Integration Guide · April 2026

SIEM & GRC Integration.
30 minutes to operational.

Connect Rubric Protocol to your existing security and compliance infrastructure. Real-time webhooks for SIEM platforms. CSV and JSON exports for GRC tools. Court-admissible PDF reports on demand.

Supported Platforms

Works with your stack.
No custom code.

SIEM
Splunk
Webhook → HTTP Event Collector
SIEM
Elastic SIEM
Webhook → Logstash / Fleet
SIEM
IBM QRadar
NDJSON export → Log Source
GRC
ServiceNow GRC
CSV export → Scheduled Import
GRC
Archer
CSV export → Data Feed
GRC
OneTrust
JSON export → API Integration
GRC
Workiva
CSV export → Data Connection
Any
Custom
Webhook → any HTTPS endpoint
SIEM · Splunk

Splunk integration.
Real-time AI decision events.

Send every AI decision to Splunk via HTTP Event Collector (HEC). Each event is ECS-compatible and includes attestation ID, agent ID, pipeline ID, forest root, and a verify URL.

Step 1 — Enable Splunk HEC

In Splunk: Settings → Data Inputs → HTTP Event Collector → New Token. Note the HEC URL and token.

Step 2 — Register Rubric webhook

# Register webhook pointing to Splunk HEC curl -X POST https://rubric-protocol.com/v1/webhooks \ -H "x-api-key: your-rubric-key" \ -H "Content-Type: application/json" \ -d '{ "url": "https://your-splunk:8088/services/collector/event", "events": ["attestation.created", "batch.anchored"] }' # Save the returned secret for signature verification

Step 3 — Verify signature in Splunk (optional)

# Add to your Splunk HTTP input configuration # X-Rubric-Signature: sha256={hmac-sha256 of body} # Verify with your webhook secret to ensure authenticity

Each Rubric event includes rubric.verify_url — a direct link to the public audit portal for that attestation. Splunk analysts can click through to verify any AI decision independently.

SIEM · Elastic

Elastic SIEM integration.
ECS-native event format.

Rubric's SIEM export format follows Elastic Common Schema (ECS). Events can be ingested directly via Logstash, Elastic Agent, or bulk NDJSON import.

Option A — Real-time via webhook

# Register webhook → Logstash HTTP input curl -X POST https://rubric-protocol.com/v1/webhooks \ -H "x-api-key: your-key" \ -d '{"url":"https://your-logstash:8080","events":["*"]}'

Option B — Bulk NDJSON import

# Export as ECS NDJSON curl "https://rubric-protocol.com/v1/export/attestations?format=siem&from=2026-03-01" \ -H "x-api-key: your-key" -o rubric.ndjson # Bulk import to Elastic curl -X POST "https://your-elastic:9200/rubric-attestations/_bulk" \ -H "Content-Type: application/x-ndjson" \ --data-binary @rubric.ndjson

ECS Field Mapping

Rubric FieldECS FieldType
rubric.attestation_idevent.idkeyword
@timestamp@timestampdate
rubric.agent_idprocess.namekeyword
rubric.pipeline_idorchestrator.namespacekeyword
rubric.forest_rootfile.hash.sha256keyword
rubric.verify_urlurl.fullkeyword
GRC · ServiceNow

ServiceNow GRC.
Scheduled CSV import.

Import Rubric attestation data into ServiceNow GRC using the built-in Import Sets feature. Schedule daily or weekly imports for continuous compliance coverage.

Step 1 — Export CSV

# Export last 30 days curl "https://rubric-protocol.com/v1/export/attestations?format=csv" \ -H "x-api-key: your-key" -o rubric-attestations.csv # CSV columns: # attestation_id, timestamp, agent_id, pipeline_id, # leaf_types, forest_root, sequence, algo, # human_review, third_party_model, hcs_topic

Step 2 — ServiceNow Import Set

In ServiceNow: System Import Sets → Load Data → choose CSV file. Map columns to your AI Risk record schema. Schedule via Integration Hub for automated daily imports.

Step 3 — Generate compliance report

# On-demand PDF for audit or board reporting curl -X POST https://rubric-protocol.com/v1/export/report \ -H "x-api-key: your-key" \ -H "Content-Type: application/json" \ -d '{ "org": "Your Organization", "period_from": "2026-03-01", "period_to": "2026-04-01", "signatory": "Chief Compliance Officer" }' # Returns downloadUrl + SHA3-256 hash for document integrity
Security

Verify webhook signatures.
Every delivery is signed.

Every webhook delivery includes an HMAC-SHA256 signature in the X-Rubric-Signature header. Verify it to ensure events are authentic and untampered.

# Python — verify webhook signature import hmac, hashlib def verify(payload_body: bytes, signature_header: str, secret: str) -> bool: expected = "sha256=" + hmac.new( secret.encode(), payload_body, hashlib.sha256 ).hexdigest() return hmac.compare_digest(expected, signature_header) # Node.js const crypto = require('crypto'); function verify(body, signature, secret) { const expected = 'sha256=' + crypto .createHmac('sha256', secret) .update(body).digest('hex'); return crypto.timingSafeEqual( Buffer.from(expected), Buffer.from(signature) ); }
HeaderValue
X-Rubric-Signaturesha256={hmac-sha256}
X-Rubric-Eventattestation.created
X-Rubric-DeliveryUnique delivery UUID
User-AgentRubricProtocol-Webhook/1.0
Get Started

Ready to integrate?

Free developer key. 1,000 attestations included. No credit card.

Get API Key →

Questions? Scott@Rubric-Protocol.com