QEHSCapabilities
- HEC forwarder
- Per-tenant source type
- Structured fields for SPL
Integrations / Observability + SIEM
Splunk
SIEM audit log forwarder.
Observability + SIEMGenerally availableEnterprise only
Forward the immutable audit log stream to Splunk with HEC, per-tenant source type, and structured fields for search + alerting.
Other Observability + SIEM connectors
Every integration is auditable
HMAC-signed webhooks, OpenAPI 3.1, SDKs in every major language.
Integrations layer sits on top of the same audit log your security team already reviews — nothing bypasses the tenant boundary.