Supported third-party data sources
The platform can ingest data sources from various third-party devices. Use the following table to see which sources you can use to fully augment your automated or analyst investigations.
Configure an ingestion data source to ingest, correlate, and enrich alerts from a vendor. Configure Universal Data Insights connectors to enable federated search and analytics across your security products. Configure Connected Assets and Risk connections to import asset data into the platform.
The following table indicates the connectors that are automatically included in the platform. For more information about Universal Data Insights (federated search) and Connected Assets and Risk (assets and risks) connectors that are not included in the platform, see the IBM® X-Force® Exchange / App Exchange (https://apps.xforce.ibmcloud.com/).
Vendor | Ingestion data source | Universal Data Insights | Connected Assets and Risk |
---|---|---|---|
Amazon Athena | ✓ | ||
Amazon CloudWatch | ✓ | ||
Amazon GuardDuty | ✓ | ||
Amazon Web Services | ✓ | ||
BigFix | ✓ | ||
Carbon Black Cloud | ✓ | ||
Carbon Black CB Response | ✓ | ||
Crowdstrike Falcon Insight | ✓ | ✓ | |
Cybereason | ✓ | ✓ | |
Darktrace | ✓ | ||
Darktrace NDR | ✓ | ||
Elasticsearch | ✓ | ||
IBM Security Guardium Insights | ✓ | ✓ | ✓ |
IBM Cloud Security Advisor | ✓ | ||
IBM Data Risk Manager | ✓ | ||
IBM Security QRadar SIEM | ✓ | ✓ | ✓ |
IBM Security QRadar on Cloud | ✓ | ✓ | |
IBM Security QRadar EDR | ✓ | ✓ | ✓ |
IBM Security Randori Recon | ✓ | ||
IBM Security Verify | ✓ | ✓ | |
IBM Security Verify Analytics | ✓ | ||
IBM Security Verify Privilege Vault | ✓ | ||
Micro Focus ArcSight | ✓ | ||
Microsoft 365 Defender | ✓ | ||
Microsoft Defender for Endpoint | ✓ | ✓ | ✓ |
Microsoft Azure Security Center | ✓ | ||
Microsoft Graph Security | ✓ | ||
Microsoft Sentinel | ✓ | ||
Okta | ✓ | ||
OneLogin | ✓ | ||
PaloAlto Cortex XDR | ✓ | ||
Proofpoint | ✓ | ||
Qualys | ✓ | ||
RHACS | ✓ | ||
SentinelOne | ✓ | ✓ | |
Splunk | ✓ | ✓ | |
STIX Bundle | ✓ | ||
Tenable | ✓ | ||
Vectra Threat Detection and Response Platform | ✓ |