| Provider | Supported Platform | Class of Security Data | Ingestion Method(s) |
|
Amazon |
GuardDuty |
Cloud |
API poll |
|
Carbon Black |
Threat Hunter |
EDR |
API |
|
Carbon Black |
Response |
EDR |
API |
|
Cisco |
Firepower |
Network |
Email and Syslog |
|
Cisco |
Meraki |
Network |
HTTP |
|
Cisco |
Umbrella |
Network |
|
|
Crowdstrike |
Falcon |
EDR |
API |
|
Darktrace |
Enterprise Immune System |
Network |
|
|
Dragos |
Platform |
Operational Technology (OT) |
Syslog |
|
ExtraHop |
Reveal(x) 360 |
Network |
API poll |
|
ExtraHop |
Reveal(x) Enterprise |
Network |
HTTP |
|
Fortinet |
FortiGate |
Network |
Syslog |
|
|
Google Workspace |
SaaS |
API |
|
Jamf |
Pro/Protect |
EDR |
API |
|
Lacework |
Lacework Polygraph |
Cloud |
API |
|
Microsoft |
Azure Active Directory Identity Protection |
Identity |
API poll (via Microsoft Graph v2) |
|
Microsoft |
Azure Sentinel Incidents |
SIEM |
API |
|
Microsoft |
Defender for Cloud Apps |
Identity |
API poll (via Microsoft Graph v2) |
|
Microsoft |
Defender for Cloud |
Cloud |
API |
|
Microsoft |
Defender for Identity |
Identity |
API poll (via Microsoft Graph v2) |
|
Microsoft |
Defender for Endpoint |
EDR |
API |
|
Microsoft |
Defender for Office 365 |
|
API poll (via Microsoft Graph v2) |
|
Microsoft |
Microsoft 365 Defender |
Aggregate |
API poll (via Microsoft Graph v2) |
|
Okta |
Workforce Identity |
Identity |
API poll |
|
Palo Alto |
Cortex XDR |
EDR |
API |
|
Palo Alto |
PAN-OS |
Network |
Syslog |
|
Palo Alto |
Threat Prevention |
Network |
Syslog |
|
Palo Alto |
WildFire |
Network |
Email and Syslog |
|
Proofpoint |
Targeted Attack Protection (TAP) |
|
API poll |
|
SentinelOne |
Singularity |
EDR |
API |
Supported MDR alert sources
For customers with a Red Canary subscription, managed detection and response (MDR) currently comprises threat investigation capabilities across many security products.
Comments
0 comments
Please sign in to leave a comment.