This article will walk you through how to configure audit log streaming to SIEM tools.
The following functionality will be live on July 10th. To learn more about the features included in our July release, refer to What's New in Ironclad: July 2025.
ENABLE/ACCESS
Audit Log Streaming is part of the paid Security & Data Pro add-on. Contact your Ironclad account representative for more information about purchasing this package.
Audit log streaming sends audit log events directly to your organization’s SIEM tools. This enables real-time visibility into user actions and system activity. You can use this integration to monitor behavior, investigate issues quickly, and maintain compliance with internal and external policies.
You can stream audit logs to:
- AWS S3
- Datadog
- Splunk
- Google Cloud Storage
- A Generic HTTPS
Your endpoint will receive a log event every time a qualifying action occurs. Audit log streaming captures the same information as our data export. View the full list of captured events in our Developer Hub.
Configure Audit Log Streaming
- Click your profile icon located in the top right corner of Ironclad, and then click Company Settings > Settings.
- Under Security & Data, toggle on Enable audit log streaming to SIEM tools.
- Click Configure Audit Log Streaming.
- A new tab opens. This tab allows you to configure the connection between Ironclad and the tool you want to use to stream audit logs. Select from AWS S3, Datadog, Splunk, Google Cloud Storage, or a Generic HTTPS.
- Click on the tool you want to use to stream your audit logs. Once you select a tool, a set of instructions displays walking you through how to establish the connection. Follow the listed steps to establish the connection. Once you have successfully activated the audit stream, a confirmation message displays.
- After activating the audit stream, a confirmation message will display to let you know the setup is complete.