Have questions about configuring the Activity Log Webhook in Lucidya? Here are answers to the most common ones.
What is the purpose of the Activity Log Webhook?
The Activity Log Webhook allows you to automatically receive all user activity logs from Lucidya in near real-time and integrate them into your SIEM system such as Splunk for security monitoring and compliance purposes, without manually pulling logs.
What are the prerequisites before setting up the Webhook?
You need a valid endpoint URL from your SIEM system, a defined authentication method (header, body, or both), and Manager permission in General Settings in Lucidya.
How do I access the Webhook configuration?
Go to Settings → Users → Activity Log, then click the Webhook Configuration icon.
What format is the data sent in by the Webhook?
All logs are sent in JSON format. Each payload includes the action timestamp in UTC, an activity description, the action type, the module where it occurred, the user's email, their IP address, and browser or device information.
What events does the Webhook capture?
The Webhook captures all platform activity, including Read, Create, Update, and Delete actions, as well as user management events such as user invitations, permission changes, user updates, and deletions.
What should I do if I am not receiving logs?
First, confirm that the Webhook is enabled and that the endpoint URL is correct and reachable. Then verify that your authentication configuration is complete and valid. If the issue persists, contact the support team at [email protected].
If you need help configuring the Webhook or testing the integration, reach out to the Lucidya support team at [email protected].