Verified live APIs where it counts.
Two Live Direct API integrations today — CrowdStrike Falcon and Okta Identity Cloud. Additional systems are supported as evidence sources via SDK, manual ingestion, or category adapters.
Two verified bidirectional integrations.
Direct APIs with documented inbound and outbound flows, scoped credentials, and manual fallbacks.
- Inbound
- Process trees, host telemetry, user identity, EDR alerts, file hashes.
- Outbound
- Investigation status (Case Closed / Resolved) and host tags for context enrichment.
- Scopes
- Read-only for telemetry; write scoped to specific host-tagging and metadata fields.
- Setup
- OAuth2 Client ID/Secret via a CrowdStrike API Client with Detection and Host scopes.
- Fallback
- Manual CSV upload of EDR detection logs.
- Privacy
- Data processed in memory for context; long-term storage follows SOCPilot retention policy.
- Logo
- Logo use approved. CrowdStrike Official Partner status pending Q3 2026.
- Inbound
- User authentication events, MFA challenges, device context, group memberships.
- Outbound
- Enrichment of the User entity inside SOCPilot investigation timelines.
- Scopes
- User.Read, Events.Read.All.
- Setup
- Okta API Token or OAuth2 application.
- Fallback
- Manual ingestion of Okta System Log exports.
- Privacy
- PII masking in Executive Brief output unless Full Transparency mode is enabled by a Tenant Admin.
- Logo
- Logo use approved.
Used as source records — not offered as standalone integrations.
These systems were verified as evidence sources during the Veridian Global Logistics pilot. They are not marketed as direct product integrations without a separate integration proof.
Used as an evidence source during Veridian Global Logistics pilot investigations. Not currently offered as a standalone SOCPilot product integration.
Used as an evidence source (AssumeRole events, control-plane activity) during VGL investigations. Not currently offered as a standalone SOCPilot product integration.
Used as an evidence source (session anomalies, new-IP context) during VGL investigations. Not currently offered as a standalone SOCPilot product integration.
Source: Veridian Global Logistics pilot, February 12 – May 30, 2026.
Generic categories, not direct integrations.
For systems outside the Live Direct API list above, SOCPilot ingests data via SDK, manual upload, or category adapters. No specific vendor is claimed as a direct integration without proof.
Category support via SDK or manual ingestion.
Live Direct API for CrowdStrike Falcon; other vendors via SDK or export.
Category support via SDK or manual ingestion.
Category support via SDK or manual ingestion.
Live Direct API for Okta; other IdPs via SDK or export.
Category support via SDK or manual ingestion of audit-log exports.
Category support via SDK or manual ingestion.
Category support via SDK or manual ingestion.
Category support via SDK or manual ingestion.
Category support via SDK or manual ingestion.
Build with our SDK — or scope a direct integration with us.
Tell us what you need to connect. We respond within one business day.