Claude
Brava ingests the Anthropic Claude activity feed via the Compliance API and turns it into fully-leveraged security telemetry — normalized, enriched, and routed into your SIEM, data lake, and archive, and searchable in Aquarium. One feed powers monitoring, insider risk, retention, and governance, with no custom collectors to build.
Brava polls GET /v1/compliance/activities for 300+ audit and activity types — no Edge Collector required.
Events are parsed to a consistent schema and attributed to their actor — Claude telemetry sits alongside your estate, not in a silo.
Fan out to Splunk, Sentinel, S3, and more — and into Aquarium for ad-hoc and AI-driven investigation.
Reference the claude_compliance source, pick your destinations, and optionally filter by activity type. The feed carries activity events — not prompts or model responses. Secrets are referenced by name.
apiVersion: brava.io/v1 kind: Pipeline spec: source: type: claude_compliance name: Anthropic Claude config: api_key: "${CLAUDE_COMPLIANCE_API_KEY}" # x-api-key destinations: - type: splunk_hec config: token: "${SPLUNK_HEC_TOKEN}" index: claude
Add Anthropic Claude as a source in minutes. No collectors to deploy, no schema to wrangle.