> ## Documentation Index
> Fetch the complete documentation index at: https://onlook.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# SIEM Export

> Export attention audit logs to Splunk, Sentinel, or any CEF destination.

## Supported destinations

| Destination        | Format   | Status    |
| ------------------ | -------- | --------- |
| Splunk             | HEC JSON | Available |
| Microsoft Sentinel | CEF      | Available |
| Elastic SIEM       | ECS JSON | Available |
| Generic webhook    | JSON     | Available |

## Configure export

In the Attune Compliance dashboard, go to **Settings → SIEM Export** and add your destination.

Or via API:

```bash theme={null}
POST /v1/attune/siem
```

```json theme={null}
{
  "type": "splunk",
  "url": "https://splunk.your-org.com:8088/services/collector",
  "token": "YOUR_HEC_TOKEN",
  "index": "onlookai"
}
```

## Event format (Splunk)

```json theme={null}
{
  "time": 1745846328,
  "source": "onlookai",
  "sourcetype": "attention_event",
  "event": {
    "sessionId": "sess_8xK2mP9q",
    "userId": "alice@acme.com",
    "type": "SCORE_DROP",
    "score": 34,
    "threshold": 40
  }
}
```