24 platforms. Any source. Any destination.

Pick two. Describe what you need. Rinox handles the API calls, pagination, authentication, data mapping, state management, and error handling.

552 possible integration pairs. Each one production-ready.

Threat Intelligence Platforms

Anomali ThreatStream

Commercial TIP with curated intelligence feeds and a scoring engine. REST API for indicator lifecycle.

CTM360 Cyber Blindspot

GroupIB

MISP

The standard for threat intelligence sharing across CERTs and SOC teams. Event-attribute model with restSearch API.

OpenCTI

STIX2-native threat intelligence platform with GraphQL API. Strong on relationship mapping and knowledge management.

Resecurity

ThreatQ

Operationalizes threat data with a data-driven approach to threat intelligence. REST API for indicator and adversary management.

SIEM

Elastic Security

Open security analytics on Elasticsearch. Bulk API for ingestion, detection rules engine, timeline investigation.

IBM QRadar

Offense-based SIEM with AQL analytics. Ariel database for event storage, REST API for offense and reference data management.

Microsoft Sentinel

Cloud-native SIEM on Azure. KQL for queries, Log Analytics Data Collector API for ingestion, Threat Intelligence API for indicators.

Splunk

The enterprise SIEM. HTTP Event Collector for ingestion, SPL for search, REST API for everything else.

SOAR

Cortex XSOAR (Palo Alto)

Palo Alto's SOAR platform. Playbook-driven automation with a marketplace of 700+ integrations. REST API for incident and indicator management.

IBM Resilient

Incident response platform with case management workflows. REST API for incidents, artifacts, and tasks.

Splunk SOAR (Phantom)

Formerly Phantom. Visual playbook builder with REST API for actions, artifacts, and container management.

EDR / XDR

Carbon Black

VMware's EDR platform. REST API for alerts, devices, and process events with watchlist-based detection.

CrowdStrike Falcon

Cloud-delivered endpoint protection. OAuth2 API with streaming for detections, host management, and real-time response.

ForeScout

Microsoft Defender for Endpoint

Enterprise EDR in the Microsoft 365 ecosystem. Graph API for alerts, machines, and advanced hunting.

SentinelOne

Autonomous AI-driven endpoint security. REST API for threats, agents, and deep visibility queries.

Threat Intel Feeds / Enrichment

AbuseIPDB

Community-driven IP reputation database. API for check, report, and bulk operations with confidence scoring.

AlienVault OTX

Open threat exchange with community-sourced pulses. DirectConnect API for indicator and pulse retrieval.

GreyNoise

Separates targeted attacks from internet background noise. RIOT API for benign services, Community API for scan classification.

Shodan

Internet-wide scanner and search engine for connected devices. API for host lookup, search, and network monitoring.

VirusTotal

Multi-engine file and URL analysis. API v3 for hash/IP/domain lookups with community scores and vendor verdicts.

Popular integration pairs

MISP→SplunkIOC attribute sync via HEC CrowdStrike→QRadarDetection forwarding with offense correlation VirusTotal→ThreatQHash enrichment and indicator import MISP→SentinelThreat intelligence indicator sync Shodan→ElasticAsset discovery and exposure monitoring QRadar→XSOAROffense-to-incident automated triage

Pick your pair.

Generate integration