Audit Everything To Siem is a Naftiko capability published by WorkOS, one of 3 capabilities the APIs.io network indexes for this provider.
Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.
name: Audit Everything to SIEM description: Define an audit log schema for a tenant, emit events for critical actions (user, org, directory, authorization, agent), and confirm events stream to the customer's SIEM via the Audit Logs destination. specification: Naftiko Capability Composition specificationVersion: '0.1' provider: WorkOS providerId: workos api: workos created: '2026-05-22' modified: '2026-05-22' tags: - Audit Logs - Compliance - SIEM inputs: - name: organization_id type: string required: true - name: action type: string required: true - name: actor type: object required: true - name: targets type: array required: true steps: - id: define-schema capability: audit-logging operation: AuditLogsController_createSchema description: Define the audit log schema (actions, target types, metadata) the application emits. - id: emit-event capability: audit-logging operation: AuditLogsController_createEvent description: Emit a tamper-evident audit event for the given action, actor, and targets. - id: stream-to-siem description: Confirm the event reaches the customer's configured SIEM destination (Splunk, Datadog, Elastic, etc.). external: true - id: query-events capability: webhooks operation: EventsController_list description: Verify the event is queryable via the Events API for replay and integration testing. outputs: - name: event_id source: emit-event.id