Search Results

Introduction CSPM discovers and evaluates the services in your cloud environment, like storage, compute, IAM, and more, against hardening guidelines defined by the Center for Internet Security (CIS) to help you identify and remediate configurations risks like...

Google Cloud Platform (GCP) is Google’s suite of cloud computing services that lets businesses and developers build, deploy, and scale applications on Google’s infrastructure. It offers a wide range of services, including computing power (like virtual machines...

The Google Cloud integration collects and parses Google Cloud Audit Logs, VPC Flow Logs, Firewall Rules Logs, and Cloud DNS Logs that have been exported from Cloud Logging to a Google Pub/Subtopic sink and collects Google Cloud metrics and metadata from Google...

Overview This integration with Microsoft Office 365 supports the ingestion of user, administrator, system, and policy-related events. It leverages the Office 365 Management Activity API to retrieve activity logs from both Office 365 and Azure Active Directory...

The Azure Logs integration enables you to collect logs from specific Azure services such as: Microsoft Entra ID (Sign-in, Audit, Identity Protection, Provisioning logs) Azure Spring Apps Azure Firewall Microsoft Graph Activity Activity...

This manual explains how to get started monitoring the security posture of your Azure CSP using the Cloud Security Posture Management (CSPM) feature. Requirements The user who gives the CSPM integration permissions in Azure must be an Azure subscription ...

Introduction Cisco Umbrella is a cloud-delivered security platform that provides an additional layer of defense against malicious threats on the internet using Cisco’s threat intelligence. It helps block access to: Malware Adware Botnets P...

Cisco Meraki provides a centralized cloud management platform for devices like MX Security Appliances, MR Access Points, and more. Its cloud-based architecture enables secure, scalable networks manageable from anywhere via the Meraki Dashboard or Mobile App. E...

Introduction Cisco Secure Endpoint is a cloud-delivered, advanced endpoint detection and response (EDR) solution. It provides visibility and protection across multiple control points, enabling organizations to rapidly detect, contain, and remediate advanced t...

Introduction The Google Workspace integration collects and parses data from various Google Workspace audit reports APIs using a service account authorized via the Admin SDK API. Requirements To ingest data from the Google Reports API, the following must be ...

1Password Events Reporting Integration Manual With 1Password Business, you can forward account activity to your SIEM system using the 1Password Events API. This enables centralized monitoring, improved visibility, and enhanced response to security-related eve...

Introduction Elastic’s GitHub integration allows you to ingest GitHub logs, alerts, and developer activities into the Elastic Stack for centralized analysis. This supports use cases like vulnerability management, compliance auditing, and DevSecOps monitoring....

Introduction Cloudflare logs provide detailed insights into client connections, request paths through the Cloudflare network, and origin server responses. These logs help track activity, identify issues, and support security and performance analysis. Authe...

What are API Token Scopes? Scopes define what actions an API token is allowed to perform in Atlassian apps such as Jira and Confluence. They enhance security by limiting permissions to only what's needed (e.g., read-only access to audit logs). Always use scop...

What are API Token Scopes? Scopes define what actions an API token is allowed to perform in Atlassian apps such as Jira and Confluence. They enhance security by limiting permissions to only what's needed (e.g., read-only access to audit logs). Always use scop...

Introduction The Salesforce integration enables you to monitor your Salesforce instance. Salesforce is a customer relationship management (CRM) platform that supports businesses in managing marketing, sales, commerce, service, and IT teams from a unified plat...

Introduction The Mimecast integration collects events from the Mimecast API. Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data i...

This integration is designed to collect and process AbuseCH threat intelligence logs. It retrieves indicators from multiple AbuseCH APIs and makes them available for security monitoring and analysis. Supported Datasets The integration provides the following ...

CrowdStrike Integration The CrowdStrike Falcon integration allows you to easily connect your CrowdStrike Falcon platform to Elastic for seamless onboarding of alerts and telemetry from CrowdStrike Falcon and Falcon Data Replicator. Elastic Security can levera...

Sophos Central Integration The Sophos Central integration allows you to monitor Alerts and Events logs. Sophos Central is a cloud-native application with high availability. It is a cybersecurity management platform hosted on public cloud platforms. Each Sopho...