Updates a SIEM streaming destination. You can change the endpoint URL, rotate credentials, or toggle streaming on and off. Only the fields you include in the request body are updated.
Parameters
The SIEM destination ID (e.g., siem_abc123).
New authentication token (Splunk, Datadog, Elastic).
New AWS access key ID (CloudWatch).
New AWS secret access key (CloudWatch).
New shared secret (custom webhook).
Enable or disable streaming.
Responses
{
"id": "siem_abc123",
"provider": "splunk",
"endpoint": "https://hec-new.splunk.example.com:8088/services/collector",
"enabled": true,
"created_at": "2026-06-30T12:00:00Z",
"updated_at": "2026-06-30T14:00:00Z",
"status": "active"
}
curl -X PUT https://api.truthlocks.com/v1/audit/siem/siem_abc123 \
-H "X-API-Key: tl_live_..." \
-H "Content-Type: application/json" \
-d '{
"endpoint": "https://hec-new.splunk.example.com:8088/services/collector",
"token": "your-new-hec-token"
}'
