# Webhooks and SIEM delivery
Send audit logs to your monitoring platform in near real-time. This works with tools like Splunk, Datadog, and Sumo Logic.
### Add a webhook
{% stepper %}
{% step %}
### Open audit log webhooks
Go to **Account Settings → Security → Audit logs**.
{% endstep %}
{% step %}
### Create the webhook
Click **Add webhook**.
{% endstep %}
{% step %}
### Configure
* **Name**: label for the destination
* **URL**: HTTPS endpoint
* **Description**: optional notes
* **Secret key**: optional HMAC signing secret
* **Custom headers**: optional auth headers
* **Timeout**: 1–300 seconds
* **Max retries**: 0–10
{% endstep %}
{% endstepper %}
### Filter what gets sent
Filters are per webhook:
* **Categories**
* **Event types**
* **Severities**
Leave filters empty to receive everything.
### Test delivery
1. Click **Test** next to the webhook.
2. Review the delivery result.
### Payload format (example)
{% code title="Webhook payload (example)" %}
```json
{
"event": "user.login",
"event_category": "authentication",
"severity": "low",
"timestamp": "2026-02-02T14:30:00Z",
"audit_log": {
"id": 12345,
"event_type": "user.login",
"status": "success",
"ip_address": "192.168.1.100",
"user_agent": "Mozilla/5.0...",
"metadata": {}
},
"user": {
"id": 42,
"name": "Jane Smith",
"email": "jane@company.com"
},
"account": {
"id": 1,
"name": "Acme Corp"
}
}
```
{% endcode %}
### Verify webhook signatures (optional)
When a secret key is set, verify the `X-Webhook-Signature` header:
```
HMAC-SHA256(secret_key, request_body)
```
### Retries
Failed deliveries retry with exponential backoff:
* 1 min
* 5 min
* 15 min
* 30 min
* 1 hour
* 2 hours