Demisto Enterprise integrates with an ever-growing list of products, from SIEMs and endpoint tools to threat intelligence platforms and non-security products. By integrating with Demisto Enterprise, your products can leverage the industry’s leading Security Orchestration, Automation, and Response (SOAR) platform to standardize, scale, and accelerate incident response.
Integrate with Demisto
Build and list your own technical product integration on Demisto!
Click below for more details.
Become a Channel Partner
Demisto integrates with AbuseIPDB, an IP address blacklist for webmasters and sysadmins to report,identify or check IP addresses that have been associated with malicious activity online.
Demisto integrates with iDefense’s vulnerability intelligence of 1,000+ technology vendors, malware tools and techniques, IOCs, target organizations, threat actors, etc.
Query active directory for user and system details using different attributes like email, username, system name etc.
Query active directory for user, computer and other objects in real time from Demisto’s automated playbooks.
Demisto integrates with Aella Data for AI-driven breach detection and investigation.
Demisto integrates with AlgoSec BusinessFlow, Firewall Analyzer, and FireFlow.
Demisto integrates with AlienVault OTX to enable data enrichment and IOC hunting.
Demisto integrates with AlienVault USM Anywhere to search and monitor events from AlienVault USM Anywhere.
Demisto integrates with AlphaSOC for DNS and IP threat intelligence orchestration.
Demisto integrates with Amazon Alexa Rank Indicator for threat intelligence.
Desmisto integrates with Amazon CloudWatch Logs for management of log files from Amazon EC2 instances, AWS CloudTrail, Route 53, and other sources.
Demisto integrates with EC2 for orchestration of compute capacity tasks.
Demisto integrates with Amazon GuardDuty for threat detection andf monitoring.
Demisto integrates with Amazon Route 53 for orchestration of cloud DNS management tasks.
Demisto integrates with Amazon SQS for orchestration of SQS messages and events.
Demisto integrates with Anomali ThreatStream for forensics and malware analysis.
Demisto integrates with AnyRun for orchestration of malware analysis investigation.
Demisto integrates with Apache ActiveMQ for orchestration of authentication and messaging incidents.
Demisto integrates with ARIA SDS to accelerate incident response by automating cyber-attack containment at the conversation level, and provide protection against future attacks.
Demisto integrates with Confluence Server to streamline and automate management of the Confluence spaces and content.
Demisto integrates with Jira to streamline management of Jira tickets.
Demisto integrates with AttackIQ, an attack simulation platform, for vulnerability management orchestration.
Demisto integrates with Attivo Networks ThreatDefend platform to provide in-network threat deception for post-compromise threat detection.
Demisto integrates with Awake Security for automated network detection and response.
Demisto integrates with AWS Athena for orchestration of Athena queries as part of cloud security operations and incident response.
Demisto integrates with AWS CloudTrail for tracking user activity and API iusage.
Demisto integrates with AWS IAM for orchestration of identity and access management tasks
Demisto integrates with AWS Lambda for orchestration of Lambda functions as part of cloud security operations and incident response.
Demisto integrates with AWS S3 for orchestration of cloud security response and IT tasks.
Demisto’s machine learning phishing email classifier is available on the Amazon Sagemaker marketplace.
Demisto integrates with AWS Security Hub for bidirectional management of finding from Security Hub or other security products.
Demisto integrates with Amazon SQS for orchestration of SQS tasks as part of security operations and incident response.
Demisto integrates with Request Tracker to orchestrate incident response ticketing.
This integration enables automated password management and account control from within Demisto.
Demisto integrates with BitDam for email gateway security orchestration.
Blockade brings antivirus-like capabilities to users who run the Chrome browser, blocking malicious resources from being viewed or loaded inside of the browser.
Demisto integrates with BlueCat for automated IP data enrichment and access management.
A professional development environment that provides a foundation for Business Service Management (BSM) solutions.
Demisto integrates with RemedyOnDemand for ticket management.
Demisto integrates with Box to manage Box users.
The Demisto integration with C2SEC enables the orchestration of domain management and automated retrieval of information about leaked credentials, encryption, network and application related vulnerabilities.
Next-generation antivirus + EDR in one cloud-delivered platform that stops range of malware and non-malware attacks.
Reduced risk and exposure by automating response to security incidents and using rich endpoint data from Carbon Black and automated playbooks from Demisto.
Query and take action across your enterprise using Carbon Black Live Response from Demisto’s playbooks.
Demisto integrates with CB Live Response to collect information and take action on remote endpoints in real time.
Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
Demisto integrates with Centreon for orchestration of IT and network monitoring.
Automatically update IOC blacklist and change firewall policy from Demisto Enterprise based on incident investigation data.
Demisto integrates with Check Point SandBlast to help prevent malware and zero-day attacks.
This integration allows you to query, upload and download data using Check Point Sandblast on a local gateway.
This integration automates URL checking for suspicious behavior.
Demisto integrates with Cherwell for orchestration of cloud-based IT service management tasks.
Demisto integrates with CIRCL for DNS and SSL certificate information inquiry orchestration.
AMP continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.
Cloudlock is a cloud-native CASB that helps protect your cloud users, data, and apps.
Demisto integrates with Cisco Email Security to protect against ransomware, business email compromise, spoofing, and phishing.
Demisto integrates with Cisco ISE to streamline and orchestrate networked device management.
Demisto integrates with Cisco Meraki for device and firewall management.
Demisto integrates with messaging platform Cisco Spark for user and team management.
Demisto integrates with Cisco Stealthwatch Cloud for cloud asset management.
Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
Cisco Umbrella Investigate provides a complete view of Internet domains, IP addresses, and systems to pinpoint attackers’ infrastructures and predict future threats.
Demisto integrates with Cisco Webex for orchestration of video conferencing administrative tasks.
Demisto integrates with Cofense for automated Phishing threat analysis and incident remediation.
Collect alerts from Confer and create incidents inside of Demisto Enterprise.
Demisto integrates with CounterTack for orchestrartion of endpoint security incident response.
Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Demisto playbooks and from investigation war-room.
Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Demisto playbooks.
Demisto integrates with Falcon Sandbox to orchestrate fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.
Demisto integrates with the Falcon Streaming API to provide a constant source of information for real-time threat detection and prevention.
Analyze malware using the open source Cuckoo sandbox via automated playbooks.
Demisto integrates with CVE Search for vulnerability management.
Demisto partners with Cyber Triage for practical endpoint response.
Demisto integrates with CyberArk Application Identity Manager for accounts and credentials.
This integration enables search for connections and processes on Cybereason.
Demisto integrates with Cylance INFINITY for orchestration of threat intelligence analysis .
Demisto integrates with Cylance Protect for orchestration of endpoint security incident response and endpoint enrichment.
Demisto integrates with Cloaken for automated unshortening of URLs onsite while maintaining opsec.
Demisto integrated with Dell Secureworks for automation of ticketing and case management tasks.
Demisto integrates with Devo for orchestration of real-time operations analytics.
Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the open, deep, and dark web.
Demisto integrates with Dnstwist for automation of phishing incident response and remediation.
Query cyber threat intelligence data about domains, IP and URLs from DomainTools.
Duo is a comprehensive security solution confirms the identity of users and health of their devices before they connect to your applications.
EasyVista Service Manager manages the entire process of designing, managing and delivering IT services.
Demisto integrates with EclecticIQ for automation of reputation queries and threat intel incident response.
Run custom and pre-defined queries against your Elasticsearch instance to look for IOC, analyze logs or other tasks.
Endgame enables endpoint protection built to stop advanced attacks before damage and loss occurs.
Demisto integrates with EWS for orchestration of EWS operations.
Demisto integrates with EWS for orchestration of EWS operations.
Automatically enrich incident data with user risk score and complete session details from Exabeam and trigger responses to watchlist based on investigation.
Demisto integrates with ExtraHop for automated network detection and response.
Demisto integrates with F5 for firewall policy management.
Demisto integrates with ThreatExchange for automated ingestion, enrichment and querying of threat intelligence about applications, IP addresses, URLs and hashes.
Demisto integrates with Farsight Security to access real-time and historical Passive Domain Name System data.
Demisto integrates with Fidelis Elevate to automate detection and response to network threats and data leakage.
Analyze malware samples collected from endpoint and other security tools automatically using Fireeye.
Demisto integrates with FireEye AX to orchestrate malware analysis including automating file detonation, report ingestion and data enrichment.
Demisto integrates with FireEye ETP for email security orchestration.
Demisto integrates with FireEye Helix for automated security operations and incident response.
Demisto integrates with FireEye HX for faster endpoint threat prevention and response.
Demisto integrates with FireEye iSight for threat intelligence.
Demisto integrates with Forcepoint CASB to provide visibility and control over sanctioned and unsanctioned cloud apps.
Demisto integrates with Forecepoint for cloud access security orchestration.
Demisto integrates with Forecepoint for web security orchestration.
Demisto integrates with Forescout for orchestration of device management for IT and OT security.
Demisto integrates with Fortinet for orchestration of Fortigate firewall and policy administration.
Demisto integrates with Fortinet for automated ingestion, searching, and update of FortiSIEM events and management of resource lists.
Demisto integrates with Freshdesk for orchestration of ticketing and case management tasks.
Demisto’s integration with Giphy enables the display of gifs in Demisto’s war room.
This integration enables the execution of GitHub commands from within Demisto.
Demisto integrates with both GSuite and Admin API for authentication and messaging.
Demisto’s integration with Google enables automated or manual querying of BigQuery within Demisto.
This integration enables automated or manual querying of Google Cloud Storage’s file storage web service within Demisto.
Demisto integrates with Google Docs to enable automation of document creation, querying and updating.
This integration enables orchestration of Google cloud encryption key management tasks.
Demisto’s integration enables Google Resource Manager commands to be executed automatically or manually within Demisto.
Demisto’s integration with Google Safe Browsing enables URL reputation checks within Demisto.
Demisto’s integration with Google Safe Browsing enables URL reputation checks within Demisto.
Demisto integrates with GRR to enable Rapid Response framework for investigations.
Demisto integrates with GuardiCore to provide data center breach detection.
Demisto integrates with EnCase to request scans of specific endpoints.
Demisto’s integration enables HashiCorp Vault commands to manage secrets and protect sensitive data to be executed from Demisto.
Demisto integrates with Have I Been Pwned? to check whether emails or domains have been compromised in recent breaches.
Demisto integrates with Hybrid Analysis for orchestration of automated malware analysis and incident response.
IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console.
Demisto integrates with IBM Resilient Systems for orchestration of ticketing and case management tasks.
Check for reputation of IP addresses, URL and files using IBM X-Force exchange database from automated playbooks and war-room.
Icebrg reduces risk by accelerating threat detection, triage, and response to rapidly-evolving breaches across global networks.
Demisto integrates with iDefense for contextual, timely, and actionable security intelligence.
Demisto integrates with Incapsula to manage sites and IPs.
Demisto’s integration with InfoArmor enables automation and orchestration of threat intel tasks such as gathering leak information, vulnerable host data and updating watchlists.
Demisto integrates with Intezer Analyze for malware detection and analysis.
IntSights delivers rapid, accurate cyberthreat intelligence and incident mitigation in real time.
Demisto integrates with the ipinfo.io API to get data about an IP address.
The integration with IPStack and IPStack Docker automation of IP to geolocation mapping.
Demisto integrates with IronNet for the orchestration of network traffic analysis (NTA) incident response.
Collaborative web service that provides validation on whether a URL is a phishing page.
Demisto integrates with Jamf for comprehensive device management.
Demisto integrates with JASK for automated security operations and incident response
Demisto integrates with Jira for ticket management.
Demisto integrates with Joe Security Sandbox to automate detonation and malware analysis.
This integration enables automated data enrichment for domains and IP addresses.
Kafka is an open-source distributed streaming platform.
Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and remediate vulnerabilities faster.
Check Android app samples against the Koodous API using this integration.
Demisto integrates with Lastline Analyst for advanced malware isolation and inspection.
Demisto integrates with Keylight, an enterprise GRC platform with tools for managing risk and compliance.
Create incidents from alarms in Logrhythm automatically and search for logs from within Demisto interface.
Demisto’s integration with LogRhythm Rest enables automation of host creation and updates and query execution.
The Demisto-Looker integration provides the ability to query, save and run looks, and fetch look results as incidents.
Demisto integrates with Luminate to automate cloud compliance enforcement and incident response.
Automatically create incidents from the emails in a security mailbox. Custom parsers can trigger different types from same mailbox.
Automatically send notification emails for task assignment, incident assignment or other actions from Demisto Enterprise.
Analyze files using the Malwr sandbox using this integration.
This integration enables the automation of Matermost messaging tasks within Demisto.
Demisto integrates with MaxMind for automation of IP enrichment.
Demisto integrates with McAfee Active Response for comprehensive endpoint detection and response.
Demisto integrates with McAfee Advanced Threat Defense for protection against stealthy, zero-day malware.
Demisto integrates with McAfee Database Activity Monitoring for real-time, reliable protection for business-critical databases.
Demisto integrates with McAfee DXL for secure, fast messaging across security and allied apps.
Demisto integrates with McAfee ePolicy Administrator for unified policy management.
Import critical alerts from McAFee ESM as incidents into Demisto Enterprise and automate response actions.
Demisto integrates with McAfee NSM for simple, centralized control for distributed network security appliances.
Demisto integrates with McAfee Threat Intelligence Exchange to optimize threat detection and response.
McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine.
Micro Focus (specifically, ArcSight) integrates with Demisto through its ESM SIEM and events logger, allowing seamless creation and updation of events.
Demisto integrates with Micro Focus Service Support Manager for automated IT Service Management.
This integration with Azure Compute enables the orchestration tasks related to creating and managing Azure Virtual Machines.
This integration with Azure Security Center enables orchestration of Azure Security Center tasks from within Demisto.
This integration enables the orchestration of Microsoft Defender ATP alerts and data within Demisto for streamlining and automating incident response.
This integration with Exchange 2016 Compliance Search enables the initiation of a compliance search, removal of compliance search or checking of status and results of compliance searches.
This integration enables the creation and managing of different types of groups and group functionality form within Demisto.
This integration with Microsoft Graph API enables orchestration of Microsoft Graph Mail tasks such as searching emails, deleting emails and investigating attachments.
This integration enables authorized access to a user’s Outlook mail data in a person or organization account.
This integration with Microsoft Graph API enables orchestration of Microsoft Graph User tasks such as creating, deleting and updating user permissions.
This integration enables queries to the MSSQL server.
This integration mirrors investigations between Demisto and Teams, and enables teams to send messages and notifications for new incidents, assigned incidents and tasks from Demisto Enterprise.
Demisto integrates with Mimecast for unified email management.
Demisto integrates with Minerva Anti-Evasion Platform to orchestrate endpoint security incident response.
Demisto integrates with MISP for automated threat intelligence incident response such as automated file and IP reputation checking, enriching and managing MISP events.
Moloch is a large scale, open source, full packet capturing, indexing, and database system.
This integration enables access of MX records, DNS, blacklists and SMTP diagnostics in one integrated tool.
Run SQL queries for gathering rich information against any MySQL database.
Nessus is a vulnerability scanner for auditors and security analysts by Tenable Network Security.
This integration enables the automation of Netcraft open and takedown requests from within Demisto.
Demisto integrates with Netskope for orchestration of cloud security incident response.
Demisto integrates with nmap to run scans with the given parameters.
Demisto integrates with Okta’s cloud based identity management service.
OpenPhish uses proprietary AI algorithms to automatically identify zero-day phishing sites and provide actionable, real-time threat intelligence.
Demisto integrates with OpsGenie for alerting and incident management for Dev and Ops teams.
The Metadefender multi-scanning engine uses 30+ anti-malware engines to scan files for threats, significantly increasing malware detection.
Collect rich forensics data from Mac OSX endpoints using the Demisto Enterprise and OSXCollector integration.
This integration with Packetmail enables automation of intel lookups for IP addresses.
Demisto integrates with Packetsled for automated network visibility and packet captures.
Get user on call or trigger pagerduty alerts from Demisto Enterprise.
Demisto integrates with AutoFocus for threat intelligence, analysis, and prevention workflows.
Demisto integrates with Cortex for automated data visibility, enrichment and incident response.
Demisto integrates with Cortex for automated data visibility, enrichment and incident response.
This integration enables the automated execution of PAN-OS EDL management tasks within Demisto.
Demisto integrates with Palo Alto Panorama for network security and firewall management.
Description: Demisto integrates with Traps for endpoint protection and automated incident response to stop threats on endpoints and coordinate enforcement across network and cloud security.
Automate data enrichment and analysis with Demisto’s playbooks and Palo Alto Networks’ WildFire.
Demisto integrates with VxStream Sandbox from Payload Security for fully automated malware analysis.
Demisto integrates with Perception Point for email security incident response orchestration and quarantined email management.
Demisto integrates with Perch for automated threat detection and response.
Demisto integrates with Phish.AI for automated threat intelligence for more effective phishing response.
This integration enables live IOC feeds from PhishLabs for automated enrichment of indicators.
This integrations enables live feeds of IOC data.
Demisto integrates with PhishTank to check URL reputation.
Automatically search for people details based on various attributes like email.
Demisto integrates with PolySwarm for automated data enrichment leveraging PolySwarm’s real-time, crowd-sourced threat intelligence.
This integration allows users to query the PostgreSQL database.
Demisto integrates with Preempt Behavioral Firewall for detection and enforcement based on user identity.
Demisto partners with Prisma Cloud for automated cloud threat compliance and response.
This integration enables the ingestion and orchestration of TAP incidents within Demisto.
This integration enables the orchestration of Threat Response enforcement actions within Demisto.
Demisto playbooks use data collected by ProtectWise for hunting file, IP, domain and other indicators, enabling fast and accurate responses to incidents.
QRadar from IBM Security is an integrated analytics platform that streamlines critical capabilities into common workflows and helps increase analyst efficiency.
Demisto integrates with Qualys for network security and vulnerability management.
Collect vulnerability data and initiate incidents upon discovery of major vulnerabilities in sensitive systems.
Centralize threat intelligence across sources in real-time and respond at machine speed.
This integration enables the orchestration of RedCanary endpoint data management actions within Demisto.
Conduct memory analysis using Rekall with real-time interactive ChatOps.
Use SSH and WMI to run actions on compromised endpoints via automated playbooks or from investigation war-room.
This integration enables automated file reputation data ingestion and A1000 actions.
This integration enables the automated retrieval of malware presence status from ReversingLabs.
Demisto integrates with PassiveTotal from RiskIQ for threat infrastructure analysis from a variety of sources.
Demisto integrates with Archer for policy management.
RSA and Demisto provide an evolved SIEM and threat defense offering to overcome SOCs’ biggest challenges through automation and response.
This integration enables the use of S/MIME (Secure Multipurpose Internet Mail Extensions) in sending and receiving secure MIME data.
Demisto integrates with SafeBreach for orchestration of attack simulation and response.
Demisto integrates with Salesforce CRM Services for object management.
Single sign-on support for any SAML 2.0 supported provider.
Demisto integrates with SCADAFence for auomated industrial network protection.
Demisto integrates with SecureWorks to enable ticket management with Dell’s Counter Threat Operations Center.
This integration enables the automation of security coaching and awareness communications.
Collect high severity alerts and run advanced queries against endpoints from Demisto server.
Create and update tickets from Demisto playbooks automatically.
Shodan is a search engine for Internet-connected devices integrated with Demisto for data enrichment.
Demisto integrates with Skyformation for orchestration of cloud application security.
Send notifications to Slack (direct messages and channels) for new incidents, assigned incidents and assigned tasks from Demisto Enterprise.
This integration enables users to fully automate the phishing incident response process such as the analysis of suspicious URLs.
Demisto integrates with SNDBOX for automated AI-driven malware analysis and response.
Splunk and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.
Demisto integrates with Sumo Logic to provide a cloud-based service for logs and metrics management.
Demisto integrates with Symantec to provide ATP, Endpoint Protection, and Webpulse site review.
Artificial intelligence fused with critical endpoint technologies deliver the most complete endpoint security on the planet.
Symantec Messaging Gateway protects against spam, malware, and targeted attacks through email encryption and advanced content filtering.
Leverage the power of Symantec Managed Security Services for continual threat monitoring and 24×7 customized guidance.
Demisto integrates with Symantec Site Review (Blue Coat) for integrated URL analysis.
Search and run queries against Tanium server from playbooks or via ChatOps enabled war-room within Demisto Enterprise.
tCell and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.
Demisto integrates with TCPIPUtils for comprehensive enrichment and reputation checks for domains, IPs, and providers.
Demisto integrates with Tenable.io, Tenable.sc and Nessus for vulnerability management orchestration.
This integration enables the automated ingestion of Canary events and IP queries for incident response.
Automatically enrich incidents with latest intelligence from Threat Central for IP address, URL and other indicators.
Demisto’s integration with Threat Crowd enables report queries on a wide variety of indicators.
Demisto integrates with ThreatConnect to find threats, evaluate risk, and mitigate harm to your organization.
This integration enables the automated retrieval of domain, IP and file data from ThreatMiner.
Demisto integrates with ThreatQ, a threat intelligence platform that collects and interprets intelligence data from open sources, for orchestration and automation of incident data enrichment.
Demisto integrates with ThreatX for automated web security enforcement and incident response.
Demisto integrates with Trend Micro to help eliminate security gaps across any user activity and endpoint.
TruSTAR’s threat intelligence platform enriches every stage of the security operations workflow from the trusted and relevant data sources.
Demisto integrates with Tufin SecureTrack for automated security policy management.
Twilio is a cloud communication platform for building messages applications at scale.
Demisto integrates with Uptycs for orchestration of endpoint system and security analytics as part of incident response.
Demisto integrates with URLHaus for ingestion of enriched data on malicious URLs for malware distribution.
Demisto integrates with urlscan.io to help scan websites for reputation.
Vectra and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.
Demisto integrates with Venafi for key management and certificate management actions.
This integration allows users to manage Verodin simulations and topology.
Check for reputation of IP addresses, URL and files using VirusTotal database from automated playbooks and war-room.
Demisto integrates with VMRay for agentless threat analysis and detection.
VMware vCenter Server is a centralized management application that lets you manage virtual machines and ESXi hosts centrally.
Use volatility to analyze memory dumps for infected systems as part of playbook automations or interactive ChatOps commands.
Demisto integrates with VulnDB for the latest vulnerabilities in end user software and third party libraries.
Demisto integrates with What’sMyBrowser to automate the parsing of user agents and determine if they are malicious as well as enrich information about the agent.
Enrich all the indicators related to an incident with the relevant whois information automatically.
Integrated help with knowledge base articles available within the Demisto Enterprise product.
Demisto integrates with ZeroFOX for orchestration of social media and digital platform threat detection and investigation.
This integration enables the automation of Zoom user and meeting management from within Demisto.
Zscaler is a cloud security solution built for performance and flexible scalability.