HEC
Experience the power of CompassOne
Get a DemoIntegrate. Simplify. Protect.
Meet compliance and log retention requirements by collecting and storing logs from any tool that supports HTTP Event Collector (HEC) exports. HEC is a widely supported standard for forwarding log data over HTTP. If your tool supports it, CompassOne can ingest it.
HTTP Event Collector (HEC) + CompassOne Overview:
01Collect logs from any HEC-compatible source
Forward log data from any vendor or platform that supports HTTP Event Collector exports directly into CompassOne. Whether it’s a security tool, identity platform, or infrastructure system — if it can send HEC-formatted events, CompassOne will ingest and store them.
02Satisfy compliance, insurance, and regulatory needs
Capture and store logs required for regulatory frameworks, cyber insurance policies, and routine audit reviews. Search stored logs by timestamp and keyword to support review cycles.
03Predictable and affordable billing
Eliminate unexpected fees and complicated log pricing models. CompassOne delivers clear, monthly flat-rate billing per log source. No data tiers and no surprises.
04Search and filter stored logs
Find what you need with timestamp filtering and keyword searches across raw log content to support incident reviews, audits, and investigations.
05Stored in standardized schema
Logs are mapped to the Open Cybersecurity Schema Framework (OCSF), making them structured, searchable, and compatible with other tools for parsing, visualization, or analysis.
06Complementary and extended storage
Get 12 months of log storage per HEC-enabled source integrated with CompassOne at no additional cost. Longer retention options are available at a predictable monthly rate.
07Simple setup
Create a new HTTP Event Collector integration in the CompassOne portal to generate a webhook URL and token. Then locate the HEC export or webhook configuration in your source tool, enter the URL and token, and confirm logs are flowing into CompassOne.