Integrations

23+ producers, one pipeline.

SIEM, EDR, identity, productivity, threat intel, ticketing — all wired into the 14-step investigation pipeline. No scripts, no middleware, no vendor lock-in.

Featured

Day-one integrations.

Browse by category.

Each integration is a full tool inside the agent pipeline — not just a log source.

Core
M

Microsoft Sentinel

SIEM

Native alert ingestion, custom detection rules, Log Analytics queries, and workspace deployment.

SIEM
Core
G

Google SecOps

SIEM · formerly Chronicle

UDM ingestion, YARA-L detections, feed management and single-tenant instances.

SIEM
Core
S1

SentinelOne

EDR / XDR

Deep Visibility queries, storyline traversal, and remote shell for containment actions.

EDR
Core
CS

CrowdStrike Falcon

EDR / XDR

IOA detection, host containment, RTR (real-time response), and prevention policy tuning.

EDR
D

Defender for Endpoint

Microsoft

Advanced hunting queries, live response, and ASR rule deployment.

EDR
Core
EN

Entra ID

Identity · Microsoft

Sign-in logs, risk detections, Conditional Access deployment, and privileged role auditing.

IDENTITY
GW

Google Workspace

Identity · Admin SDK

Admin SDK reports, OAuth app auditing, user lifecycle events.

IDENTITY
NEW
OK

Okta

Identity

System log ingestion, policy auditing, and remote session management.

IDENTITY
Core
36

Microsoft 365

Exchange · SharePoint · Teams

Full Graph API coverage: mailbox, OneDrive, SharePoint, Teams, Purview.

PRODUCTIVITY
Core
GW

Workspace Apps

Gmail · Drive · Meet · Chat

Directory, Drive activity, Gmail delegations, and Meet policies.

PRODUCTIVITY
IN

Intune

Device management

Compliance policies, config profiles, app protection, and Autopilot.

PRODUCTIVITY
Core
VT

VirusTotal

File / URL / IP reputation

Bulk IOC enrichment and vendor-consensus scoring.

INTEL
Core
AB

AbuseIPDB

IP reputation

Confidence-scored IP threat intelligence with abuse categories.

INTEL
SH

Shodan

Exposed infra intel

Banner, port, and service fingerprinting for IP addresses.

INTEL
WH

WHOIS / RDAP

Domain registration

Registrar, nameserver, and age data for reputation decisions.

INTEL
Core
JR

Jira Service Mgmt

Ticketing

Auto-create incidents, post updates, attach evidence, close on resolution.

TICKETING
FD

Freshdesk

Ticketing

Ticket creation, status sync, and private notes for client-facing channels.

TICKETING
Core
SL

Slack

Chat · HITL

Block Kit approvals, DM escalations, and rich incident cards.

CHAT / HITL
Core
MS

Microsoft Teams

Chat · HITL

Adaptive Cards for approvals, channel notifications, and bot interactions.

CHAT / HITL
Core
PD

PagerDuty

On-call · HITL

Incident creation with severity-based routing and escalation policies.

CHAT / HITL
Developer API

Can't find it? Build it.

Every capability SocGenie exposes to its agents is also a REST API. Webhooks push incidents to your systems, our SDK pulls data for dashboards, and custom tools plug into the agent pipeline.

  • Full OpenAPI 3.1 spec
  • TypeScript / Python / Go SDKs
  • Webhook events on every lifecycle step
  • Custom agent tools via MCP
// Fetch latest incidents
POST https://api.socgenie.io/v1/incidents/query
Authorization: Bearer sk_live_...
 
{
  "tenant": "contoso.co.uk",
  "severity": ["HIGH", "CRITICAL"],
  "since": "2026-04-01T00:00:00Z"
}
 
// Returns
{ "incidents": [...], "cursor": "..." }

Wire up your stack in 30 minutes.

OAuth for everything. Connectors pre-built. Documentation that doesn't lie.

Start free trial See pipeline →