| Tenant | Last Sync | Status | Cases | Alerts |
|---|---|---|---|---|
| Loading... | ||||
| Name | Tenant ID | API URL | Sync Status | Last Sync | Cases | Alerts | Actions |
|---|---|---|---|---|---|---|---|
| Loading connectors... | |||||||
| User | Role | API Key | Login Count | Last Login | Status | Actions | |
|---|---|---|---|---|---|---|---|
| Loading API keys... | |||||||
| Name | Role | Login Count | Created | Status | Actions | |
|---|---|---|---|---|---|---|
| Loading users... | ||||||
Essential security tools and APIs commonly used by SOC analysts for threat detection, incident response, and security operations.
| # | Tool Name | Category | Description | Use Case | Status |
|---|---|---|---|---|---|
| 1 | Trellix Helix | SIEM | Extended Detection and Response (XDR) platform | Threat detection, investigation, response automation | Integrated |
| 2 | Splunk | SIEM | Security Information and Event Management platform | Log aggregation, correlation, analytics, alerting | Available |
| 3 | Microsoft Sentinel | SIEM | Cloud-native SIEM and SOAR solution | Azure-native threat detection, AI-powered analytics | Available |
| 4 | CrowdStrike Falcon | EDR | Endpoint Detection and Response platform | Endpoint protection, behavioral analysis, threat hunting | Available |
| 5 | Palo Alto Cortex XDR | XDR | Extended Detection and Response platform | Cross-domain threat detection, automated response | Available |
| 6 | VirusTotal API | Threat Intel | Malware and threat intelligence aggregation | File/URL analysis, threat intelligence enrichment | Available |
| 7 | IBM QRadar | SIEM | Enterprise SIEM with AI-powered analytics | Network flow analysis, log correlation, compliance | Available |
| 8 | Elastic Security | SIEM | Open-source SIEM built on Elastic Stack | Search, analysis, visualization of security data | Available |
| 9 | TheHive | SOAR | Security Orchestration and Incident Response platform | Case management, collaboration, task automation | Available |
| 10 | MISP | Threat Intel | Malware Information Sharing Platform | Threat intelligence sharing, IOC management | Available |
| 11 | Recorded Future | Threat Intel | Real-time threat intelligence platform | Threat actor tracking, vulnerability intel, dark web monitoring | Available |
| 12 | Anomali | Threat Intel | Threat intelligence management and enrichment | IOC aggregation, threat feed integration, STIX/TAXII | Available |
| 13 | AlienVault OTX | Threat Intel | Open Threat Exchange community platform | Community threat intelligence, pulse subscriptions | Available |
| 14 | Shodan | Recon | Internet-connected device search engine | Asset discovery, exposure monitoring, vulnerability research | Available |
| 15 | Censys | Recon | Internet intelligence and attack surface management | Certificate monitoring, asset inventory, threat hunting | Available |
| 16 | URLScan.io | Threat Intel | URL and website scanner | Phishing detection, malicious URL analysis, screenshot capture | Available |
| 17 | AbuseIPDB | Threat Intel | IP address reputation database | IP blacklist checking, abuse reporting, threat scoring | Available |
| 18 | Suricata IDS | IDS/IPS | Open-source intrusion detection system | Network traffic analysis, protocol detection, signature matching | Available |
| 19 | Zeek (Bro) | IDS/IPS | Network security monitoring framework | Network traffic logging, protocol analysis, anomaly detection | Available |
| 20 | Wazuh | EDR | Open-source unified XDR and SIEM platform | Host-based IDS, log analysis, file integrity monitoring | Available |
Security Information & Event Management
Threat Intelligence & Analysis
Endpoint Detection & Response
Extended Detection & Response
Security Orchestration & Automation
Reconnaissance & Asset Discovery
Intrusion Detection/Prevention
Trellix Helix - Fully integrated with bi-directional sync
APIs ready - Configure in Helix Connectors tab
Build custom connectors using our REST API