Integrations
15 live
EDR Endpoint detection & response
CrowdStrike Falcon
EDR · Endpoint telemetry
CS
Live
OAuth · device + detectionsConfigured
Microsoft Defender for Endpoint
EDR · Endpoint telemetry
MD
Live
Graph API · alertsConfigured
SentinelOne
EDR · Endpoint telemetry
S1
Live
API token · threatsConfigured
SIEM Log & event correlation
Splunk
SIEM · Search & correlation
SP
Live
HEC · saved searchesConfigured
Microsoft Sentinel
SIEM · Cloud-native
MS
Live
Log Analytics · KQLConfigured
Scanner Vulnerability assessment
Tenable.io
Scanner · Vuln management
TN
Live
API keys · asset vulnsConfigured
Qualys VMDR
Scanner · Vuln management
QY
Live
Basic auth · scan resultsConfigured
CSPM Cloud posture management
AWS Security Hub
CSPM · Cloud findings
AW
Live
IAM role · ASFF findingsConfigured
Microsoft Secure Score
CSPM · M365 posture
MS
Live
Graph API · control scoresConfigured
Identity IdP & access
Microsoft Entra ID
Identity · Directory & SSO
EN
Live
Graph API · sign-ins, MFAConfigured
Okta
Identity · Directory & SSO
OK
Live
SSWS token · system logConfigured
Patch Patch & configuration
Microsoft SCCM
Patch · Config Manager
CM
Live
WMI · update complianceConfigured
Microsoft Intune
Patch · MDM compliance
IN
Live
Graph API · device stateConfigured
Tanium
Patch · Endpoint management
TA
Live
API token · patch statusConfigured
Feed Threat intelligence
CISA KEV
Feed · Known Exploited Vulns
KEV
Live
Public feed · no authConfigured
Data both ways
300+ REST API Inbound webhooks (HMAC) Outbound webhooks (signed) CSV export
New connectors take ~days to land — they ride the same shared integration framework, so adding a source is config, not a rebuild.