SIEM Integrations

API Integrations (TD API)

ThreatDefence SecOps Platform simplifies the complex task of managing security threats from various tools by integrating seamlessly with a wide range of external systems. Our platform is designed to ingest security events data and threat detections from third-party tools, making it a central hub for your Security Operations. We support Antivirus, Endpoint Detection and Response (EDR) systems, email and web security gateways, and more.

By leveraging API integrations, ThreatDefence streamlines the process of gathering and analyzing security data from various sources. This approach not only enhances the efficiency of security operations but also significantly improves the ability to detect and respond to sophisticated cyber threats.

Some examples of popular API integrations include AWS, Azure EventHub, CrowdStrike, Microsoft Defender and SentinelOne.

Syslog Integrations (TD Syslog)

We also support ingestion of standard syslog logs (firewalls, etc.)

All you need to do is set up a small virtual sensor within your environment. The sensor can aggregate syslog logs from multiple sources, and ship them to us is a secure and reliable way. The same sensor can be used to gather logs from multiple devices, or even from different customers or deployments.

Microsoft Entra ID / 365 Monitoring

As part of our SecOps product suite we support Microsoft 365 monitoring capability.

A major benefit is its compatibility across all Microsoft licensing tiers - we do not require premium P1/P2 licenses as a prerequisite for our solution to work.

Our platform offers comprehensive monitoring of user login sessions, activities on SharePoint and OneDrive, as well as Exchange Online events, among others. This allows for a detailed oversight of user interactions and system changes within the 365 environment.

Furthermore, we have incorporated a suite of predefined use cases and correlations designed to streamline the threat detection process within the MS 365 suite. This feature simplifies identifying potential security issues, making it easier for organizations to maintain a secure and efficient operational posture.