Integration pairs.
Real-world recipes between the platforms security teams actually use. Each page walks the design choices, the pitfalls, and the production code.
TIP → SIEM
MISP → Splunk
Send threat intelligence from MISP into Splunk so analysts can pivot on IOCs from inside their normal hunting workflow without leaving the S…
EDR → SIEM
CrowdStrike Falcon → IBM QRadar
Forward CrowdStrike Falcon detections into IBM QRadar so endpoint signal participates in offense correlation alongside firewall, identity, a…
Enrichment → TIP
VirusTotal → ThreatQ (ThreatQuotient)
Enrich existing ThreatQ indicators with VirusTotal verdicts so analysts have multi-engine context inline with the indicator record. The inte…
TIP → SIEM
MISP → Microsoft Sentinel
Push MISP threat intelligence into Microsoft Sentinel's Threat Intelligence indicator API so detection rules and workbooks can pivot on IOCs…
Enrichment → SIEM
Shodan → Elastic Security
Pull external attack-surface data from Shodan and index it in Elasticsearch so the SOC can monitor exposure changes alongside endpoint and i…
SIEM → SOAR
IBM QRadar → Cortex XSOAR (Palo Alto)
Forward new QRadar offenses into Cortex XSOAR as incidents so playbooks can triage, enrich, and respond automatically. The integration polls…