Smallstep Webhooks allow your application to subscribe to SSH session and certificate events.  Whenever a ssh session is created, a user change event happens, and a session is ended we will make an HTTP POST to the callback UR you specify.

To configure smallstep Webhooks expand the menu in the lower left corner of the admin page and choose settings. Then under Notifications and Alerts, select Webhooks. 

Alternate direct URL is<your_team>/settings/webhooks

Enter the name, url,  authorization type, and authorization.

Be sure value entered for Basic auth is base64 encoded

Next, add any custom headers if required by your SIEM stack for receiving the events data.

Click the Test button to make sure your webhook is configured properly.  If successful you will see a HTTP Post request to your SIEM with the  payload below:

  "category": "test-post"

Click save.

You should immediately start seeing session requests posted to your external SEIM.