Technology partner-hosted Google SecOps integrations
This is a list of technology partners that host an integration with Google Security Operations. Each row provides specific integration details.
- Vendor: Name of technology partner company providing the product and product's integration with Google SecOps.
- Product: Name of the vendor's product with Google SecOps integration, along with embedded link to information about the product and Google SecOps integration.
- Description: A brief description of the product and its integration with Google SecOps.
- Integration functions: A brief list of core data flow functions the integration provides.
For additional Google SecOps integrations developed by Google, visit our extensive list of default parsers and a list of response integrations.
If you're a technology provider and want to build an integration for your product with Google SecOps, complete the Google SecOps Integration Partner Request Form.
| Vendor | Product | Description | Integration functions |
|---|---|---|---|
| Atlassian | Jira cloud* | This integration sends Google SecOps incidents detected to Jira for ticket management and tracking. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Atlassian | Jira on-premises* | This integration sends Google SecOps incidents detected to Jira for ticket management and tracking. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Beacon Security | Beacon | This integration enables seamless ingestion from any source with security-aware optimization, enrichment, and normalization for improved coverage, detection and investigation. | Pre-parsed normalized logs using the Ingestion API or Webhook, and pre-parsed raw logs using Ingestion API or Webhook. |
| CardinalOps | CardinalOps detection posture management platform | This integration expands coverage with tailored detections, monitors log health, and operationalizes curated detections. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Censys | Censys Attack Surface Management | This integration sends your externally facing asset and risk data from Censys ASM to Google SecOps for alerting, remediation, and reporting. | Sends data pre-parsed/normalized to Google SecOps UDM |
| Chronosphere | Chronosphere Telemetry Pipeline | This integration expands coverage with tailored detections, monitors log health, and operationalizes curated detections. | Sends data pre-parsed/normalized to Google SecOps UDM and sends raw log data to Google SecOps. |
| Corrata Limited | Corrata mobile threat defense | This integration provides Google SecOps with coverage for the detected mobile endpoint threats including phishing attempts, malware detections, and network attacks. | Sends pre-parsed or normalized data to Google SecOps UDM. |
| CounterCraft | The Platform | This integration feeds real-time, rich telemetry from attackers in deception environments to Google SecOps for advanced analysis in UDM format. | Sends pre-parsed normalized logs using the Ingestion API or Webhook. |
| Cylus CyberSecurity | CylusOne | This integration connects CylusOne rail OT threat detection, response, and visibility with Google SecOps, streamlining operational resilience. | Pre-parsed normalized logs using the Ingestion API or Webhook, and response integration. |
| DataBahn.ai (DataBahn LLC) | Databahn.ai Data Fabric | This integration enables DataBahn's Security Data Fabric to collect, parse, structure and enrich a wide variety of data sources into Google SecOps to deliver relevant and optimal insights. | Sends data pre-parsed/normalized to Google SecOps UDM and sends raw log data to Google SecOps. |
| Dataminr | Dataminr Pulse for Google SecOps (Sign in to Dataminr to view the page) | This integration brings Dataminr AI-powered real-time intelligence into Google SecOps, accelerating detection and response for emerging threats. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Dropzone AI | Dropzone AI | This integration enables autonomous investigation of security alerts, combining Google SecOps detection capabilities with AI-driven automation using Dropzone AI's platform. | Pulls Google SecOps data into your product platform. |
| Endace Measurement Systems Ltd | EndaceProbe | This integration lets Google SecOps users move to EndaceVision to retrieve the related full packet data (before, during, and after the event), providing forensic evidence and the detailed scope of compromise. | Pre-parsed normalized logs using the Ingestion API or Webhook, pre-parsed raw logs using Ingestion API or Webhook, Response Integration. |
| Entro Security | Entro Security | This integration provides Google SecOps and Entro Security users with the ability to act on and view their Entro Security data using the Google SecOps platform. | Pre-parsed normalized logs using the Ingestion API or Webhook, pre-parsed raw logs using Ingestion API or Webhook, and custom parser. |
| Gigamon | GigaVUE Cloud Suite for Google Cloud | This integration amplifies the power of Google SecOps with actionable application and network-derived intelligence and insights from Gigamon. | Pre-parsed normalized logs using the Ingestion API or Webhook, and pre-parsed raw logs using Ingestion API or Webhook. |
| GreyNoise | GreyNoise | This integration provides a method for importing GreyNoise IPv4 internet scanners into Google SecOps. | Sends pre-parsed or normalized data to Google SecOps UDM and sends raw log data to Google SecOps. |
| Intezer | Intezer
(Sign in to view) |
This integration ingests Google SecOps alerts into Intezer and lets Intezer query Google SecOps data during investigations for autonomous triage. | Pulls Google SecOps data into your product platform. |
| Lucidum | Lucidum | Lucidum enhances your workflow, working in harmony with Google SecOps, without requiring you to replace or overhaul your current solutions. | Sends data pre-parsed/normalized to Google SecOps UDM and sends raw log data to Google SecOps. |
| Nozomi Networks | Vantage | This integration monitors OT and IoT environments for risk. The integration pushes the OT and IoT asset detail, vulnerability, and alert data to Google SecOps for advanced correlations and analysis. | Sends pre-parsed or normalized data to Google SecOps UDM and sends raw log data to Google SecOps. |
| NXLog | NXLog* | This integration sends raw logs to Google SecOps where a Google SecOps default parser can then automatically normalize the data into the Google SecOps UDM. | Sends raw log data to Google SecOps. |
| Bindplane (formerly known as observIQ) | Bindplane | This integration uses Bindplane's advanced observability pipeline to collect, refine, and transmit metrics, logs, and traces to Google SecOps , providing deeper insights with reduced data noise. | Sends data pre-parsed/normalized to Google SecOps UDM and sends raw log data to Google SecOps. |
| Palo Alto Networks | Cortex* | This integration sends logs from Cortex to Google SecOps SIEM. | Sends pre-parsed or normalized data to Google SecOps UDM. |
| Palo Alto Networks | XSOAR* | This integration ingests alerts from Google SecOps SIEM to Cortex XSOAR. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Picus Security | Picus Security Validation Platform | This integration continuously evaluates the effectiveness of Google SecOps SIEM against simulated attacks. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Polarity | Polarity | This integration allows the automated queries to Google SecOps events, assets, and IOC details from the Polarity overlay window. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Prophet Security | Prophet AI | This integration allows Prophet AI to investigate detections from Google SecOps. Prophet AI pulls detections, runs search queries, and updates detection states as part of its investigations. | Pulls Google SecOps data into your product platform, and response integration. |
| Recorded Future | Recorded Future | This integration This integration enriches indicators, analyzes files in a sandbox, and consolidates alert management using Recorded Future intelligence: | Automate response workflows, Send integrated product alerts directly to SOAR for case management, Send information back to the integrated product through SOAR. |
| ServiceNow | ITSM* | This integration sends Google SecOps incidents to ServiceNow ITSM to simplify incident response. Google SecOps integration also provides enrichment details and seamless detailed lookup directly from the ITSM interface. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| ServiceNow | Security Operations* | This integration sends Google SecOps security incidents to ServiceNow Security Operations to simplify incident response. When IOCs and alerts related to enterprise assets or users or malicious domains are detected, incidents are generated in Security Operations for an immediate follow-up. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| ServiceNow | Threat Intelligence* | This integration leverages the Google SecOps enrichment details and seamless threat lookup directly from the ServiceNow Security Operations interface. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Siscale AI Inc. DBA Arcanna.ai | Arcanna.ai | This integration enables Siscale AI-driven decision intelligence to integrate with Google SecOps data for faster and more accurate responses to cyber threats. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| SnapAttack | SnapAttack | This integration involves SnapAttack, an intelligence-driven threat detection platform, that provides detection rules and hunting searches implemented in Google SecOps. | Pulls Google SecOps data into the product using Google SecOps APIs and pushes YARA-L rules into Google SecOps using Google SecOps APIs. |
| Stairwell | Stairwell Platform | This integration lets enterprises automatically enrich their IoC telemetry with Stairwell's malware data to accelerate threat intelligence operationalization. | Response integration |
| Superna | Data Security Edition | This integration maps the zero trust cyber storage fields into Google SecOps UDM where custom Google SecOps detection rules can trigger alerts and uncover IOCs. | Sends pre-parsed or normalized data to Google SecOps UDM. |
| Thinkst | Thinkst Canary | This integration delivers alerts from your Thinkst Canary Console into Google SecOps, enabling faster investigation, case creation, and streamlined acknowledgement. | Response integration. |
| ThreatQuotient, Inc. | Google SecOps IOC Exporter Action | This integration enables the automatic dissemination of IOCs from ThreatQ to Google SecOps. | Sends pre-parsed or normalized data to Google SecOps UDM. |
| ThreatQuotient, Inc. | Google SecOps Detections Connector | This integration enables the automatic ingestion of Google SecOps detections into ThreatQ platform as ThreatQ events. | Pulls Google SecOps data into the product using Google SecOps APIs. |
| Tidal Cyber | Tidal Cyber Enterprise Edition | This is a Cyber Defense Intelligence (CDI) integration that pulls configuration and policy data straight from your environment to map capabilities to MITRE ATT&CK and synchronize detection rules. | Pulls Google SecOps data into your product platform. |
| Tines | Tines | This integration involves Tines workflow automation for frontline teams and Google SecOps to provide rich event and entity data, enhanced analysis, and deeper insights. | Pulls Google SecOps data into the product using Google SecOps APIs and updates the reference list. |
| Torq Technologies | Torq | This integration sends Google SecOps alerts to Torq to create cases and manage the full lifecycle through remediation. | Pulls Google SecOps data into your product platform by ingesting raw logs (pre-parsed) using the Ingestion API or Webhook, custom parser, and response integration. |
| Upstream Security | Upstream Security | This integration monitors connected vehicles and IoT devices for security events and other threats. The integration pushes alerts and events to Google SecOps for advanced correlation, analysis and response. | Sends raw log data to Google SecOps. |
| Vali Cyber | ZeroLock | This integration enables Google SecOps to ingest ZeroLock hypervisor and Linux security events for deeper threat visibility. | Pulls Google SecOps data into your product platform by ingesting raw logs (pre-parsed) using the Ingestion API or Webhook. |
| Vorlon | Vorlon | This integration closes the SaaS and cloud security gap. It gives security teams unified visibility, automated response, and the deep context needed for advanced incident response. By bridging SaaS ecosystem security and cloud-scale security operations, the integration helps organizations outpace evolving threats, reduce operational overhead, and confidently secure digital transformation initiatives. | Pulls Google SecOps data into your product platform, response integration. |
| ZeroFox | ZeroFox (Sign in to ZeroFox to view the page) | This integration sends the Google SecOps phishing, fraud, botnet, credential, data breach, physical, and other threat data to protect brands, domains, people, and assets. | Sends pre-parsed or normalized data to Google SecOps UDM. |
* indicates that Google manages the integration hosted on the
vendor's site.