Supported third-party data sources

The platform can ingest data sources from various third-party devices. Use the following table to see which sources you can use to fully augment your automated or analyst investigations.

Configure an ingestion data source to ingest, correlate, and enrich alerts from a vendor. Configure Universal Data Insights connectors to enable federated search and analytics across your security products. Configure Connected Assets and Risk connections to import asset data into the platform.

The following table indicates the connectors that are automatically included in the platform. For more information about Universal Data Insights (federated search) and Connected Assets and Risk (assets and risks) connectors that are not included in the platform, see the IBM® X-Force® Exchange / App Exchange (https://apps.xforce.ibmcloud.com/).

Vendor Ingestion data source Universal Data Insights Connected Assets and Risk
Amazon Athena    
Amazon CloudWatch    
Amazon GuardDuty    
Amazon Web Services    
BigFix    
Carbon Black Cloud    
Carbon Black CB Response    
Crowdstrike Falcon Insight  
Cybereason  
Darktrace    
Darktrace NDR    
Elasticsearch    
IBM Security Guardium Insights
IBM Cloud Security Advisor    
IBM Data Risk Manager    
IBM Security QRadar SIEM
IBM Security QRadar on Cloud  
IBM Security QRadar EDR
IBM Security Randori Recon    
IBM Security Verify  
IBM Security Verify Analytics    
IBM Security Verify Privilege Vault    
Micro Focus ArcSight    
Microsoft 365 Defender    
Microsoft Defender for Endpoint
Microsoft Azure Security Center    
Microsoft Graph Security    
Microsoft Sentinel    
Okta    
OneLogin    
PaloAlto Cortex XDR    
Proofpoint    
Qualys    
RHACS    
SentinelOne  
Splunk  
STIX Bundle    
Tenable    
Vectra Threat Detection and Response Platform