AtlaSent — Upsert SIEM Config
atlasent_upsert_siem_configCreate or update SIEM export configuration for your organization. Specify destination URL, format, auth type, and event types to deliver security events.
Instructions
Create or update the SIEM export configuration for an organization. Enterprise plan required. destinationUrl must be HTTPS. The credential field is stored securely and never returned by GET.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| format | Yes | Payload format: splunk_hec (HEC wrapper), elastic_ecs (ECS envelope), qradar_cef (CEF text), json (raw JSON). | |
| org_id | Yes | Organization ID. | |
| enabled | No | Whether delivery is active (default true). | |
| authType | No | Auth method: bearer (Authorization: Bearer), basic (Authorization: Basic), api_key (X-API-Key), none. Default: bearer. | |
| batchSize | No | Events per batch (default 100). | |
| credential | No | Auth credential. Stored securely; omit to keep the existing credential. | |
| retryCount | No | Retry attempts on delivery failure (default 3). | |
| destinationUrl | Yes | HTTPS URL of the SIEM endpoint to deliver events to. | |
| includedEventTypes | No | Event types to include (default: permit, deny, override, governance). |