Audit streaming

Forward audit events to your SIEM in OCSF / ECS / generic JSON.

Splunk HEC

{
  "kind": "splunk_hec",
  "url": "https://splunk.your.co:8088/services/collector",
  "token": "...",
  "index": "agentics"
}

Microsoft Sentinel

{
  "kind": "sentinel",
  "workspace_id": "...",
  "shared_key": "...",
  "log_type": "AgenticsAudit"
}

Datadog

{
  "kind": "datadog",
  "site": "datadoghq.com",
  "api_key": "...",
  "service": "agentics"
}

Generic webhook

{
  "kind": "generic_webhook",
  "url": "https://siem.your.co/agentics",
  "secret": "...",
  "format": "ocsf"
}

Forwarded event shape (OCSF-compliant)

{
  "category_uid": 6, "class_uid": 6003, "type_uid": 600301,
  "time": 1716000000000,
  "metadata": { "product": { "name": "Agentics" }, "version": "1.0.0" },
  "actor": { "user": { "uid": "user_...", "email": "..." }, "agent": { "uid": "agent_..." } },
  "src_endpoint": { "ip": "1.2.3.4" },
  "observables": [{ "name":"scope", "value":["read:tickets"] }],
  "status_detail": "scope_used != scope_declared",
  "raw_data": "...full receipt..."
}