Provider | Supported Platform | Class of Security Data | Ingestion Method(s) |
Amazon |
GuardDuty |
Cloud |
API poll |
Carbon Black |
Threat Hunter |
EDR |
API |
Carbon Black |
Response |
EDR |
API |
Cisco |
Firepower |
Network |
Email and Syslog |
Cisco |
Meraki |
Network |
HTTP |
Cisco |
Umbrella |
Network |
|
Crowdstrike |
Falcon |
EDR |
API |
Darktrace |
Enterprise Immune System |
Network |
|
Dragos |
Platform |
Operational Technology (OT) |
Syslog |
ExtraHop |
Reveal(x) 360 |
Network |
API poll |
ExtraHop |
Reveal(x) Enterprise |
Network |
HTTP |
Fortinet |
FortiGate |
Network |
Syslog |
|
Google Workspace |
SaaS |
API |
Jamf |
Pro/Protect |
EDR |
API |
Lacework |
Lacework Polygraph |
Cloud |
API |
Microsoft |
Azure Active Directory Identity Protection |
Identity |
API poll (via Microsoft Graph v2) |
Microsoft |
Azure Sentinel Incidents |
SIEM |
API |
Microsoft |
Defender for Cloud Apps |
Identity |
API poll (via Microsoft Graph v2) |
Microsoft |
Defender for Cloud |
Cloud |
API |
Microsoft |
Defender for Identity |
Identity |
API poll (via Microsoft Graph v2) |
Microsoft |
Defender for Endpoint |
EDR |
API |
Microsoft |
Defender for Office 365 |
|
API poll (via Microsoft Graph v2) |
Microsoft |
Microsoft 365 Defender |
Aggregate |
API poll (via Microsoft Graph v2) |
Okta |
Workforce Identity |
Identity |
API poll |
Palo Alto |
Cortex XDR |
EDR |
API |
Palo Alto |
PAN-OS |
Network |
Syslog |
Palo Alto |
Threat Prevention |
Network |
Syslog |
Palo Alto |
WildFire |
Network |
Email and Syslog |
Proofpoint |
Targeted Attack Protection (TAP) |
|
API poll |
SentinelOne |
Singularity |
EDR |
API |
Supported MDR alert sources
For customers with a Red Canary subscription, managed detection and response (MDR) currently comprises threat investigation capabilities across many security products.
Comments
0 comments
Please sign in to leave a comment.