SIEM Export - OnlookAI

Supported destinations

Destination	Format	Status
Splunk	HEC JSON	Available
Microsoft Sentinel	CEF	Available
Elastic SIEM	ECS JSON	Available
Generic webhook	JSON	Available

Configure export

In the Attune Compliance dashboard, go to Settings → SIEM Export and add your destination. Or via API:

POST /v1/attune/siem

{
  "type": "splunk",
  "url": "https://splunk.your-org.com:8088/services/collector",
  "token": "YOUR_HEC_TOKEN",
  "index": "onlookai"
}

Event format (Splunk)

{
  "time": 1745846328,
  "source": "onlookai",
  "sourcetype": "attention_event",
  "event": {
    "sessionId": "sess_8xK2mP9q",
    "userId": "alice@acme.com",
    "type": "SCORE_DROP",
    "score": 34,
    "threshold": 40
  }
}

Attune Compliance SSO & SCIM

​Supported destinations

​Configure export

​Event format (Splunk)

Supported destinations

Configure export

Event format (Splunk)