Skip to content
SECURE
IronSOC
IronSOC/Integrations

Integrations

Connect to the SOC ecosystem you already run.

IronSOC plugs into the SIEM, EDR, identity, cloud, AI, ticketing, and exposure tools modern security teams use. Names below reflect supported targets — verify status with your account team during scoping.

Native

Built and maintained directly.

API/Webhook

Supported via documented APIs.

Standards-based

Ingested or emitted via open standards.

Roadmap

Targeted next.

SIEM and security data lakes

IronSOC operates above your data layer. We read normalized telemetry and write enrichments and decisions back.

  • Splunk Enterprise / CloudNative
  • Microsoft SentinelNative
  • Google Security OperationsNative
  • PantherAPI/Webhook
  • HuntersAPI/Webhook
  • Sumo LogicAPI/Webhook
  • Elastic SecurityECS / OCSFStandards-based

Endpoint and EDR

Capture process, file, and host telemetry; orchestrate isolation and policy actions through approval gates.

  • CrowdStrike FalconNative
  • Microsoft Defender for EndpointNative
  • SentinelOne SingularityNative
  • Sophos Intercept XAPI/Webhook
  • Palo Alto Cortex XDRAPI/Webhook

Identity providers

Identity is the perimeter. We watch sessions, role grants, MFA drift, OAuth grants, and service accounts.

  • OktaNative
  • Microsoft Entra IDNative
  • Google WorkspaceNative
  • Ping IdentityAPI/Webhook
  • Auth0API/Webhook
  • JumpCloudAPI/Webhook

Cloud and SaaS control planes

Detect IAM mutations, public exposure, admin events, CI/CD actions, Kubernetes activity, and SaaS integrations.

  • AWS (CloudTrail, GuardDuty, Config)Native
  • Microsoft AzureNative
  • Google Cloud (Audit, SCC)Native
  • Kubernetes (audit logs, kube-events)Standards-based
  • GitHub / GitLab / BitbucketNative
  • Salesforce, Workday, AtlassianAPI/Webhook
  • AWS / Azure / GCP marketplaceRoadmap

AI / LLM platforms

Treat prompts, retrieved context, tool calls, and agent decisions as first-class telemetry.

  • OpenAI (Responses, Assistants)Native
  • Anthropic (Messages, Agent SDK)Native
  • Amazon BedrockNative
  • Google Vertex AIAPI/Webhook
  • Azure AI FoundryAPI/Webhook
  • LangChain / LlamaIndexcallbacks + tracesStandards-based
  • Model Context Protocol (MCP) serversNative

Network and edge

Consume firewall, VPN, proxy, and edge logs to correlate exploitation against KEV-listed exposure.

  • Palo Alto Networks NGFWAPI/Webhook
  • Cisco Secure FirewallAPI/Webhook
  • Fortinet FortiGateAPI/Webhook
  • ZscalerAPI/Webhook
  • CloudflareAPI/Webhook

Ticketing and ITSM

Open evidence-rich cases and route remediation to the right owners with bidirectional state sync.

  • Jira / Jira Service ManagementNative
  • ServiceNowNative
  • LinearAPI/Webhook
  • PagerDutyAPI/Webhook
  • OpsgenieAPI/Webhook

Collaboration

Notify the right humans, capture analyst decisions inline, and keep the audit trail with the case.

  • SlackNative
  • Microsoft TeamsNative
  • Email (SMTP, Microsoft 365, Google)Standards-based

Vulnerability and exposure

Combine scanner findings with KEV, EPSS, exposure, and asset criticality to drive exploit-aware queues.

  • Tenable (Nessus, Vulnerability Management)Native
  • Qualys VMDRNative
  • Rapid7 InsightVMAPI/Webhook
  • WizNative
  • SnykAPI/Webhook
  • CISA KEV catalogStandards-based
  • FIRST EPSSStandards-based

Standards

Open standards beat proprietary lock-in.

Where a vendor is missing, IronSOC reads and writes the same standards your team already uses. That keeps the ecosystem portable as the market consolidates.

OCSF
Open Cybersecurity Schema Framework
Sigma
Detection rules
STIX / TAXII
Threat intel exchange
Syslog / CEF / LEEF
Common event formats
OpenTelemetry
Tracing for AI agents
MITRE ATT&CK
Adversary behavior
MITRE ATLAS
AI adversary behavior
OAuth 2.1 / OIDC
Identity federation
SAML 2.0
SSO
SCIM 2.0
User provisioning

Detection-as-code, not console clicks.

Detections are versioned, reviewed, evaluated against test fixtures, and deployed through CI. Customers can fork, extend, and contribute back without leaving their own change-management process.

Missing yours?

We will integrate or document the gap.

If a system in your stack is not listed, IronSOC either ships an integration on roadmap or partners on a webhook bridge. We tell you which before contracting.

Request an integration
Status reflects scoping intent. Verify build status with the IronSOC field engineering team before procurement.