Skip to content
Synaptyx
Observability

Stream every event to your SIEM, signed and verifiable.

Audit and security events push in real time to Splunk, Datadog, Elastic, Microsoft Sentinel, S3 WORM, or plain syslog. Each event is wrapped in a signed JWT envelope over mTLS. Reconnects replay any gap; drains stop gracefully.

Synaptyx
Splunk
Datadog
Elastic
Sentinel
S3 WORM
Syslog

How it works

1
Event emitted
An audit row is signed and broadcast to the SIEM pusher.
2
Wrapped in JWT
Event + audit signature wrapped in a JWS envelope keyed per destination.
3
Pushed over mTLS
Mutual TLS to your sink. No plaintext, no API key in transit.
4
Replay on reconnect
Gaps are auto-replayed from the durable buffer.

Deep dives

Signed envelopes
Your sink verifies the JWS signature with our pubkey - events can't be forged in transit, and your SIEM can prove provenance during an audit.
Delivery guarantees
At-least-once with idempotent IDs. Backpressure when your sink slows. Drain mode flushes pending then stops cleanly.
WORM / compliance sinks
S3 Object Lock in governance or compliance mode for immutable storage - auditors get retention proof out of the box.

Configure a sink

config · yaml
sinks: - name: splunk-prod kind: splunk_hec endpoint: https://splunk.acme.internal:8088 mtls: cert_ref: vault://platform/splunk/client-cert filters: - action_prefix: audit.session include - action_prefix: audit.vault include - jsonpath: $.actor.role == "viewer" exclude delivery: format: ecs batch: 100 backoff: 2s → 30s

Your SIEM is the source of truth - we just feed it, signed.

When the breach inquiry comes in, the auditor uses your signed records - not ours. We're the courier.

Compare

SynaptyxWebhooks (unsigned)Manual log export
Real-time deliverymTLS pushunsigned POSTbatch only
Signed envelopesJWS · per sink keynono
Replay on reconnectdurable bufferdrop on failureN/A
Multiple sinksall simultaneouslyone URLmanual
WORM complianceS3 Object Lock (Enterprise)nono

FAQ

Events buffer locally (default 30 days) and replay on reconnect with idempotent IDs. The control plane keeps running.
Yes. A common setup is Splunk for SOC + S3 WORM for compliance + Datadog for engineering - all from the same event stream with independent filter rules.
ECS (Elastic Common Schema) by default; raw_json, CEF, LEEF, syslog, and OCSF variants are available per sink, plus custom field mappings via a YAML transform.
Per-sink filter rules support jsonpath → redact. PII fields can be stripped before they reach lower-trust sinks.

Ready to govern your AI infrastructure?

Request access in minutes - or talk to us about your air-gap deployment.

Get started