Integrations allow you to exchange data with third-party applications. With the integrations feature, you can set up a connection to a third-party application and then call that connection from your playbook.

To add an integration, click on Automations > Integration on the left navigation. The Automation Library pops-up that lists all the available integrations. To know more about how to add integration, see Add an Integration Connection.

Integration Details

The integrations contains the following details categorized in each tabs:

  • Connections: This tab details the area list all of the connections for the integration, with an alert indicator for any that have errors.
    To add a new connection for the integration:

    1. Click + in the connections tab.
    2. Enter the configuration information, which depends on the selected integration, and click Save.
  • Actions: This tab lists the actions that can be selected when the integration is added to a playbook. Each integration in the respective category contains a set of predefined actions that you may want to add to your playbook based on your needs. To know more, see How to Add an Integration.

  • Used By: This tab lists all the playbooks that currently use the selected integration.

All Integrations

LogicHub offers a library of out-of-the-box integrations for your playbooks. To know more about each integration, click on its name.

Abnormal SecurityAbnormal Security is for managing threats to an organization identified by Abnormal Security. The organization should be integrated with Abnormal Security and enabled for real-time detection of malicious emails.
AbsoluteThe Absolute® Platform leverages a cloud-based, highly-available and secure multi-tenant architecture that is available across different regions. It’s comprised of a variety of foundational components that power Absolute product features that are being leveraged by the company’s enterprise customers and ecosystems partners alike.
AbuseIPDBAbuseIPDB is dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
Accenture MSSLeverage the power of Accenture Managed Security Services for continual threat monitoring and customized guidance 24x7
Active DirectoryActive Directory is a directory service that Microsoft developed for Windows domain networks.
AkamaiAkamai secures content, data, and applications across all your data centers and cloud providers, so you can harness the power of a multi-cloud world while maintaining governance and control.
Akamai API GatewayThe Akamai API Gateway governs your API traffic by authenticating, authorizing, and controlling requests from API consumers.
Alexa Web Information ServiceThe Alexa Web Information Service API makes Alexa's vast repository of information about the web traffic and structure of the web available to developers.
AlienVault OTXAlienVault unifies all of your essential security tools in one location and combines them with real-time threat intelligence.
AlienVault USMAlienVault USM is a SaaS security monitoring platform designed to centralize threat detection, incident response, and compliance management of cloud, hybrid cloud, and on-premises environments from a cloud-based console.
Amazon AWSAmazon Web Services (AWS) is a subsidiary of that provides on-demand cloud computing platforms to individuals, companies, and governments, on a paid subscription basis.
Amazon EC2Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.
Amazon EC2 (Assumed Role)Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.
Amazon S3Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry leading scalability, data availability, security, and performance.
AnomaliAnomali is a Threat Intelligence Platform that enables businesses to integrate security products and leverage threat data to defend against cyber threats.
Anomali MatchAnomali Match is a Threat Detection Engine purpose-built to automate and speed time to detection in your environment. Anomali Match correlates twelve months of metadata against active threat intelligence to expose previously unknown threats to your organization.
AnyrunAnyrun is a service that allows cybersecurity specialists to detect, analyze, and monitor cybersecurity threats. It is the interactive online malware analysis sandbox, where the user controls the flow of the analysis.
Apache KafkaApache Kafka is a stream-processing software platform that aims to provide a unified, high-throughput, low-latency platform for handling real-time data feeds. can be defined as Threat Intelligence SaaS for developers and product companies that want to know in realtime if their existing or potential users have been classified as 'abusers' by one or more of these lists.
ApivoidApivoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention, reducing and automating the manual work of security analysts.
Area 1 SecurityArea 1 Security offers Application Programming Interfaces (APIs) to expose our phishing campaign rulesets. These APIs both aid research and provide a set of indicators to block using network security edge devices.
ARIN WhoisARIN Whois is a directory service for accessing registration data contained within ARIN's registration database.
ArcSight ESMArcSight Enterprise Security Manager sits centrally within an organization, collecting and analyzing events from across systems and security tools. It detects security threats in real time so that analysts respond quickly, and it scales to meet demanding security requirements.
AWS CloudTrailAWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
AWS CloudWatch LogsCloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service.
AWS EKSAmazon Elastic Kubernetes Service (AWS EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.
AWS EKS (Assumed Role)Amazon Elastic Kubernetes Service (AWS EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.
AWS IAMAWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.
AWS IAM (Assumed Role)AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.
AxoniusAxonius is a cybersecurity asset management solutions that offers a comprehensive IT asset inventory and network security policy enforcement.
Azure ComputeWhether you are building new applications or deploying existing ones, Azure compute provides the infrastructure you need to run your apps.
Azure MonitorAzure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Azure Security CenterAzure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud.
Azure SentinelMicrosoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
Azure StorageAzure Blob storage is Microsoft's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data.
BitdefenderBitdefender provides anti-virus software, internet security software, endpoint security software, and other cyber security products and services.
BlamelessBlameless is the end-to-end SRE platform, empowering teams to optimize the reliability of their systems without sacrificing innovation velocity.
BoxBox is a platform for Secure Content Management, Workflow, and Collaboration. That focuses on cloud content management and file sharing service for businesses.
C1fappC1fApp is a threat feed aggregation application, providing a single feed, both Open Source and private.
CA Service DeskCA Service Desk Manager is a cloud-based IT service and support management solution. Primary features include change management, incident management, automation support, self-service, predefined services, and workflows and reporting.
Carbon Black ResponseCarbon Black Response is a highly scalable, real-time EDR with unparalleled visibility for top security operations centers and incident response teams.
Carbon Black Response v2Carbon Black Response is a highly scalable, real-time EDR with unparalleled visibility for top security operations centers and incident response teams. V2 version is developed for Carbon Black Response API's latest version.
Case ManagementAn Integration to manage LogicHub Cases. It can create new cases, get all cases, get a specific case's details and update or delete a case.
CensysCensys is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet.
CheckPhish AICheckPhish uses deep learning, computer vision, and NLP to mimic how a person would look at, understand, and draw a verdict on a suspicious website.
Checkpoint FirewallCheckpoint firewall features centralized management control across all networks and cloud environments, increasing operational efficiency and lowering the complexity of managing your security.
ClickSendClickSend is a cloud-based service that lets you send and receive SMS, Email, Voice, Fax, and Letters worldwide.
CloudflareCloudflare provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services.
Computer Incident Response Center (CIRCL)CIRCL is a government-driven initiative designed to gather, review, report, and respond to computer security threats and incidents.
ConfluenceConfluence is a collaboration tool used to help teams to collaborate and share knowledge efficiently.
Cisco AMPCisco AMP is an intelligence-powered, integrated, enterprise-class advanced malware analysis and protection solution.
Cisco IronportThe Cisco IronPort Hosted Email Security solution cleans up all inbound mail by using industry leading anti-spam, anti-virus, and other rules. This ensures that the mail traffic that reaches the customer premises is free from email malware.
Cisco FirePowerCisco FirePower delivers an integrated threat defense across the entire attack continuum - before, during, and after an attack. It combines the proven security capabilities of the Cisco ASA Firewall with industry-leading Sourcefire threat and advanced malware protection features in a single device.
Cisco Secure EndpointCisco Secure Endpoint offers cloud-delivered next-generation antivirus and advanced endpoint detection and response.
Cisco StealthwatchCisco stealthwatch is a network analysis tool built to protect your cloud assets and private network.
Cisco Stealthwatch EnterpriseCisco Stealthwatch Enterprise drastically enhances threat defence by giving detailed network visibility and security analytics.
Cisco TalosIP Reputation center.
Cisco ThreatGridThreat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware. With a robust, context-rich malware knowledge base, you will understand what malware is doing, or attempting to do, how large a threat it poses, and how to defend against it.
Cisco UmbrellaCisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. By learning from internet activity patterns, Umbrella automatically uncovers current and emerging threats.
CMDBuildCMDBuild is an open source web enterprise environment to configure custom applications for asset management.
Cortex XDRCortex XDR stitches together data from the endpoint, network, and cloud in a robust data lake. Applying advanced machine learning and analytics, it identifies threats and benign events with superior accuracy and gives analysts contextualized information, simplifying and accelerating investigations. This integration supports 'public_api/v1' endpoint.
CrowdStrikeCrowdStrike Falcon Host uniquely combines an array of powerful methods to provide prevention against the rapidly changing tactics, techniques and procedures (TTPs) used by adversaries to breach organizations - including commodity malware, zero-day malware and even advanced malware-free attacks.
CrowdStrike Falcon Host (OAuth Based)CrowdStrike Falcon Host uniquely combines an array of powerful methods to provide prevention against the rapidly changing tactics, techniques and procedures (TTPs) used by adversaries to breach organizations - including commodity malware, zero-day malware and even advanced malware-free attacks.
CRXcavatorCRXcavator is an automated Chrome extension security assessment tool that assigns risk scores to extensions based on an objective set of criteria.
CuckooCuckoo is an open-source automated malware analysis system. It's used to automatically run and analyze files and collect comprehensive analysis results that outline what the malware does while running inside an isolated operating system.
Cyberark EPMCyberArk Endpoint Privilege Manager provides holistic endpoint protection to secure all endpoints and enforce least privilege without disrupting business.
CybereasonThe Cybereason Response Interface enables security teams to quickly respond to detected threats by killing processes and isolating machines.
CylanceCylance is revolutionizing cybersecurity with AI based solutions that predict and prevent execution of advanced threats and malware at the endpoint.
DarktraceDarktrace's Enterprise Immune System uses proprietary machine learning and AI algorithms to build a so-called "pattern of life" for every network, device, and user within an organization. It then employs correlation techniques to classify and cross-reference these models, establishing a highly accurate understanding of 'normal activity' within that particular environment.
DemistoDemisto is a leading Security Orchestration, Automation, and Response (SOAR) platform that helps security teams accelerate incident response, standardize and scale processes.
DatadogDatadog is the essential monitoring and security platform for cloud applications. It brings together end-to-end traces, metrics, and logs to make your applications, infrastructure, and third-party services entirely observable. These capabilities help businesses secure their systems, avoid downtime, and ensure customers are getting the best user experience.
DevoDevo delivers real-time operational and business value from analytics on streaming and historical data to operations, IT, security and business teams.
DNSDelivers various actions related to DNS.
DomainToolsDomainTools is a leading provider of Whois and other DNS profile data for threat intelligence enrichment. It is a part of the Datacenter Group (DCL Group SA). DomainTools data helps security analysts investigate malicious activity on their networks. Using IOCs (Indicators of Compromise), including domains and IPs, analysts can build a map of connected infrastructure. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.
DropboxDropbox is a file hosting service, that offers cloud storage, file synchronization, personal cloud, and client software.
Duo SecurityDuo security is a user-centric access security platform with two-factor authentication to protect access to sensitive data for all users, devices, and applications.
ElasticsearchElasticsearch is a search engine based on Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.
Emerging ThreatsEmerging Threats delivers the most timely and accurate threat intelligence. Our fully verified intel provides deeper context and integrates seamlessly with your security tools to enhance your decision-making.
Exchange (EWS)Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. This integration relies on EWS being enabled for the server.
Exchange (Quarantine Messages)Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. This integration relies on EWS being enabled for the server.
Exchange Online (Graph API)Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. This integration relies on EWS being enabled for the server.
ExpelExpel is a SOC-as-a-service platform that provides security monitoring and response for cloud, hybrid, and on-premises environments.
Falcon SandboxFalcon Sandbox performs deep analysis of evasive and unknown threats, enriches the results with threat intelligence and delivers actionable indicators of compromise (IOCs), enabling your security team to better understand sophisticated malware attacks and strengthen their defenses.
Farsight Security DNSDBFarsight Security's DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.
FidelisFidelis Elevate is a complete network and endpoint automated threat detection and response platform that improves SOC effectiveness and efficiency. It delivers comprehensive visibility, alert validation, and increased speed to a response by applying industry-leading threat intelligence (Fidelis Insight) to real-time and historical data.
File ToolsManipulating files through the file integrations API
FireEye ETPFireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.
FireEye HelixFireEye Helix is a security operations platform that makes it simple to deliver advanced security to any organization. It surfaces unseen threats and empowers expert decisions with frontline intelligence to take back control of your defenses and capture the untapped potential of your security investments.
FlashpointFlashpoint is the globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet
FortiSIEMFortiSIEM provides organizations with a comprehensive, holistic and scalable solution, from IoT to the Cloud, with patented analytics that are actionable to tightly manage network security, performance and compliance standards, all delivered through a single pane of glass view of the organization.
FreshserviceFreshservice is a cloud based IT service management software for service desk with an automation tool to manage incidents, assets and other facilities.
GitHubGitHub provides an action to get the list of organization-public activities performed by a user.
Google BigtableGoogle Bigtable is a distributed, column-oriented data store created by Google Inc. to handle very large amounts of structured data associated with the company's Internet search and Web services operations. Bigtable was designed to support applications requiring massive scalability; from its first iteration, the technology was intended to be used with petabytes of data. The database was designed to be deployed on clustered systems and uses a simple data model that Google has described as "a sparse, distributed, persistent multidimensional sorted map." Data is assembled in order by row key, and indexing of the map is arranged according to row, column keys and timestamps. Compression algorithms help achieve high capacity.
Google CalendarGoogle Calendar is a time-management and scheduling calendar service developed by Google.
Google Cloud StorageGoogle Cloud Storage is a RESTful online file storage web service for storing and accessing data on Google Cloud Platform infrastructure.
Google ComputeGoogle Cloud Engine (GCE) is an Infrastructure as a Service (IaaS) offering that allows clients to run workloads on Google's physical hardware. Google Compute Engine provides a scalable number of virtual machines (VMs) to serve as large compute clusters for that purpose.
Google SafebrowsingSafe Browsing is a Google service that lets client applications check URLs against Google's constantly updated lists of unsafe web resources.
Google SheetsGoogle Sheets is a spreadsheet program included as part of the free, web-based Google Docs Editors suite offered by Google.
Google StackdriverGoogle Stackdriver is a monitoring service that provides IT teams with performance data about applications and virtual machines running on the Google Cloud Platform and Amazon Web Services public cloud. Google Stackdriver performs monitoring, logging and diagnostics to help businesses ensure optimal performance and availability. The service gathers performance metrics and metadata from multiple cloud accounts and allows IT teams to view that data through custom dashboard, charts and reports.
GRR Authentication InformationGRR Rapid Response is an incident response framework focused on remote live forensics.
Have I Been Pwned?Have I Been Pwned? is a website that allows internet users to check if their personal data has been compromised by data breaches.
HCL BigFixHCL BigFix provides system administrators with remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory functionality.
HumioHumio is a live observability platform that enables data aggregation, exploration, reporting and analysis from a range of sources. The purpose-built logging tool features innovative data storage and in-memory search/query engine technologies.
Hybrid AnalysisHybrid Analysis is a free malware analysis service for the community.
IBM OMNIbus via postemsgUse IBM's "postemsg" binary to post an event to OMNIbus using non-Tivoli communication.
IBM QRadarIBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.
IBM X-ForceIBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats.
IMAPInternet Message Access Protocol is a standard protocol used by e-mail clients to retrieve messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 3501.
IntezerIntezer is a platform built to analyze and investigate every alert like an experienced security analyst and reverse engineer.
IP Quality ScoreThe IPQualityScore fraud detection API suite features a variety of different risk analysis APIs designed to Proactively Prevent Fraud™ with industry leading accuracy to identify fraudulent users, suspicious payments, and abusive behavior.
IPStackIPStack offers one of the leading IP to geolocation APIs and global IP database services worldwide.
JAMFWith Jamf, IT and security teams are able to confidently manage and protect the devices, data and applications used by their end-users without getting in the way of the intended Apple experience.
JDBCConnects to database using JDBC. Supports connection to Postgres via postgreSQL-42.5.3.
JiraJira provides bug tracking, issue tracking, and project management functions.
JoeSecurity SandboxJoe Sandbox is a multi technology platform which uses instrumentation, simulation, hardware virtualization, hybrid and graph - static and dynamic analysis. Rather than focus on one technology Joe Sandbox combines the best parts of multiple techniques. This enables deep analysis, excellent detection and big evasion resistance.
JumpCloudJumpCloud's revolutionary directory unifies device and identity on Windows, Mac, and Linux with cloud based SSO, MDM, MFA, PAM, and more.
KnowBe4KnowBe4 is the world’s largest integrated platform for security awareness training combined with simulated phishing attacks.
LastlineLastline offers network-based security breach detection and other security services.
LogentriesLogentries is an easy-to-use, self-hosted log management and analytics service for teams of all sizes.
LogRhythmLogRhythm is an enterprise-class platform that seamlessly combines SIEM, log management, file integrity monitoring and machine analytics with host and network forensics in a unified Security Intelligence Platform.
MalShareThe MalShare Project is a collaborative effort to create a community driven public malware repository that works to build additional tools to benefit the security community at large.
Malware Domain ListMalware Domain List provides a public of domains that host malware.
MandiantMandiant Solutions brings together the world’s leading threat intelligence and frontline expertise with continuous security validation to arm organizations with the tools needed to increase security effectiveness and reduce business risk.
MaxMindMaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.
McAfee ATDMcAfee Advanced Threat Defense enhances protection from the network edge to the endpoint and enables investigation.
McAfee ePOMcAfee ePolicy Orchestrator provides a web application programming interface (API) that allows you to script and automate common management activities.
McAfee ESMMcAfee Enterprise Security Manager is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats.
MetadefenderMetadefender is a powerful and flexible security solution for ISVs, IT admins, and malware researchers, providing simultaneous access to data sanitization (CDR), vulnerability assessment, multiple anti-malware engines, heuristics, and additional threat protection technologies residing on a single system.
Micro Focus ArcSight LoggerArcSight Logger delivers a universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise machine data.
Microsoft 365 DefenderMicrosoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents.
Microsoft Azure NSG Flow LogsNSG flow logs are stored in a storage account in block blobs. Block blobs are made up of smaller blocks. Each log is a separate block blob that is generated every hour. New logs are generated every hour, the logs are updated with new entries every few minutes with the latest data.
Microsoft Cloud App SecurityMicrosoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
Microsoft Defender for EndpointMicrosoft Defender for Endpoint is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Microsoft GraphMicrosoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.
Microsoft Identity And Access (Graph)Microsoft Identity And Access (Graph) is the gateway to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization.
Microsoft SQL ServerMicrosoft SQL Server (MSSQL for short) is a relational database management system developed by Microsoft.
Microsoft TeamsMicrosoft Teams is a unified communication and collaboration platform that combines persistent workplace chat, video meetings, file storage (including collaboration on files), and application integration.
MimecastMimecast is an cloud-based email management service for security, archiving, and continuity services to protect business mail.
Minerva LabsMinerva Labs is cyber security company that offers a unique low footprint endpoint prevention platform.
MISPA threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
MistNetMistNet provides a machine learning (ML)-driven network threat detection and response solution and a built-in MITRE ATT&CK™ Engine that eliminates blind spots and monitors your organization’s network in real time.
MongoDBMongoDB is a free and open-source cross-platform document-oriented database.
MxToolboxMxToolbox is an online MX record and all-inclusive DNS tool. is the #1 World Live Whois IP Source.
MySQLMySQL is the world’s most popular open source database. With its proven performance, reliability, and ease-of-use, MySQL has become the leading database choice for web-based applications.
NaveriskAutomating IT Services. Naverisk has been helping MSPs and IT Pros deliver first-class IT services.
NessusNessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.
NetBIOSNetBIOS is an OSI Session Layer 5 Protocol and a service that allows applications on computers to communicate with one another over a local area network (LAN). It is a non-routable Protocol and NetBIOS stands for Network Basic Input/Output System.
NetskopeNetskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data.
NetwitnessNetWitness is an Evolved SIEM and Open XDR platform that accelerates threat detection and response.
NeutrinoNeutrino API launched back in 2013 on a mission to fix those inherently complex problems which crop up on almost all software projects. The Neutrino API platform provides a highly available, performant global network that lets developers focus on their product and not on building and maintaining complex in-house tools not relevant to their core business.
NexposeNexpose, Rapid7's on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact.
NinjaRMMNinjaRMM provides intuitive endpoint management software to managed service providers (MSPs) and IT professionals.
NmapNmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
ObsidianObsidian is the cloud detection and response solution that delivers unified visibility of users, privileges and activity in SaaS, allowing you to detect and investigate breaches, uncover insider threats, and secure SaaS apps without affecting productivity.
OktaOkta is an integrated identity and mobility management service. Built from the ground up in the cloud, Okta securely and simply connects people to their applications from any device, anywhere, at anytime. Okta integrates with existing directories and identity systems, as well as thousands of on-premises, cloud and mobile applications, and runs on a secure, reliable and extensively audited cloud-based platform.
OpenPhishOpenPhish identifies phishing sites and performs intelligence analysis in real time without human intervention and without using any external resources, such as blacklists.
OpensearchOpenSearch is a scalable, flexible, and extensible open-source software suite for search, analytics, and observability applications licensed under Apache 2.0.
OpsGenieOpsgenie ensures you will never miss a critical alert. With deep integrations into monitoring, ticketing, and chat tools, Opsgenie groups alerts, filters out the noise, and notifies you using multiple channels, providing the necessary information for your team to immediately begin resolution.
OracleOracle Database is a proprietary multi-model database management system produced and marketed by Oracle Corporation. It is a database commonly used for running online transaction processing, data warehousing and mixed database workloads.
OTRSOTRS is a modern, flexible ticket and process management system.
PagerDutyPagerDuty is an operations performance platform delivering visibility and actionable intelligence across the entire incident lifecycle.
Palo Alto PanoramaPanorama is the centralized management system for the Palo Alto Networks family of next-generation firewalls. It provides a single location from which you can oversee all applications, users, and content traversing your network, and then use this knowledge to create policies that protect and control the network.
RiskIQ PassiveTotalRiskIQ PassiveTotal expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall-external threats, attackers, and their related infrastructure.
PerforcePerforce Software provides enterprise-scale development tools. This includes version control, application lifecycle management, agile planning, and static analysis.
Phish.AINext-Generation Anti-Phishing Platform Powered by AI & Computer.
PhishTankAnalyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.
PostgresPostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.
Power BIIt is a collection of software services, apps, and connectors that work together to turn your unrelated sources of data into coherent, visually immersive, and interactive insights.
PowershellWindows PowerShell is a Windows command-line shell designed especially for system administrators.
Proofpoint TAPProofpoint TAP (Targeted Attack Protection) detects and prevents threats in email.
ProtectwiseProtectwise provides Cloud-Powered Network Detection & Response (NDR).
Qualys SSLVerify the reputation of a URL's SSL certificates.
Qualys Vulnerability ManagementQualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.
RandoriRandori recon provides a continuous view of your external perimeter to reduce the risks of shadow IT, misconfigurations, and process failures.
Recorded FutureRecorded Future is the world's largest intelligence company with complete coverage across adversaries, infrastructure, and targets.
Recorded Future TriageRecorded Future Triage is a state-of-the–art malware analysis sandbox, with all the features you need. High-volume sample submission in a customizable environment with detections and configuration extraction for many malware families.
ReversingLabs TitaniumCore A1000The A1000 Malware Analysis Platform supports advanced hunting and investigations through the TitaniumCore high-speed automated static analysis engine. It is integrated with file reputation services to provide in-depth rich context and threat classification on over 8 billion files and across all file types.
ReversingLabs TitaniumCloudReversingLabs TitaniumCloud Reputation Services are powerful threat intelligence solutions with up-to-date, threat classification and rich context on over 8 billion goodware and malware files.
RSA ArcherRSA Archer GRC Platform is a software that supports business-level management of governance, risk management, and compliance (GRC). The Platform allows users to adapt solutions to their requirements, build new applications, and integrate with external systems without touching a single line of code.
SailpointThe SailPoint Identity Security Cloud Platform is purpose-built for today’s enterprise demands, delivering an intelligent, autonomous identity foundation that securely fuels your business., Inc. is an American cloud computing company headquartered in San Francisco, California. Though its revenue comes from a customer relationship management (CRM) product, Salesforce also sells commercial applications of social networking through acquisition and internal development.
SANS BlacklistSANS Blacklist is a service that utilizes a radically different approach to blacklist formulation called Highly Predictive Blacklisting. Each DShield contributor can now access a unique HPB that reflects the most probable set of source addresses that will connect to that contributor's network over a prediction window that may last several days into the future.
SAP GigyaGigya offers a customer identity management platform for managing profiles, preference, opt-in and consent settings.
Screenshot MachineScreenshot Machine is a cloud service that allows capturing website images.
Securonix SNYPRSNYPR is a security analytics platform that transforms Big Data into actionable security intelligence. It delivers the proven power of Securonix analytics with the speed, scale, and affordable, long-term storage of Hadoop in a single, out-of-the box solution.
SentinelOneCyber security that prevents threats at faster speed, greater scale, and higher accuracy than humanly possible.
ServiceNowAchieve end-to-end transformation for your IT services and infrastructure through a single cloud-based platform. ServiceNow IT Service Management (ITSM) software lets you consolidate fragmented tools and legacy systems while automating service management processes.
ServiceNow - Basic AuthAchieve end-to-end transformation for your IT services and infrastructure through a single cloud-based platform. ServiceNow IT Service Management (ITSM) software lets you consolidate fragmented tools and legacy systems while automating service management processes.
SharepointSharepoint empowers teamwork with dynamic and productive team sites for every project team, department, and division. Share files, data, news, and resources. Customize your site to streamline your team's work. Collaborate effortlessly and securely with team members inside and outside your organization, across PCs, Macs, and mobile devices.
ShodanShodan lets you search for devices that are connected to the Internet.
Simulate FileInjects a dummy file to help testing / developing file-based integrations.
SlackSlack is a cloud-based set of proprietary team collaboration tools and services.
Slack Web APISlack is a cloud-based set of proprietary team collaboration tools and services.
SmartsheetSmartsheet is a software as a service offering for collaboration and work management. Smartsheet used to assign tasks, track project progress, manage calendars, share documents, and manage other work, using a tabular user interface.
SMB ActionsServer Message Block (SMB) is a network communication protocol for providing shared access to files, printers, and serial ports between nodes on a network.
SmokescreenSmokescreen's IllusionBLACK deception platform detects cyber attacks like reconnaissance, spear phishing, lateral movement, stolen credentials and data theft.
SMTPSimple Mail Transfer Protocol (SMTP) is a standard communication protocol for sending email messages on business networks and the Internet.
SnowflakeOne platform that power the data cloud. Execute your most critical workloads on top of Snowflake's multi-cluster shared data architecture in a fully managed way.
SplunkTurn Machine Data Into Answers. Splunk delivers real-time answers and business value from machine data so you can make better decisions.
SpyCloudSpyCloud recaptures data from the criminal underground to illuminate risk you didn’t even know you had across your enterprise, vendors, and customers — so your team can take immediate action.
SSHSSH lets you run a command on a remote host.
Sumo LogicSumo Logic is a platform for monitoring, analyzing, troubleshooting, and visualizing data from your application and network environment.
Symantec Data Loss and Prevention (DLP)With Symantec Data Loss Prevention, you can discover, monitor and protect sensitive data wherever it's used - in the office, on the road, or in the cloud. It gives you complete visibility and control across the broadest range of data loss channels: cloud apps, endpoints, data repositories, and email and web communications.
Symantec Endpoint Detection and Response (EDR)Symantec Endpoint Security (SES) Complete delivers comprehensive protection for all your traditional and mobile devices across the entire attack chain.
SyslogSend events to remote syslog server.
TAXIITAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.
TCelltCell makes web application security easy for companies using Agile, DevOps, Cloud, and Microservices by enabling web apps to protect itself.
TelegramTelegram is a free and open source, cross-platform, cloud-based instant messaging software. The service also provides end-to-end encrypted video calling.
TenableManaged on-premises and powered by Nessus technology, the suite of products provides the a comprehensive vulnerability coverage with real-time continuous assessment of a network. It’s a complete end-to-end vulnerability management solution.
TheHiveTheHive is a scalable, open source and free security incident response platform.
ThreatminerAn open source search engine for fast threat intelligence research & pivoting with context.
Trend Micro Cloud ConformityTrend Micro Cloud Conformity provides continuous security, compliance, and governance for your cloud infrastructure.
Trend Micro Workload SecurityTrend Micro workload security protects endpoints, servers, and cloud workloads through unified visibility, management, and role-based access control.
TruSTARTruSTAR is an intelligence management platform that helps enterprises easily enrich and operationalize their security data. The platform uses Enclave architecture to fuse and correlate intelligence sources, helping analysts speed investigations and simplify workflows.
TwilioTwilio allows software developers to programmatically make and receive phone calls and send and receive text messages using its web service APIs. API provides an easy method to unshorten a wide range of shortened URLs. is a service which analyzes websites and the resources they request. Much like the Inspector of browser, will let you take a look at the individual resources that are requested when a site is loaded.
UtilitiesBucket for miscellaneous utility integrations.
Virus TotalVirustotal can be used to analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.
VMRayVMRay Threat Identifier (VTI) identifies and flags malicious behavior in an uploaded file, generating an overall severity score of malicious behavior.
VMWareVMware Workspace ONE is an intelligence-driven digital workspace platform that enables you to simply and securely deliver and manage any app on any device, anywhere.
Web APIWeb API integration allows you to execute any Web API and retrieve results.
Webroot BrightCloudThe Webroot BrightCloud Web Classification and Web Reputation Services provide the most effective way to block access to unwanted content and protect users against web-based threats.
WildFirePalo Alto WildFire cloud-based threat analysis service is the industry's most advanced analysis and prevention engine for highly evasive zero-day exploits and malware.
xMattersxMatters helps identify, prevent, and resolve IT issues before they impact customers whether it's a simple bug fix or a complex major incident.
YETIYeti is all about organizing observables, indicators of compromise, TTPs, and knowledge on threat actors in a single, unified repository.
ZendeskZendesk provides customer service software featuring an email ticketing system for a better customer experience.
ZeroFoxZeroFox provides cloud-based software as a service for organizations to detect risks found on social media and digital channels, such as phishing, malware, scams, impersonator accounts, piracy, counterfeit and more.
ZoomZoom provides video telephony and online chat services through a cloud-based peer-to-peer software platform and is used for teleconferencing, telecommuting, distance education, and social relations.
ZscalerZscaler is a global cloud-based information security company that provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of Things environments. Zscaler provides a cloud-based approach to security as a service.
Zscaler ZPAThe Zscaler Private Access (ZPA) service enables organizations to provide access to internal applications and services while ensuring the security of their networks. ZPA is an easier-to-deploy, more cost-effective, and more secure alternative to VPNs. Unlike VPNs, which require users to connect to your network to access your enterprise applications, ZPA allows you to give users policy-based secure access only to the internal apps they need to get their work done. With ZPA, application access does not require network access.