Now accepting design partners — limited beta access

Security Ecosystem Integrations

Integrations That Work with Your Stack

API-first architecture built to ingest alerts from your stack — designed for bidirectional integration with your existing SIEM, EDR, network, cloud, identity, and ITSM platforms.

Integration Ecosystem

Works with the security tools you already use.

SIEM
EDR
Firewall
Iron Eye
Cloud
Identity
ITSM

How It Works

Connect to your security tools and orchestrate responses across your stack

Integration Sources
SIEM
EDR
Firewall
Cloud
Identity
ITSM
Iron Eye vision icon
Iron Eye
Actions & Outputs
Containment
Ticketing
Notifications
Enrichment

Our API-first architecture supports bidirectional integration with security tools across all categories. Integration capabilities are standardized by tool type, enabling consistent functionality regardless of the specific vendor.

Note: Specific integration capabilities may vary by vendor and depend on the APIs and protocols supported by each security tool. Integration availability and features are subject to vendor API capabilities and may require configuration.

Sources / Signals (Ingest)

Inbound integrations receive alerts and security events from your tools in real-time through standard protocols.

  • REST API endpoints for alert submission
  • Webhook support for real-time event streaming
  • Syslog ingestion for legacy tools
  • Multi-format support (JSON, XML, Syslog, CEF)
  • Standard authentication (API keys, OAuth 2.0, mTLS)

Actions / Enforcement (Respond)

Outbound integrations execute response actions across your security tools through vendor APIs, enabling rapid threat response.

  • Firewall rule modification and threat blocking
  • Endpoint isolation and containment actions
  • Cloud security policy updates
  • Identity and access management actions
  • Incident ticket creation and updates

Integration Coverage

Coverage across the tools most commonly used by mid-market SOC teams and MSSPs.

Core Connectors
Extended Coverage
Custom Adapters

Integration Categories

Standardized integration capabilities by security tool category. Compatible with leading vendors in each category.

Built for the tools your team already uses. Integrations are in active development — contact us to discuss your stack.

Network Security

Bidirectional integration with network security tools for automated threat blocking and policy management

Inbound Capabilities

Receive firewall logs, security events, and threat intelligence from network security tools via standard APIs (REST, Syslog, webhooks)

Outbound Capabilities

Execute automated response actions such as firewall rule updates, IP/domain blocking, and security policy modifications through vendor APIs

Typical Actions

Block malicious IPs and domains
Update firewall rules and policies
Create security rules for threat containment
Modify network access controls

Example Vendors (Compatible With):

Fortinet (FortiGate)Palo Alto NetworksCheck PointCiscoJuniper

Note: Integration capabilities may vary by vendor and depend on API availability and vendor support.

EDR (Endpoint Detection & Response)

Integration with endpoint security platforms for automated containment and investigation

Inbound Capabilities

Receive endpoint alerts, threat detections, and security events from EDR platforms via standard API protocols

Outbound Capabilities

Execute automated endpoint actions such as isolation, scanning, and forensic data collection through vendor APIs

Typical Actions

Isolate compromised endpoints
Run security scans and investigations
Collect forensic artifacts
Quarantine threats and malware

Example Vendors (Compatible With):

CrowdStrikeSentinelOneMicrosoft DefenderCarbon BlackTrend Micro

Note: Integration capabilities may vary by vendor and depend on API availability and vendor support.

SIEM (Security Information & Event Management)

Integration with SIEM platforms for unified alert management and incident correlation

Inbound Capabilities

Receive security events, alerts, and log data from SIEM platforms via standard APIs and data ingestion protocols

Outbound Capabilities

Create and update incidents, offenses, and security events in SIEM platforms through vendor APIs

Typical Actions

Create and update security incidents
Query security data and events
Update dashboards and reports
Correlate alerts across platforms

Example Vendors (Compatible With):

SplunkIBM QRadarMicrosoft SentinelArcSightLogRhythm

Note: Integration capabilities may vary by vendor and depend on API availability and vendor support.

Cloud Security

Multi-cloud security integration for CSPM and CNAPP capabilities

Inbound Capabilities

Receive security findings, misconfiguration alerts, and compliance violations from cloud security platforms via cloud provider APIs

Outbound Capabilities

Execute remediation actions such as security group updates, resource termination, and IAM policy modifications through cloud provider APIs

Typical Actions

Update cloud security groups and policies
Remediate misconfigurations
Terminate compromised resources
Modify IAM policies and access controls

Example Vendors (Compatible With):

AWS Security HubAzure Security CenterGCP Security Command CenterPrisma CloudWiz

Note: Integration capabilities may vary by vendor and depend on API availability and vendor support.

Identity & Access Management

Integration with identity providers for automated access control and user management

Inbound Capabilities

Receive identity events, authentication logs, and access control data from identity platforms via standard APIs

Outbound Capabilities

Execute user management actions such as account suspension, password resets, and permission updates through vendor APIs

Typical Actions

Suspend or disable compromised accounts
Reset passwords and credentials
Update user permissions and group memberships
Modify access control policies

Example Vendors (Compatible With):

OktaAzure ADActive DirectoryPing IdentityOneLogin

Note: Integration capabilities may vary by vendor and depend on API availability and vendor support.

Ticketing & ITSM

Integration with ticketing systems for automated incident management and workflow orchestration

Inbound Capabilities

Receive incident updates, ticket status changes, and workflow events from ticketing systems via standard APIs

Outbound Capabilities

Create and update tickets, incidents, and service requests in ticketing systems through vendor APIs

Typical Actions

Create security incident tickets
Update ticket status and assignments
Add comments and updates
Link related incidents and tickets

Example Vendors (Compatible With):

ServiceNowJiraZendeskFreshserviceRemedy

Note: Integration capabilities may vary by vendor and depend on API availability and vendor support.

Partnership Opportunities

Iron Eye enhances partner products, making them more valuable to customers. We're always looking to expand our integration ecosystem and create mutually beneficial partnerships.

  • Joint solution briefs and reference architectures (e.g. "AI-powered SOC for Fortinet customers")
  • Marketplace listings and validated integrations
  • Co-marketing and co-sell opportunities for mutual customers

For Vendors

  • Enhances value of partner products
  • Expands market reach to customers using partner products
  • Creates integration opportunities and co-marketing

For Customers

  • Maximize ROI on existing security investments
  • No need to replace current tools
  • Native integration with your security stack