# Webhook Ingestion Astral provides native support for **webhook-based ingestion**, allowing external systems to send security events directly to the platform in real time. This capability enables fast and flexible integration with applications, security tools, and services that can actively push events as they occur, without the need for polling, agents, or intermediate storage. Through the Astral ingestion webhook, external sources can transmit structured event data directly into the SIEM. This model is well suited for custom applications, third-party platforms, and services that generate security-relevant events but do not support traditional log forwarding or API-based collection. Webhook ingestion ensures low latency and near real-time visibility into externally generated activity. Events received via webhook are processed through Astral’s standard analysis pipeline. Incoming data is analyzed, interpreted, normalized, and correlated with events from other ingestion methods, including logs, network monitoring, API-based sources, and SNMP. This unified processing ensures that webhook-based events are treated consistently and enriched with contextual information from across the environment. By enabling direct webhook ingestion, Astral extends its monitoring capabilities to virtually any system capable of emitting events. These events become part of the same operational security workflow, supporting identification, prioritization, and automated response through Inopli’s Response and RPA capabilities, while maintaining centralized visibility and auditability. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/data-ingestion/log-sources/webhook-ingestion.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.