https://docs.heartsecsuite.com/docs/alerts/Recent content in Alert Settings on Root Lock by HeartSuiteHugoenhttps://docs.heartsecsuite.com/docs/alerts/siem-integration/Mon, 01 Jan 0001 00:00:00 +0000https://docs.heartsecsuite.com/docs/alerts/siem-integration/<p><strong>Overview</strong>: Root Lock by HeartSuite integrates with your existing SIEM, EDR, and observability stack via syslog (journald/rsyslog) and webhook. This is the scale path for larger teams: configure once (in the Dashboard under Alert Settings → Fleet tab) and let your central tooling handle monitoring, correlation, and alerting. There is no requirement to run the TUI on every host for day-to-day fleet visibility.</p> <p>The raw enforcement decisions and higher-level alerts are emitted in real time. SIEM platforms receive the full picture; incident tools receive actionable events.</p>https://docs.heartsecsuite.com/docs/alerts/central-policy-management/Mon, 01 Jan 0001 00:00:00 +0000https://docs.heartsecsuite.com/docs/alerts/central-policy-management/<p><strong>Overview</strong>: HeartSuite is designed to be driven by your existing central tooling. The Dashboard is the operator experience for a single host; enterprises use their control planes to manage policy and observe at scale.</p> <p>There is no built-in multi-host push from a HeartSuite server. Each host enforces its own allowlist, and Lockdown seals that allowlist on the device. Policy is applied per-host by your automation, with rich export surfaces for central consumption and attribution. This model lets you keep ownership of policy curation, change approval, and fleet-wide visibility inside the tools you already run (Ansible, Terraform, GitOps repositories, ServiceNow, Splunk, Elastic, custom orchestration).</p>