Configure partner-hosted integrations
This is a list of technology partners that host an integration with Google Security Operations. Each row provides specific integration details.
- Vendor: Name of technology partner company providing the product and product's integration with Google SecOps.
- Product: Name of the vendor's product with Google SecOps integration, along with embedded link to information about the product and Google SecOps integration.
- Description: A brief description of the product and its integration with Google SecOps.
- Integration functions: A brief list of core data flow functions the integration provides.
For additional Google SecOps integrations developed by Google, visit our extensive list of default parsers and a list of response integrations .
If you're a technology provider and want to build an integration for your product with Google SecOps, complete the Google SecOps Integration Partner Request Form .
Vendor
Product
Description
Integration functions
Andesite
Andesite
Enables analysts to seamlessly investigate alerts and perform threat hunting across Google SecOps and all their data sources and security tools. This is all combined in the Andesite bionic SOC's decision layer.
Pulls Google SecOps data into your product platform.
Atlassian
This integration sends Google SecOps incidents detected to Jira for ticket
management and tracking.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Atlassian
This integration sends Google SecOps incidents detected to Jira for ticket
management and tracking.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Beacon Security
This integration enables seamless ingestion from any source with
security-aware optimization, enrichment, and normalization for improved
coverage, detection and investigation.
Pre-parsed normalized logs using the Ingestion API or Webhook, and
pre-parsed raw logs using Ingestion API or Webhook.
CardinalOps
This integration expands coverage with tailored detections, monitors log health,
and operationalizes curated detections.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Censys
This integration sends your externally facing asset and risk data from
Censys ASM to Google SecOps for alerting, remediation, and reporting.
Sends data pre-parsed/normalized to Google SecOps UDM
Chronosphere
This integration expands coverage with tailored detections, monitors log health, and operationalizes curated detections.
Sends data pre-parsed/normalized to Google SecOps UDM and sends raw log data to Google SecOps.
Contrast Security
This integration sends Contrast Security ADR Attack Events, incidents, and related issues to Google SecOps.
Sends pre-parsed normalized logs using the Ingestion API or Webhook.
Corrata Limited
This integration provides Google SecOps with coverage
for the detected mobile endpoint threats including phishing attempts, malware
detections, and network attacks.
Sends pre-parsed or normalized data to Google SecOps UDM.
CounterCraft
This integration feeds real-time, rich telemetry from attackers in
deception environments to Google SecOps for advanced analysis in UDM format.
Sends pre-parsed normalized logs using the Ingestion API or Webhook.
Cylus CyberSecurity
This integration connects CylusOne rail OT threat detection, response,
and visibility with Google SecOps, streamlining operational
resilience.
Pre-parsed normalized logs using the Ingestion API or Webhook, and
response integration.
Cyolo Security
This integration delivers unified, identity-aware access visibility for faster threat and anomaly detection, response, and compliance.
Sends pre-parsed normalized logs using the Ingestion API or Webhook.
Darktrace
This integration enables Google SecOps to ingest Darktrace Incidents and Model Alerts via API.
Pulls Google SecOps data into your product platform by ingesting pre-parsed raw logs using the Ingestion API or Webhook, and response integration.
DataBahn.ai (DataBahn LLC)
This integration enables DataBahn's Security Data Fabric to collect,
parse, structure and enrich a wide variety of data sources into Google SecOps
to deliver relevant and optimal insights.
Sends data pre-parsed/normalized to Google SecOps UDM
and sends raw log data to Google SecOps.
Dataminr
Dataminr Pulse for Google SecOps
(Sign in to Dataminr to view the page)
This integration brings Dataminr AI-powered real-time intelligence into Google SecOps,
accelerating detection and response for emerging threats.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Dropzone AI
This integration enables autonomous investigation of security alerts, combining Google SecOps detection capabilities with AI-driven automation using Dropzone AI's platform.
Pulls Google SecOps data into your product platform.
Endace Measurement Systems Ltd
This integration lets Google SecOps users move to EndaceVision
to retrieve the related full packet data (before, during, and after the event),
providing forensic evidence and the detailed scope of compromise.
Pre-parsed normalized logs using the Ingestion API or Webhook, pre-parsed raw logs using Ingestion API or Webhook, Response Integration.
Entro Security
Entro Security
(Sign in to view)
This integration provides Google SecOps and Entro
Security users with the ability to act on and view their Entro Security
data using the Google SecOps platform.
Pre-parsed normalized logs using the Ingestion API or Webhook,
pre-parsed raw logs using Ingestion API or Webhook, and custom parser.
Fig Security
Fig
This integration finds and fixes broken flows across the Google SecOps infrastructure that prevent the SOC from detecting and responding to threats.
Sends pre-parsed normalized logs using the Ingestion API or Webhook.
Pre-parsed raw logs using the Ingestion API or Webhook.
Custom parser.
Pulling SecOps pulls Google SecOps data into your product platform.
Detection rules.
Gigamon
This integration amplifies the power of Google SecOps
with actionable application and network-derived intelligence and insights
from Gigamon.
Pre-parsed normalized logs using the Ingestion API or Webhook, and
pre-parsed raw logs using Ingestion API or Webhook.
GreyNoise
This integration provides a method for
importing GreyNoise IPv4 internet scanners into Google SecOps.
Sends pre-parsed or normalized data to Google SecOps UDM and sends
raw log data to Google SecOps.
Group-IB
This integration syncs Group-IB DRP with Google SecOps to detect malicious infrastructure and block brand attacks before they even go live.
Response Integration
Group-IB
This integration adds Group-IB Threat Intelligence to Google SecOps, turning raw alerts into actionable context on actor motives and tactics.
Response Integration
Intezer
Intezer
(Sign in to view)
This integration ingests Google SecOps alerts into
Intezer and lets Intezer query Google SecOps data during
investigations for autonomous triage.
Pulls Google SecOps data into your product platform.
Lucidum
Lucidum enhances your workflow, working in harmony with
Google SecOps, without requiring you to replace or overhaul
your current solutions.
Sends data pre-parsed/normalized to Google SecOps UDM
and sends raw log data to Google SecOps.
Nozomi Networks
This integration monitors OT and IoT environments for risk. The integration pushes
the OT and IoT asset detail, vulnerability, and alert data to Google SecOps for
advanced correlations and analysis.
Sends pre-parsed or normalized data to Google SecOps UDM and sends
raw log data to Google SecOps.
NXLog
NXLog
*
This integration sends raw logs to Google SecOps where a Google SecOps
default parser can then automatically normalize the data into the Google SecOps
UDM.
Sends raw log data to Google SecOps.
Bindplane (formerly known as observIQ)
This integration uses Bindplane's advanced observability pipeline to
collect, refine, and transmit metrics, logs, and traces to Google SecOps
, providing deeper insights with reduced data noise.
Sends data pre-parsed/normalized to Google SecOps UDM
and sends raw log data to Google SecOps.
Palo Alto Networks
Cortex
*
This integration sends logs from Cortex to Google SecOps SIEM.
Sends pre-parsed or normalized data to Google SecOps UDM.
Palo Alto Networks
XSOAR
*
This integration ingests alerts from Google SecOps SIEM to Cortex XSOAR.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Picus Security
This integration continuously evaluates the effectiveness of Google SecOps
SIEM against simulated attacks.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Polarity
This integration allows the automated queries to Google SecOps events,
assets, and IOC details from the Polarity overlay window.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Portnox
This integration sends user, device, and access data from Portnox Cloud to Google SecOps to improve detection and response.
Sends pre-parsed normalized logs using the Ingestion API or a Webhook.
Prophet Security
This integration allows Prophet AI to investigate detections from
Google SecOps. Prophet AI pulls detections, runs search
queries, and updates detection states as part of its investigations.
Pulls Google SecOps data into your product platform,
and response integration.
Recolab
This integration surfaces Reco's SaaS data risk alerts, user activity, and audit logs in Google SecOps UDM for unified detection and investigation.
Pulls Google SecOps data into your product platform by ingesting pre-parsed raw logs using the Ingestion API or Webhook custom parser.
Recorded Future
This integration This integration enriches indicators, analyzes files in a sandbox, and consolidates alert management using Recorded Future intelligence:
Automate response workflows,
Send integrated product alerts directly to SOAR for case management,
Send information back to the integrated product through SOAR.
ServiceNow
ITSM
*
This integration sends Google SecOps incidents to ServiceNow ITSM to simplify incident
response. Google SecOps integration also provides enrichment details and
seamless detailed lookup directly from the ITSM interface.
Pulls Google SecOps data into the product using Google SecOps
APIs.
ServiceNow
This integration sends Google SecOps security incidents to ServiceNow Security
Operations to simplify incident response. When IOCs and alerts related to
enterprise assets or users or malicious domains are detected, incidents are
generated in Security Operations for an immediate follow-up.
Pulls Google SecOps data into the product using Google SecOps
APIs.
ServiceNow
This integration leverages the Google SecOps enrichment details and seamless threat
lookup directly from the ServiceNow Security Operations interface.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Silent Push
This integration enables users to leverage Silent Push threat intelligence within Google SecOps to enrich security events and alerts with contextual threat data, automate incident investigation, and enhance detection and response workflows. Silent Push supports preemptive cyber defense by exposing threat actor infrastructure as it is being established through its Indicators of Future Attack (IOFA)™. By mapping the internet from an attacker's perspective, Silent Push allows security teams to identify and neutralize threats before an attack is launched, moving beyond the limitations of reactive cybersecurity.
Response integration, detection rules
Silverfort
Silverfort Platform
(Sign in to view)
This integration unifies Silverfort Identity Security with Google SecOps, enabling automated entity risk management, service account protection, and policy enforcement from SOAR playbooks.
Response integration
Siscale AI Inc. DBA Arcanna.ai
This integration enables Siscale AI-driven decision intelligence to integrate with
Google SecOps data for faster and more accurate responses to cyber threats.
Pulls Google SecOps data into the product using Google SecOps
APIs.
SnapAttack
This integration involves SnapAttack, an intelligence-driven threat detection platform, that
provides detection rules and hunting searches implemented in Google SecOps.
Pulls Google SecOps data into the product using Google SecOps APIs and
pushes YARA-L rules into Google SecOps using Google SecOps APIs.
Spacewalk
This integration agentically queries Google SecOps to run autonomous threat hunts, triage alerts, and accelerate incident response.
Pulls Google SecOps data into your product platform.
Stairwell
This integration lets enterprises automatically enrich their IoC telemetry
with Stairwell's malware data to accelerate threat intelligence operationalization.
Response integration
SupercloudNow
This integration forwards logs to Google SecOps, clusters raw data, and generates parsers for automated normalization and analysis.
It sends:
- Pre-parsed normalized logs using Ingestion API or Webhook.
- Pre-parsed raw logs using Ingestion API, Webhook, or a custom parser.
Superna
This integration maps the zero trust cyber storage fields into
Google SecOps UDM where custom Google SecOps detection rules
can trigger alerts and uncover IOCs.
Sends pre-parsed or normalized data to Google SecOps UDM.
Synqly
This integration provides high-fidelity connectivity and bi-directional data transformation with Google SecOps via Synqly.
Sends pre-parsed or normalized data to Google SecOps UDM.
Thinkst
This integration delivers alerts from your Thinkst Canary Console into
Google SecOps, enabling faster investigation, case
creation, and streamlined acknowledgement.
Response integration.
ThreatQuotient, Inc.
This integration enables the automatic dissemination of IOCs from ThreatQ
to Google SecOps.
Sends pre-parsed or normalized data to Google SecOps UDM.
ThreatQuotient, Inc.
This integration enables the automatic ingestion of Google SecOps
detections into ThreatQ platform as ThreatQ events.
Pulls Google SecOps data into the product using Google SecOps
APIs.
Tidal Cyber
This is a Cyber Defense Intelligence (CDI) integration that pulls
configuration and policy data straight from your environment to map
capabilities to MITRE ATT&CK and synchronize detection rules.
Pulls Google SecOps data into your product platform.
Tines
This integration involves Tines workflow automation for frontline teams and Google SecOps
to provide rich event and entity data, enhanced analysis, and deeper insights.
Pulls Google SecOps data into the product using Google SecOps
APIs and updates the reference list.
Torq Technologies
This integration sends Google SecOps alerts to Torq to
create cases and manage the full lifecycle through remediation.
Pulls Google SecOps data into your product platform by
ingesting raw logs (pre-parsed) using the Ingestion API or Webhook, custom
parser, and response integration.
Upstream Security
This integration monitors connected vehicles and IoT devices for security
events and other threats. The integration pushes alerts and events to Google SecOps
for advanced correlation, analysis and response.
Sends raw log data to Google SecOps.
Vali Cyber
This integration enables Google SecOps to ingest
ZeroLock hypervisor and Linux security events for deeper threat
visibility.
Sends raw log data to Google SecOps.
Vorlon
This integration closes the SaaS and cloud security gap. It gives security
teams unified visibility, automated response, and the deep context needed
for advanced incident response. By bridging SaaS ecosystem security and
cloud-scale security operations, the integration helps organizations outpace
evolving threats, reduce operational overhead, and confidently secure digital
transformation initiatives.
Pulls Google SecOps data into your product platform, response integration.
ZeroFox
ZeroFox
(Sign in to ZeroFox to view the page)
This integration sends the Google SecOps phishing, fraud, botnet, credential,
data breach, physical, and other threat data to protect brands, domains, people,
and assets.
Sends pre-parsed or normalized data to Google SecOps UDM.
Zoho
This integration sends raw logs from ZohoVault to Google SecOps SIEM.
Sends pre-parsed raw logs using the Ingestion API or a Webhook.
* indicates that Google manages the integration hosted on the vendor's site.
