STEP 01
Describe
Pick a source platform, a destination, and tell us in plain English what data should move and how often.
01 / DESCRIBE → 02 / GENERATE
v0.4 · RINOX IRON pipeline live
Paste your use case.
Get production-ready
integration code.
Vendor integrations in cybersecurity take 8–12 months. Rinox writes the connector — logging, auth, retries, state, dedup — in under 30 seconds, following a battle-tested seven-section template.
● 5 free generations● No credit card● Python or Bash
24 platforms supported · paste a doc URL to add yours
Threat Intelligence Platforms
Anomali ThreatStreamCTM360 Cyber BlindspotGroupIBMISPOpenCTIResecurityThreatQ
SIEM
Elastic SecurityIBM QRadarMicrosoft SentinelSplunk
SOAR
Cortex XSOAR (Palo Alto)IBM ResilientSplunk SOAR (Phantom)
EDR / XDR
Carbon BlackCrowdStrike FalconForeScoutMicrosoft Defender for EndpointSentinelOne
Threat Intel Feeds / Enrichment
AbuseIPDBAlienVault OTXGreyNoiseShodanVirusTotal
● The pipeline
Three steps. Zero boilerplate.
Every integration follows the RINOX IRON standard — fetch, translate, deliver, save state — guaranteeing at-least-once delivery and zero data loss between cron runs.
STEP 02
Generate
Claude writes the connector against your platform's API docs, following the seven-section RINOX template and the IRON spec.
02 / GENERATE → 03 / DEPLOY
STEP 03
Deploy
Download .py / .sh, drop in env vars, schedule it. README ships with cron examples and failure-mode notes.
03 / DEPLOY → ⓘ live
● New artifact
One prompt. Now also an MCP server.
Beyond source-to-destination connectors, Rinox wraps any single platform as an agent-callable MCP server — typed tools, env-based auth, write-gating, structured errors — in Python or TypeScript, graded against the MCP IRON standard.
search_attributesread
get_eventread
list_eventsread
add_attributewrite
✓ MCP IRON verified
● The standard
The RINOX IRON
specification.
Five phases and five appendices, derived from real production failures. Every generation is graded against them before it leaves the API.
Read the full specPHASE 0 enforced
Iron pipeline · fetch → translate → deliver → save
State is only persisted after the destination ACKs. Failed delivery never advances the cursor.
PHASE 1 enforced
Right endpoint check
Bulk ingestion endpoints over admin REST. HEC, not /services/receivers/simple.
PHASE 2 enforced
Idempotent state
Cursor + processed-IDs persisted to JSON. --initial flag for backfill.
PHASE 3 enforced
N+1 elimination
Use ?include=, ?expand=, nested payloads. No per-item loops for sub-attributes.
PHASE 4 enforced
Serialization integrity
NDJSON for HEC. Compact JSON for bash pipes. No pretty-print where it matters.
PHASE 5 enforced
Contextual fidelity
Source timestamps preserved. Never time.now(). Lifecycle metadata at child-object level.
APP. A enforced
Granular dedup
Track child UUIDs, not parent containers. Synthetic hashes if needed.
APP. B enforced
Bounded state
FIFO-cap processed IDs. Ordered list + lookup set, never bare set().
APP. C enforced
Type-safe casting
Always cast string timestamps to int before max()/sort. Alphabetical ordering ≠ chronological.
APP. D enforced
Conditional advancement
Cursor only advances on 2xx ACK. 503 on destination = retry, not data-loss.
● FAQ
The questions that come up in procurement.
How accurate is the generated code?
Generated scripts follow the seven-section Rinox template and pass the RINOX IRON standard (Phase 0 pipeline plus Appendices A-E). For platforms with uploaded API documentation, accuracy is high enough that most scripts run after only environment-variable configuration. For platforms relying on the model's training knowledge, we render a disclaimer recommending you verify endpoints against your specific version before production use.
What authentication schemes are supported?
API keys, OAuth2 client-credentials, basic auth, bearer tokens, HMAC-signed requests, mutual TLS, and platform-specific schemes such as Splunk HEC tokens, Falcon API client/secret pairs, and Sentinel app-only auth via Entra ID. Credentials are always loaded from environment variables, never hardcoded.
Is Rinox available on-prem or self-hosted?
Not yet. Today Rinox runs on rinox.io. Enterprise self-hosting is on the roadmap. If your environment requires it, reach out via the contact form.
Does Rinox store my prompts?
Generation prompts and outputs are retained for up to 30 days to support troubleshooting and quality improvement. After that, generation records are removed from production systems. See the security page for the full retention policy.
Which model powers Rinox?
The active model is configurable from the admin panel and can be switched between Claude Opus, Sonnet, and Haiku without redeploying. The default is Claude Sonnet 4.6. The model in use is recorded with every generation for traceability.
● Pricing
Built for your scale.
Five free generations to try the product. For team and enterprise pricing — including single-tenant, SSO, and on-prem — get in touch.
Contact us/contact