How do I get a Shakti audit trail into my SIEM?

Today: GET /v1/audit/export/{packet_id} returns a structured JSON bundle. Every entry carries hash, prev_hash, actor, event_type, timestamp, and a typed payload. Point your SIEM ingest at that endpoint (or mirror it to S3 / Azure Blob via a scheduled CLI call) and the chain is indexed alongside the rest of your logs.

For Splunk, Datadog, Chronicle, and Azure Sentinel, v2.1 ships custom schema mappers that transform the bundle into each platform’s preferred field layout. Contact us if your SIEM isn’t on that list — the adapter surface is a two-day integration.

If you’re standing up a brand-new pipeline, the simplest path is to schedule shakti audit export (the v2 CLI) on a quarterly cron and drop the result into your evidence-packet S3 bucket. Auditors pull from there when they need fresh evidence.