Integrations allow you to exchange data with third-party applications. With the integrations feature, you can set up a connection to a third-party application and then call that connection from your playbook.

To add an integration, click on Automations > Integration on the left navigation. The Automation Library pops-up that lists all the available integrations. To know more about how to add integration, see Add an Integration Connection.


Integration Details

The integrations contains the following details categorized in each tabs:

  • Connections: This tab details the area list all of the connections for the integration, with an alert indicator for any that have errors.
    To add a new connection for the integration:

    1. Click + in the connections tab.
    2. Enter the configuration information, which depends on the selected integration, and click Save.
  • Actions: This tab lists the actions that can be selected when the integration is added to a playbook. Each integration in the respective category contains a set of predefined actions that you may want to add to your playbook based on your needs. To know more, see How to Add an Integration.

  • Used By: This tab lists all the playbooks that currently use the selected integration.


All Integrations

LogicHub offers a library of out-of-the-box integrations for your playbooks. To know more about each integration, click on its name.



Abnormal Security

Abnormal Security is for managing threats to an organization identified by Abnormal Security. The organization should be integrated with Abnormal Security and enabled for real-time detection of malicious emails.


AbuseIPDB is dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

Accenture MSS

Leverage the power of Accenture Managed Security Services for continual threat monitoring and customized guidance 24x7

Active Directory

Active Directory is a directory service that Microsoft developed for Windows domain networks.


Akamai secures content, data, and applications across all your data centers and cloud providers, so you can harness the power of a multi-cloud world while maintaining governance and control.

Akamai API Gateway

The Akamai API Gateway governs your API traffic by authenticating, authorizing, and controlling requests from API consumers.

Alexa Web Information Service

The Alexa Web Information Service API makes Alexa's vast repository of information about the web traffic and structure of the web available to developers.

AlienVault OTX

AlienVault unifies all of your essential security tools in one location and combines them with real-time threat intelligence.

AlienVault USM

AlienVault USM is a SaaS security monitoring platform designed to centralize threat detection, incident response, and compliance management of cloud, hybrid cloud, and on-premises environments from a cloud-based console.

Amazon AWS

Amazon Web Services (AWS) is a subsidiary of that provides on-demand cloud computing platforms to individuals, companies, and governments, on a paid subscription basis.

Amazon EC2

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.

Amazon EC2 (Assumed Role)

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.

Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry leading scalability, data availability, security, and performance.


Anomali is a Threat Intelligence Platform that enables businesses to integrate security products and leverage threat data to defend against cyber threats.

Anomali Match

Anomali Match is a Threat Detection Engine purpose-built to automate and speed time to detection in your environment. Anomali Match correlates twelve months of metadata against active threat intelligence to expose previously unknown threats to your organization.

Apache Kafka

Apache Kafka is a stream-processing software platform that aims to provide a unified, high-throughput, low-latency platform for handling real-time data feeds.

Apility can be defined as Threat Intelligence SaaS for developers and product companies that want to know in realtime if their existing or potential users have been classified as 'abusers' by one or more of these lists.

Area 1 Security

Area 1 Security offers Application Programming Interfaces (APIs) to expose our phishing campaign rulesets. These APIs both aid research and provide a set of indicators to block using network security edge devices.

ARIN Whois

ARIN Whois is a directory service for accessing registration data contained within ARIN's registration database.

ArcSight ESM

ArcSight Enterprise Security Manager sits centrally within an organization, collecting and analyzing events from across systems and security tools. It detects security threats in real time so that analysts respond quickly, and it scales to meet demanding security requirements.

AWS CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

AWS CloudWatch Logs

CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service.


Amazon Elastic Kubernetes Service (AWS EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.

AWS EKS (Assumed Role)

Amazon Elastic Kubernetes Service (AWS EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.


AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

AWS IAM (Assumed Role)

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.


Axonius is a cybersecurity asset management solutions that offers a comprehensive IT asset inventory and network security policy enforcement.

Azure Compute

Whether you are building new applications or deploying existing ones, Azure compute provides the infrastructure you need to run your apps.

Azure Monitor

Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.

Azure Security Center

Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud.

Azure Sentinel

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.

Azure Storage

Azure Blob storage is Microsoft's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data.


Bitdefender provides anti-virus software, internet security software, endpoint security software, and other cyber security products and services.


Blameless is the end-to-end SRE platform, empowering teams to optimize the reliability of their systems without sacrificing innovation velocity.


Box is a platform for Secure Content Management, Workflow, and Collaboration. That focuses on cloud content management and file sharing service for businesses.


C1fApp is a threat feed aggregation application, providing a single feed, both Open Source and private.

CA Service Desk

CA Service Desk Manager is a cloud-based IT service and support management solution. Primary features include change management, incident management, automation support, self-service, predefined services, and workflows and reporting.

Carbon Black Response

Carbon Black Response is a highly scalable, real-time EDR with unparalleled visibility for top security operations centers and incident response teams.

Carbon Black Response v2

Carbon Black Response is a highly scalable, real-time EDR with unparalleled visibility for top security operations centers and incident response teams. V2 version is developed for Carbon Black Response API's latest version.

Case Management

An Integration to manage LogicHub Cases. It can create new cases, get all cases, get a specific case's details and update or delete a case.


Censys is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

CheckPhish AI

CheckPhish uses deep learning, computer vision, and NLP to mimic how a person would look at, understand, and draw a verdict on a suspicious website.

Checkpoint Firewall

Checkpoint firewall features centralized management control across all networks and cloud environments, increasing operational efficiency and lowering the complexity of managing your security.


ClickSend is a cloud-based service that lets you send and receive SMS, Email, Voice, Fax, and Letters worldwide.


Cloudflare provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services.

Computer Incident Response Center (CIRCL)

CIRCL is a government-driven initiative designed to gather, review, report, and respond to computer security threats and incidents.


Confluence is a collaboration tool used to help teams to collaborate and share knowledge efficiently.

Cisco AMP

Cisco AMP is an intelligence-powered, integrated, enterprise-class advanced malware analysis and protection solution.

Cisco FirePower

Cisco FirePower delivers an integrated threat defense across the entire attack continuum - before, during, and after an attack. It combines the proven security capabilities of the Cisco ASA Firewall with industry-leading Sourcefire threat and advanced malware protection features in a single device.

Cisco Stealthwatch

Cisco stealthwatch is a network analysis tool built to protect your cloud assets and private network.

Cisco Stealthwatch Enterprise

Cisco Stealthwatch Enterprise drastically enhances threat defence by giving detailed network visibility and security analytics.

Cisco Talos

IP Reputation center.

Cisco ThreatGrid

Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware. With a robust, context-rich malware knowledge base, you will understand what malware is doing, or attempting to do, how large a threat it poses, and how to defend against it.

Cisco Umbrella

Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. By learning from internet activity patterns, Umbrella automatically uncovers current and emerging threats.


CMDBuild is an open source web enterprise environment to configure custom applications for asset management.

Cortex XDR

Cortex XDR stitches together data from the endpoint, network, and cloud in a robust data lake. Applying advanced machine learning and analytics, it identifies threats and benign events with superior accuracy and gives analysts contextualized information, simplifying and accelerating investigations. This integration supports 'public_api/v1' endpoint.


CrowdStrike Falcon Host uniquely combines an array of powerful methods to provide prevention against the rapidly changing tactics, techniques and procedures (TTPs) used by adversaries to breach organizations - including commodity malware, zero-day malware and even advanced malware-free attacks.

CrowdStrike Falcon Host (OAuth Based)

CrowdStrike Falcon Host uniquely combines an array of powerful methods to provide prevention against the rapidly changing tactics, techniques and procedures (TTPs) used by adversaries to breach organizations - including commodity malware, zero-day malware and even advanced malware-free attacks.


CRXcavator is an automated Chrome extension security assessment tool that assigns risk scores to extensions based on an objective set of criteria.


Cuckoo is an open-source automated malware analysis system. It's used to automatically run and analyze files and collect comprehensive analysis results that outline what the malware does while running inside an isolated operating system.


The Cybereason Response Interface enables security teams to quickly respond to detected threats by killing processes and isolating machines.


Cylance is revolutionizing cybersecurity with AI based solutions that predict and prevent execution of advanced threats and malware at the endpoint.


Darktrace's Enterprise Immune System uses proprietary machine learning and AI algorithms to build a so-called "pattern of life" for every network, device, and user within an organization. It then employs correlation techniques to classify and cross-reference these models, establishing a highly accurate understanding of 'normal activity' within that particular environment.


Demisto is a leading Security Orchestration, Automation, and Response (SOAR) platform that helps security teams accelerate incident response, standardize and scale processes.


Datadog is the essential monitoring and security platform for cloud applications. It brings together end-to-end traces, metrics, and logs to make your applications, infrastructure, and third-party services entirely observable. These capabilities help businesses secure their systems, avoid downtime, and ensure customers are getting the best user experience.


Devo delivers real-time operational and business value from analytics on streaming and historical data to operations, IT, security and business teams.


Delivers various actions related to DNS.


DomainTools is a leading provider of Whois and other DNS profile data for threat intelligence enrichment. It is a part of the Datacenter Group (DCL Group SA). DomainTools data helps security analysts investigate malicious activity on their networks. Using IOCs (Indicators of Compromise), including domains and IPs, analysts can build a map of connected infrastructure. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.


Dropbox is a file hosting service, that offers cloud storage, file synchronization, personal cloud, and client software.

Duo Security

Duo security is a user-centric access security platform with two-factor authentication to protect access to sensitive data for all users, devices, and applications.


Elasticsearch is a search engine based on Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

Emerging Threats

Emerging Threats delivers the most timely and accurate threat intelligence. Our fully verified intel provides deeper context and integrates seamlessly with your security tools to enhance your decision-making.

Exchange (EWS)

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. This integration relies on EWS being enabled for the server.

Exchange (Quarantine Messages)

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. This integration relies on EWS being enabled for the server.

Exchange Online (Graph API)

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. This integration relies on EWS being enabled for the server.


Expel is a SOC-as-a-service platform that provides security monitoring and response for cloud, hybrid, and on-premises environments.

Falcon Sandbox

Falcon Sandbox performs deep analysis of evasive and unknown threats, enriches the results with threat intelligence and delivers actionable indicators of compromise (IOCs), enabling your security team to better understand sophisticated malware attacks and strengthen their defenses.

Farsight Security DNSDB

Farsight Security's DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.


Fidelis Elevate is a complete network and endpoint automated threat detection and response platform that improves SOC effectiveness and efficiency. It delivers comprehensive visibility, alert validation, and increased speed to a response by applying industry-leading threat intelligence (Fidelis Insight) to real-time and historical data.

File Tools

Manipulating files through the file integrations API

FireEye ETP

FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.


Flashpoint is the globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet


FortiSIEM provides organizations with a comprehensive, holistic and scalable solution, from IoT to the Cloud, with patented analytics that are actionable to tightly manage network security, performance and compliance standards, all delivered through a single pane of glass view of the organization.


Freshservice is a cloud based IT service management software for service desk with an automation tool to manage incidents, assets and other facilities.


GitHub provides an action to get the list of organization-public activities performed by a user.

Google Bigtable

Google Bigtable is a distributed, column-oriented data store created by Google Inc. to handle very large amounts of structured data associated with the company's Internet search and Web services operations. Bigtable was designed to support applications requiring massive scalability; from its first iteration, the technology was intended to be used with petabytes of data. The database was designed to be deployed on clustered systems and uses a simple data model that Google has described as "a sparse, distributed, persistent multidimensional sorted map." Data is assembled in order by row key, and indexing of the map is arranged according to row, column keys and timestamps. Compression algorithms help achieve high capacity.

Google Calendar

Google Calendar is a time-management and scheduling calendar service developed by Google.

Google Cloud Storage

Google Cloud Storage is a RESTful online file storage web service for storing and accessing data on Google Cloud Platform infrastructure.

Google Compute

Google Cloud Engine (GCE) is an Infrastructure as a Service (IaaS) offering that allows clients to run workloads on Google's physical hardware. Google Compute Engine provides a scalable number of virtual machines (VMs) to serve as large compute clusters for that purpose.

Google Safebrowsing

Safe Browsing is a Google service that lets client applications check URLs against Google's constantly updated lists of unsafe web resources.

Google Sheets

Google Sheets is a spreadsheet program included as part of the free, web-based Google Docs Editors suite offered by Google.

Google Stackdriver

Google Stackdriver is a monitoring service that provides IT teams with performance data about applications and virtual machines running on the Google Cloud Platform and Amazon Web Services public cloud. Google Stackdriver performs monitoring, logging and diagnostics to help businesses ensure optimal performance and availability. The service gathers performance metrics and metadata from multiple cloud accounts and allows IT teams to view that data through custom dashboard, charts and reports.

GRR Authentication Information

GRR Rapid Response is an incident response framework focused on remote live forensics.

Have I Been Pwned?

Have I Been Pwned? is a website that allows internet users to check if their personal data has been compromised by data breaches.

HCL BigFix

HCL BigFix provides system administrators with remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory functionality.


Humio is a live observability platform that enables data aggregation, exploration, reporting and analysis from a range of sources. The purpose-built logging tool features innovative data storage and in-memory search/query engine technologies.

Hybrid Analysis

Hybrid Analysis is a free malware analysis service for the community.

IBM OMNIbus via postemsg

Use IBM's "postemsg" binary to post an event to OMNIbus using non-Tivoli communication.

IBM QRadar

IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.

IBM X-Force

IBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats.


Internet Message Access Protocol is a standard protocol used by e-mail clients to retrieve messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 3501.

IP Quality Score

The IPQualityScore fraud detection API suite features a variety of different risk analysis APIs designed to Proactively Prevent Fraud™ with industry leading accuracy to identify fraudulent users, suspicious payments, and abusive behavior.


IPStack offers one of the leading IP to geolocation APIs and global IP database services worldwide.


Jira provides bug tracking, issue tracking, and project management functions.

JoeSecurity Sandbox

Joe Sandbox is a multi technology platform which uses instrumentation, simulation, hardware virtualization, hybrid and graph - static and dynamic analysis. Rather than focus on one technology Joe Sandbox combines the best parts of multiple techniques. This enables deep analysis, excellent detection and big evasion resistance.


Lastline offers network-based security breach detection and other security services.


Logentries is an easy-to-use, self-hosted log management and analytics service for teams of all sizes.


LogRhythm is an enterprise-class platform that seamlessly combines SIEM, log management, file integrity monitoring and machine analytics with host and network forensics in a unified Security Intelligence Platform.


The MalShare Project is a collaborative effort to create a community driven public malware repository that works to build additional tools to benefit the security community at large.

Malware Domain List

Malware Domain List provides a public of domains that host malware.


Mandiant Solutions brings together the world’s leading threat intelligence and frontline expertise with continuous security validation to arm organizations with the tools needed to increase security effectiveness and reduce business risk.


MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

McAfee ATD

McAfee Advanced Threat Defense enhances protection from the network edge to the endpoint and enables investigation.

McAfee ePO

McAfee ePolicy Orchestrator provides a web application programming interface (API) that allows you to script and automate common management activities.

McAfee ESM

McAfee Enterprise Security Manager is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats.


Metadefender is a powerful and flexible security solution for ISVs, IT admins, and malware researchers, providing simultaneous access to data sanitization (CDR), vulnerability assessment, multiple anti-malware engines, heuristics, and additional threat protection technologies residing on a single system.

Micro Focus ArcSight Logger

ArcSight Logger delivers a universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise machine data.

Microsoft 365 Defender

Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents.

Microsoft Azure NSG Flow Logs

NSG flow logs are stored in a storage account in block blobs. Block blobs are made up of smaller blocks. Each log is a separate block blob that is generated every hour. New logs are generated every hour, the logs are updated with new entries every few minutes with the latest data.

Microsoft Cloud App Security

Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Microsoft Graph

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.

Microsoft Identity And Access (Graph)

Microsoft Identity And Access (Graph) is the gateway to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization.

Microsoft SQL Server

Microsoft SQL Server (MSSQL for short) is a relational database management system developed by Microsoft.

Microsoft Teams

Microsoft Teams is a unified communication and collaboration platform that combines persistent workplace chat, video meetings, file storage (including collaboration on files), and application integration.


Mimecast is an cloud-based email management service for security, archiving, and continuity services to protect business mail.

Minerva Labs

Minerva Labs is cyber security company that offers a unique low footprint endpoint prevention platform.


A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.


MistNet provides a machine learning (ML)-driven network threat detection and response solution and a built-in MITRE ATT&CK™ Engine that eliminates blind spots and monitors your organization’s network in real time.


MongoDB is a free and open-source cross-platform document-oriented database.


MxToolbox is an online MX record and all-inclusive DNS tool. is the #1 World Live Whois IP Source.


MySQL is the world’s most popular open source database. With its proven performance, reliability, and ease-of-use, MySQL has become the leading database choice for web-based applications.


Automating IT Services. Naverisk has been helping MSPs and IT Pros deliver first-class IT services.


Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.


NetBIOS is an OSI Session Layer 5 Protocol and a service that allows applications on computers to communicate with one another over a local area network (LAN). It is a non-routable Protocol and NetBIOS stands for Network Basic Input/Output System.


NetWitness is an Evolved SIEM and Open XDR platform that accelerates threat detection and response.


Neutrino API launched back in 2013 on a mission to fix those inherently complex problems which crop up on almost all software projects. The Neutrino API platform provides a highly available, performant global network that lets developers focus on their product and not on building and maintaining complex in-house tools not relevant to their core business.


Nexpose, Rapid7's on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact.


NinjaRMM provides intuitive endpoint management software to managed service providers (MSPs) and IT professionals.


Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.


Obsidian is the cloud detection and response solution that delivers unified visibility of users, privileges and activity in SaaS, allowing you to detect and investigate breaches, uncover insider threats, and secure SaaS apps without affecting productivity.


Okta is an integrated identity and mobility management service. Built from the ground up in the cloud, Okta securely and simply connects people to their applications from any device, anywhere, at anytime. Okta integrates with existing directories and identity systems, as well as thousands of on-premises, cloud and mobile applications, and runs on a secure, reliable and extensively audited cloud-based platform.


OpenPhish identifies phishing sites and performs intelligence analysis in real time without human intervention and without using any external resources, such as blacklists.


Oracle Database is a proprietary multi-model database management system produced and marketed by Oracle Corporation. It is a database commonly used for running online transaction processing, data warehousing and mixed database workloads.


OTRS is a modern, flexible ticket and process management system.


PagerDuty is an operations performance platform delivering visibility and actionable intelligence across the entire incident lifecycle.

Palo Alto Panorama

Panorama is the centralized management system for the Palo Alto Networks family of next-generation firewalls. It provides a single location from which you can oversee all applications, users, and content traversing your network, and then use this knowledge to create policies that protect and control the network.

RiskIQ PassiveTotal

RiskIQ PassiveTotal expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall-external threats, attackers, and their related infrastructure.


Perforce Software provides enterprise-scale development tools. This includes version control, application lifecycle management, agile planning, and static analysis.


Next-Generation Anti-Phishing Platform Powered by AI & Computer.


Analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.


PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.

Power BI

It is a collection of software services, apps, and connectors that work together to turn your unrelated sources of data into coherent, visually immersive, and interactive insights.


Windows PowerShell is a Windows command-line shell designed especially for system administrators.

Proofpoint TAP

Proofpoint TAP (Targeted Attack Protection) detects and prevents threats in email.


Protectwise provides Cloud-Powered Network Detection & Response (NDR).

Qualys SSL

Verify the reputation of a URL's SSL certificates.

Qualys Vulnerability Management

Qualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.


Randori recon provides a continuous view of your external perimeter to reduce the risks of shadow IT, misconfigurations, and process failures.

ReversingLabs TitaniumCore A1000

The A1000 Malware Analysis Platform supports advanced hunting and investigations through the TitaniumCore high-speed automated static analysis engine. It is integrated with file reputation services to provide in-depth rich context and threat classification on over 8 billion files and across all file types.

ReversingLabs TitaniumCloud

ReversingLabs TitaniumCloud Reputation Services are powerful threat intelligence solutions with up-to-date, threat classification and rich context on over 8 billion goodware and malware files.

RSA Archer

RSA Archer GRC Platform is a software that supports business-level management of governance, risk management, and compliance (GRC). The Platform allows users to adapt solutions to their requirements, build new applications, and integrate with external systems without touching a single line of code.

Salesforce, Inc. is an American cloud computing company headquartered in San Francisco, California. Though its revenue comes from a customer relationship management (CRM) product, Salesforce also sells commercial applications of social networking through acquisition and internal development.

SANS Blacklist

SANS Blacklist is a service that utilizes a radically different approach to blacklist formulation called Highly Predictive Blacklisting. Each DShield contributor can now access a unique HPB that reflects the most probable set of source addresses that will connect to that contributor's network over a prediction window that may last several days into the future.

SAP Gigya

Gigya offers a customer identity management platform for managing profiles, preference, opt-in and consent settings.

Screenshot Machine

Screenshot Machine is a cloud service that allows capturing website images.

Securonix SNYPR

SNYPR is a security analytics platform that transforms Big Data into actionable security intelligence. It delivers the proven power of Securonix analytics with the speed, scale, and affordable, long-term storage of Hadoop in a single, out-of-the box solution.


Cyber security that prevents threats at faster speed, greater scale, and higher accuracy than humanly possible.


Achieve end-to-end transformation for your IT services and infrastructure through a single cloud-based platform. ServiceNow IT Service Management (ITSM) software lets you consolidate fragmented tools and legacy systems while automating service management processes.

ServiceNow - Basic Auth

Achieve end-to-end transformation for your IT services and infrastructure through a single cloud-based platform. ServiceNow IT Service Management (ITSM) software lets you consolidate fragmented tools and legacy systems while automating service management processes.


Sharepoint empowers teamwork with dynamic and productive team sites for every project team, department, and division. Share files, data, news, and resources. Customize your site to streamline your team's work. Collaborate effortlessly and securely with team members inside and outside your organization, across PCs, Macs, and mobile devices.


Shodan lets you search for devices that are connected to the Internet.

Simulate File

Injects a dummy file to help testing / developing file-based integrations.


Slack is a cloud-based set of proprietary team collaboration tools and services.

Slack Web API

Slack is a cloud-based set of proprietary team collaboration tools and services.


Smartsheet is a software as a service offering for collaboration and work management. Smartsheet used to assign tasks, track project progress, manage calendars, share documents, and manage other work, using a tabular user interface.

SMB Actions

Server Message Block (SMB) is a network communication protocol for providing shared access to files, printers, and serial ports between nodes on a network.


Smokescreen's IllusionBLACK deception platform detects cyber attacks like reconnaissance, spear phishing, lateral movement, stolen credentials and data theft.


Simple Mail Transfer Protocol (SMTP) is a standard communication protocol for sending email messages on business networks and the Internet.


Turn Machine Data Into Answers. Splunk delivers real-time answers and business value from machine data so you can make better decisions.


SpyCloud recaptures data from the criminal underground to illuminate risk you didn’t even know you had across your enterprise, vendors, and customers — so your team can take immediate action.


SSH lets you run a command on a remote host.

Sumo Logic

Sumo Logic is a platform for monitoring, analyzing, troubleshooting, and visualizing data from your application and network environment.

Symantec Data Loss and Prevention (DLP)

With Symantec Data Loss Prevention, you can discover, monitor and protect sensitive data wherever it's used - in the office, on the road, or in the cloud. It gives you complete visibility and control across the broadest range of data loss channels: cloud apps, endpoints, data repositories, and email and web communications.

Symantec Endpoint Detection and Response (EDR)

Symantec Endpoint Security (SES) Complete delivers comprehensive protection for all your traditional and mobile devices across the entire attack chain.


Send events to remote syslog server.


TAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.


tCell makes web application security easy for companies using Agile, DevOps, Cloud, and Microservices by enabling web apps to protect itself.


Telegram is a free and open source, cross-platform, cloud-based instant messaging software. The service also provides end-to-end encrypted video calling.


Managed on-premises and powered by Nessus technology, the suite of products provides the a comprehensive vulnerability coverage with real-time continuous assessment of a network. It’s a complete end-to-end vulnerability management solution.


TheHive is a scalable, open source and free security incident response platform.


An open source search engine for fast threat intelligence research & pivoting with context.

Trend Micro Cloud Conformity

Trend Micro Cloud Conformity provides continuous security, compliance, and governance for your cloud infrastructure.


TruSTAR is an intelligence management platform that helps enterprises easily enrich and operationalize their security data. The platform uses Enclave architecture to fuse and correlate intelligence sources, helping analysts speed investigations and simplify workflows.


Twilio allows software developers to programmatically make and receive phone calls and send and receive text messages using its web service APIs.

Urlscan_IO is a service which analyzes websites and the resources they request. Much like the Inspector of browser, will let you take a look at the individual resources that are requested when a site is loaded.

Virus Total

Virustotal can be used to analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.


VMRay Threat Identifier (VTI) identifies and flags malicious behavior in an uploaded file, generating an overall severity score of malicious behavior.


VMware Workspace ONE is an intelligence-driven digital workspace platform that enables you to simply and securely deliver and manage any app on any device, anywhere. API provides an easy method to unshorten a wide range of shortened URLs.


Bucket for miscellaneous utility integrations.


Web API integration allows you to execute any Web API and retrieve results.

Webroot BrightCloud

The Webroot BrightCloud Web Classification and Web Reputation Services provide the most effective way to block access to unwanted content and protect users against web-based threats.


Palo Alto WildFire cloud-based threat analysis service is the industry's most advanced analysis and prevention engine for highly evasive zero-day exploits and malware.


xMatters helps identify, prevent, and resolve IT issues before they impact customers whether it's a simple bug fix or a complex major incident.


Yeti is all about organizing observables, indicators of compromise, TTPs, and knowledge on threat actors in a single, unified repository.


Zendesk provides customer service software featuring an email ticketing system for a better customer experience.


ZeroFox provides cloud-based software as a service for organizations to detect risks found on social media and digital channels, such as phishing, malware, scams, impersonator accounts, piracy, counterfeit and more.


Zoom provides video telephony and online chat services through a cloud-based peer-to-peer software platform and is used for teleconferencing, telecommuting, distance education, and social relations.


Zscaler is a global cloud-based information security company that provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of Things environments. Zscaler provides a cloud-based approach to security as a service.

Did this page help you?