Elastic integrations
Stream in logs, metrics, traces, content, and more from your apps, endpoints, infrastructure, cloud, network, workplace tools, and every other common source in your ecosystem. Send alerts to your notification tool of choice. Connect to all the systems that matter with ease.
1Password
Abnormal Security
Abuse.ch Malware & URL Threat Intel
Active Directory Entity Analytics
Airflow
Akamai
AlienVault Open Threat Exchange (OTX)
Amazon Bedrock
Amazon CloudFront
Amazon CloudWatch
Amazon DynamoDB
Amazon EBS
Amazon EC2
Amazon EMR
Amazon GuardDuty
Amazon Kinesis Data Firehose
Amazon RDS
Amazon Redshift
Amazon S3
Amazon S3 Storage Lens
Amazon Security Lake
Amazon SNS
Amazon VPC
Amazon VPC NAT Gateway
Anomali ThreatStream
Apache
Apache Spark
Apache Tomcat
Arista Firewall
auditd
Auditd Manager
Authentik
AWS API Gateway
AWS Billing
AWS CloudTrail
AWS Elastic Load Balancing
AWS Fargate
AWS Inspector
AWS Network Firewall
AWS Security Hub
AWS Transit Gateway
AWS Usage
AWS VPN
AWS WAF
Azure Activity Logs
Azure App Service
Azure Application Gateway
Azure Application Insights
Azure Application State Insights
Azure Audit Logs
Azure Billing
Azure Blob Storage
Azure Container Instance
Azure Container Registry
Azure Container Service
Azure Database Account
Azure Event Hub
Azure Firewall
Azure Front Door
Azure Functions
Azure Monitor
Azure Network Watcher
Azure OpenAI
Azure Platform
Azure Spring Cloud
Azure Storage Account
Azure VM
Azure VM Scale Sets
Azure WAF
Barracuda CloudGen Firewall
Barracuda WAF
Beats
Bitbucket
BitDefender
Bitwarden
blacklens.io
Box
Box Events
Bravura Monitor
Broadcom ProxySG
Cassandra
Ceph
Check Point Email & Collaboration
Check Point Firewall
Check Point Harmony Endpoint
Cilium Tetragon
CISA Known Exploited Vulnerabilities
Cisco Aironet
Cisco ASA
Cisco Duo
Cisco Firepower Threat Defense
Cisco Identity Services Engine (ISE)
Cisco IOS
Cisco Nexus
Cisco Secure Email Gateway
Cisco Secure Endpoint
Cisco Umbrella
Citrix Web Application Firewall
Claroty CTD
Cloudflare
collectd
Collective Intelligence Framework
Common Event Format (CEF)
Confluence Cloud
Confluence Data Center
Confluence Server
Corelight
Cribl
CrowdStrike Falcon
CrowdStrike Falcon Intelligence
Custom Threat Intelligence
Custom Windows event logs
Customized Connector
CyberArk EPM
CyberArk Privileged Access Security
CyberArk Privileged Threat Analytics
Cybereason
Cybersixgill
Darktrace
Data Exfiltration Detection
Digital Guardian
Dropbox
Dropbox Paper
Dropwizard
EclecticIQ
Elastic Agent
Elastic APM Server
ESET Protect
ESET Threat Intelligence
etcd
F5 BIG-IP
F5 BIG-IP Access Policy Manager
Falco
File Integrity Monitoring
FireEye Network Security
First EPSS
Fleet Server
Fluentd
Forcepoint
Forcepoint Web Security
ForgeRock
Fortinet Forticlient Endpoint Protection
Fortinet FortiEDR
Fortinet Fortigate
Fortinet FortiMail
Fortinet FortiManager
Fortinet FortiProxy
GCP Metrics Input
GCP Vertex AI
Gigamon
Gitlab
Gmail
Go Expvar
GoFlow2
Google Cloud
Google Cloud Audit
Google Cloud Billing
Google Cloud Compute
Google Cloud Dataproc
Google Cloud DNS
Google Cloud Firestore
Google Cloud Firewall
Google Cloud Functions
Google Cloud GKE
Google Cloud Load Balancing
Google Cloud Redis
Google Cloud Stackdriver
Google Cloud VPC
Google CloudSQL Metrics
Google Drive
Google Santa
Google Security Command Center
Graphite
GraphQL
Hashicorp Vault
HTTP
HTTP Check
IBM Resilient
IBM Websphere
Icinga
ICMP Check
Imperva Cloud WAF
Imperva WAF
InfluxDB
Infoblox BloxOne DDI
Infoblox NIOS
iptables
Istio
Jaeger
Jamf Compliance Reporter
Jamf Pro
Jamf Protect
JDBC
JIRA Data Center
JMS
JMX Jolokia
journald
JumpCloud
Juniper SRX Series
Kafka
Keycloak
Kubernetes
Kubernetes API Server
Kubernetes Controller Manager
Kubernetes Events
Kubernetes Metrics Service
Kubernetes Proxy
Kubernetes Scheduler
kvm
LastPass
Linux
Linux Audit Framework
Linux systemd journals
Log files (Generic)
LotL Attack Detection
Lumos
Lyve Cloud
Maltiverse
Malware Information Sharing Platform (MISP)
Mandiant Advantage
Memcached
Menlo Security
Microsoft 365 Defender
Microsoft Defender for Cloud
Microsoft Defender for Endpoint
Microsoft DHCP Server
Microsoft DNS Server
Microsoft Entra ID
Microsoft Exchange Message Trace
Microsoft Exchange Server
Microsoft Graph Activity
Microsoft OneDrive
Microsoft Outlook
Microsoft Sentinel
Microsoft SQL Server
Mimecast
ModSecurity
MongoDB
MongoDB Atlas
MQTT
Munin
NATS
NATS Streaming
NetFlow
Netscout Arbor Sightline
Netskope
Network Drive & File Systems
Network Packet Capture
NGINX
NGINX Ingress Controller
Notion
Okta
Okta Entity Analytics
OpenCanary
OpenCTI
OpenMetrics
OpenText Documentum
OpenTracing
OpsGenie
Oracle
Osquery Log Collection
Osquery Manager
PagerDuty
Palo Alto Cortex XDR
Palo Alto Prisma Access
Palo Alto Prisma Cloud
Pensando
pfSense
PHP
PHP FPM
Ping Federate
Ping Identity PingOne
Pleasant Password Server
PostgreSQL
PowerShell
Prebuilt Security Detection Rules
Prometheus
Prometheus Input
Proofpoint OnDemand
Proofpoint Targeted Attack Protection (TAP)
QNAP NAS
Qualys VMDR
RabbitMQ
Radware DefensePro
Rapid7 InsightVM
Rapid7 Threat Command
Recorded Future
Redis Enterprise
Salesforce Sandboxes
SentinelOne
SentinelOne Cloud Funnel
ServiceNow ITOM
ServiceNow SecOps
SharePoint Online
SharePoint Server
SNMP
Snort
Snyk
Sonicwall Firewall
Sophos Central
Sophos UTM
Sophos XG Firewall
SpyCloud
SQL
SQL Input
Squid Proxy
StatsD
Stormshield Network Security
Sublime Security
Suricata
Symantec Endpoint Protection
Sysdig
syslog
Sysmon
Sysmon for Linux
System
System Audit
Tanium
TCP Check
Teleport
Tenable Security Center
Tenable Vulnerability Management
ThreatConnect
ThreatQuotient
Thycotic Secret Server
Torq
Traefik
Trellix EDR Cloud
Trellix ePO
Trend Micro Deep Security
Trend Vision One
Tychon
Universal Profiling
Vectra Detect
VMware Carbon Black Cloud
VMware Carbon Black EDR
vSphere
WatchGuard Firebox
Web Crawler
Webhook
Windows
Wiz
X.509 SSL/TLS Certificate Check
xMatters
Zeek (Bro)
Zero Networks
ZeroFox
Zscaler Internet Access