feat: add webhook & syslog data-forwarding integration docs

Port integration data-forwarding documentation (webhook, syslog,
syslog-audit) from quilrai/docs#21. Nest under platform-areas/integrations
(converted integrations.md to folder index), add TOCItems theme override,
webhook sample-payload accordion styles, and BarChart2 sidebar icon.

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: v1sheshh

docs/overview.md

@@ -107,7 +107,7 @@ AI Gateway includes LLM Gateway and MCP Gateway.
 
 Browser Extension and Endpoint Agent settings cover deployment, deployment management, deployment status, whitelisting, detection configuration, DLP actions, and browser monitoring behavior.
 
-### [Integrations](./platform-areas/integrations.md)
+### [Integrations](./platform-areas/integrations/index.md)
 
 Integrations help connect QuilrAI to identity providers, device management systems, SaaS platforms, cloud services, and AI services. The current platform includes connected and available connector views, instance configuration, and integration documentation for Okta, Jamf, ChatGPT, and AWS.
 

docs/platform-areas/browser-extension.md

@@ -49,7 +49,7 @@ depend on forced login and background tab reading.
 
 - [Findings](./findings.md)
 - [Endpoint Agent](./endpoint-agent.md)
-- [Integrations](./integrations.md)
+- [Integrations](./integrations/index.md)
 - [Audit Log And Exports](./audit-log-and-exports.md)
 
 ## Access Requirements

docs/platform-areas/integrations/_category_.json

@@ -0,0 +1,11 @@
+{
+  "label": "Integrations",
+  "position": 12,
+  "link": {
+    "type": "doc",
+    "id": "platform-areas/integrations/index"
+  },
+  "customProps": {
+    "icon": "Plug"
+  }
+}

docs/platform-areas/integrations/data-forwarding/_category_.json

@@ -0,0 +1,11 @@
+{
+  "label": "Data Forwarding",
+  "position": 1,
+  "link": {
+    "type": "generated-index",
+    "description": "Payload contracts and field-level schemas for Quilr's outbound data delivery channels."
+  },
+  "customProps": {
+    "icon": "ClipboardList"
+  }
+}

docs/platform-areas/integrations/data-forwarding/syslog-audit.md

@@ -0,0 +1,61 @@
+---
+sidebar_position: 3
+sidebar_label: Syslog Audit
+sidebar_custom_props:
+  icon: ClipboardList
+---
+
+# Syslog Audit
+
+Forwards audit log events to your syslog server. Supports optional filtering to control which audit events are delivered.
+
+## Setup
+
+1. Go to **Integrations** and open the **Available** tab.
+2. Click **+ Add** on the **Syslog Audit** tile.
+3. Fill in the connection parameters:
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| Syslog Server IP/Domain | Yes | IP address or hostname of your syslog server |
+| Syslog Server Port | Yes | Port your syslog server listens on |
+| Protocol | Yes | Transport protocol: `TCP`, `UDP`, or `TLS` |
+| Message Format | No | `RFC 5424` (default) or `RFC 3164` |
+| Facility | No | Syslog facility to use for outgoing messages |
+| Forwarding Scope | Yes | `Send All Audits` forwards every audit event. `Send Filtered Audits` activates the user condition filter below. |
+
+4. If you selected **Send Filtered Audits**, use **Configure user condition** to add filter rules that control which audit events are forwarded.
+5. Click **Save**.
+
+## Payload
+
+Messages are delivered using the selected wire format. RFC 5424 example:
+
+```
+<142>1 2024-01-15T10:30:00Z hostname quilr-siem-service - - - {json_body}
+```
+
+The JSON body contains the audit log event:
+
+```json
+{
+  "event_source": "quilr-audit",
+  "event": {
+    "trace_id": "uuid-v4",
+    "subscriber": "subscriber-id",
+    "tenant": "acme-corp",
+    "service_name": "quilr-entities-service",
+    "event_code": "USR-001",
+    "task": "CREATE_USER",
+    "category": "USER_MANAGEMENT",
+    "resource_type": "USER",
+    "resource": "user@acme.com",
+    "status": "SUCCESS",
+    "log_level": "INFO",
+    "actioned_by": "admin@acme.com",
+    "actioned_at": "2024-01-15T10:30:00.000Z",
+    "extra_info": {},
+    "error_info": {}
+  }
+}
+```

docs/platform-areas/integrations/data-forwarding/syslog.md

@@ -0,0 +1,80 @@
+---
+sidebar_position: 2
+sidebar_label: Syslog
+sidebar_custom_props:
+  icon: Activity
+---
+
+# Syslog
+
+Forwards the Extension findings to your syslog server based on the controls configured.
+
+## Setup
+
+1. Go to **Integrations** and open the **Available** tab.
+2. Click **+ Add** on the **Syslog** tile.
+3. Fill in the connection parameters:
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| Syslog Server IP/Domain | Yes | IP address or hostname of your syslog server |
+| Syslog Server Port | Yes | Port your syslog server listens on |
+| Protocol | Yes | Transport protocol: `TCP`, `UDP`, or `TLS` |
+| Message Format | No | `RFC 5424` (default) or `RFC 3164` |
+| Facility | No | Syslog facility to use for outgoing messages |
+
+4. Click **Allow**.
+
+## Payload
+
+Messages are delivered using the selected wire format. RFC 5424 example:
+
+```
+<134>1 2024-01-15T10:30:00Z hostname quilr-siem-service - - - {json_body}
+```
+
+The JSON body contains the raw finding with browser and endpoint context:
+
+```json
+{
+  "event_source": "quilr-alert",
+  "event": {
+    "id": "uuid",
+    "tenant": "acme-corp",
+    "subscriber": "subscriber-id",
+    "subProduct": "browser extension",
+    "timestamp": 1705312200000,
+    "data": {
+      "user": {
+        "username": "jdoe",
+        "accountname": "jdoe@acme.com",
+        "machinename": 24371751139089044,
+        "email_label": "PRIMARY"
+      },
+      "browser": {
+        "name": "Google Chrome",
+        "version": "138.0.7204.101",
+        "os": "macOS:14.6.0"
+      },
+      "application": {
+        "name": "ChatGPT",
+        "url": "https://chat.openai.com"
+      },
+      "check": {
+        "id": "CID_101",
+        "name": "data_leak_prevention",
+        "properties": {
+          "control": "sensitive-data-prevention",
+          "context_id": "ctx-abc-123",
+          "mode": "Allow_Original_Prompt_With_Mandatory_Justification",
+          "alert_type": "finding",
+          "alert_status": "open",
+          "action_name": "BLOCK",
+          "detections_original": [ "..." ],
+          "detections_final": [ "..." ]
+        }
+      }
+    }
+  }
+}
+```