Unlock the full potential of your data

One click integrations across your entire security ecosystem.

All Integrations





Identity and Access Management

Security and Infrastructure



Palo Alto Prisma Cloud

This integration lets you consume and analyze Prisma data, including both CSPM and CWPP products. Palo Alto Networks Prisma Cloud is a Cloud Native Application Protection Platform (CNAPP) that provides security for cloud environments.


Wiz is a cloud security solution that scans clients' cloud environments for possible risks. This Wiz integration lets you consume and analyze Wiz data, including issues, vulnerability data and audit logs.

Amazon Web Services (AWS)

Collect logs from AWS products. AWS is a public cloud vendor offering a suite of cloud computing services.

Google Cloud Platform (GCP)

Collect logs from GCP products. Google Cloud offers a suite of public cloud computing services.


Collect logs and data from a variety of Azure services. Azure is Microsoft's public cloud computing platform.


Check Point

Collect logs from Check Point products. Check Point is a provider of hardware and software products for IT security, including network and endpoint security.


Collect logs from various Zscaler products. Zscaler is a cloud-based cybersecurity platform offering secure internet access and protection against online threats for organizations.


Collect logs from Cloudflare products. Cloudflare provides a content delivery network (CDN), cybersecurity, WAF, and other services.


Collect security events from Akamai products. Akamai specializes in content delivery network (CDN) solutions, cloud, and cybersecurity software.

F5 Networks

Collect logs from various F5 products. F5 specializes in application delivery, firewall, and network security solutions.


Collect logs and data from Netskope via Cloud Log Shipper. Netskope is a security platform offering private access, networking, and cloud security solutions.


Track network activity from Suricata, including EVE output, alerts, metadata, and more. Suricata is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS).


Analyze Zeek network traffic logs, with support for over forty Zeek logs. Zeek is an open-source network traffic analyzer and intrusion detection system.

Palo Alto Networks

Palo Alto Networks offers an enterprise cybersecurity platform that provides firewalls, threat detection and prevention tools, cloud security, network security, and more.


Collect logs from various Cisco services. Cisco offers an industry-leading portfolio of networking, security, collaboration, and other products.



Ingest logs from SentinelOne products, including Singularity Cloud Funnel. SentinelOne offers endpoint security solutions to detect and respond to cyber threats.


Osquery is an open source framework for collecting information from operating systems, applications, and hypervisors.


Ingest logs from Crowdstrike products, including Falcon Data Replicator and SIEM connector. CrowdStrike provides an enterprise cloud-based endpoint security platform.


Ingest logs and activity from Tanium services. Tanium is an enterprise endpoint management platform.

VMware Carbon Black

Ingest logs from VMware Carbon Black services. Carbon Black is an endpoint protection platform offered by VMware.

Identity and Access Management



Collect logs and data from Okta. Okta is a cloud-based identity and access management (IAM) platform that provides secure access to an organization's applications, devices, and data.

Cisco Duo

Collect audit and activity logs from Duo. Cisco Duo is a zero-trust security platform with two-factor authentication to protect access to sensitive data.


Collect audit events and session logs from Teleport. Teleport provides zero trust access to servers and cloud applications.


Collect 1Password activity, including sign-in attempts and item usage. 1Password is an enterprise password manager for online accounts.


Collect logs from various CyberArk products. CyberArk specializes in enterprise privileged access management (PAM).

Security and Infrastructure


Collect Snyk vulnerabilities and audit logs. Snyk is a developer security platform that helps developers secure their applications.


Collect vulnerability and asset data from Tenable products. Tenable specializes in vulnerability management solutions.

Abnormal Security

Ingest security events, including threats, from Abnormal Security. Abnormal Security is a cloud-based email security platform that uses AI to protect businesses from email attacks.


Ingest security events from Proofpoint via SIEM API, including blocked or permitted clicks and messages. Proofpoint offers an enterprise email security platform to protect companies from cyber-attacks.


Slack Logo

Slack Logs

Ingest audit logs and events from Slack. Slack is a popular cloud-based messaging and communication application.


Track activity across Google Workspace via audit reports APIs. Google Workspace is a collection of cloud computing, productivity, and collaboration tools developed by Google.

Microsoft Office 365

Collect Microsoft Office 365 activity logs. Office 365 is a subscription-based service that provides access to Microsoft Office software.


Collect audit events from your GitHub organization. GitHub is a cloud-based service for software development and version control.

Threat Intelligence


Retrieve indicators and Threat Intelligence data from the ThreatQuotient REST API. ThreatQuotient provides an enterprise threat intelligence platform (TIP).

Recorded Future

Integrate with the Recorded Future API to pull risklists, including support for domain, ip, hash and url entities. Recorded Future develops a threat intelligence platform for enterprise security.


Ingest threat intelligence indicators from MISP platform instances. MISP is an open-source threat intelligence platform used to collect and share threat intelligence and indicators of compromise (IOCs).


Ingest indicators from URL Haus, Malware Bazaar, and Threat Fox threat intelligence feeds.

AlienVault OTX

Ingest AlienVault OTX threat intelligence indicators. AlienVault OTX is an open threat data platform that allows security researchers and threat data producers to share research and investigate new threats.

Try the Cloud native SIEM built on a security data lake.