Test Connection before saving.
Event Types
Edison Watch streams per-session activity:
- Tool Calls: Metadata for every action (timestamp, user, tool name, duration).
- Security Events: Flag changes (Trifecta) and ACL violations.
- Approvals: Audit records of human-in-the-loop decisions.
- Admin Actions: Configuration changes and user role updates.
Common Event Format (CEF)
For legacy SIEMs, Edison supports CEF over HTTP:
Performance & Reliability
- Asynchronous: Log streaming does not add latency to AI tool calls (
<1msoverhead). - Batching: Events are flushed every 10 seconds or when the buffer hits 100 events.
- Retries: 3 attempts with exponential backoff; events are buffered during network outages.
For platform-specific Splunk/Datadog dashboards, email [email protected].