Demisto Enterprise integrates with a growing list of dozens of products, including security products as well as collaboration and notification platforms. By integrating with Demisto Enterprise, partners enable their products with the industry’s first Bot-powered security ChatOps platform for automating playbooks and response tasks, and detecting duplicate incidents.
Become a Partner
Demisto is a 100% channel company with great benefits for partners. Also integrating with Demisto is easy for security product partners and often Demisto team will do the heavy lifting. Join our technology and channel partner network and help us help you.
Blockade brings antivirus-like capabilities to users who run the Chrome browser, blocking malicious resources from being viewed or loaded inside of the browser.
Carbon Black Defense
Next-generation antivirus + EDR in one cloud-delivered platform that stops range of malware and non-malware attacks.
Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
Check Point SandBlast
Demisto integrates with Check Point SandBlast to help prevent malware and zero-day attacks.
Check Point SandBlast Appliance
This integration allows you to query, upload and download data using Check Point Sandblast on a local gateway.
AMP continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.
Cloudlock is a cloud-native CASB that helps protect your cloud users, data, and apps.
Cisco Email Security
Demisto integrates with Cisco Email Security to protect against ransomware, business email compromise, spoofing, and phishing.
Cisco Threat Grid
Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
Cisco Umbrella Investigate
Cisco Umbrella Investigate provides a complete view of Internet domains, IP addresses, and systems to pinpoint attackers’ infrastructures and predict future threats.
Cyber and IT security technologies and solutions that protect organisations against advanced persistent threats, malicious adversaries and internal malpractice.
CrowdStrike Falcon Streaming
Demisto integrates with the Falcon Streaming API to provide a constant source of information for real-time threat detection and prevention.
Cysec Cyber Security
Cysec specializes in information security and data communication, providing integration and consulting for a range of technologies.
Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the open, deep, and dark web.
doIT solutions GmbH offers turnkey IT security and networking solutions and handle IT projects from the early stage to conception, implementation, and operation.
ICT services and solutions provider specialising in providing innovation and agility in security, risk management and governance.
Duo is a comprehensive security solution confirms the identity of users and health of their devices before they connect to your applications.
Endgame enables endpoint protection built to stop advanced attacks before damage and loss occurs.
Demisto integrates with Farsight Security to access real-time and historical Passive Domain Name System data.
Demisto integrates with Forcepoint CASB to provide visibility and control over sanctioned and unsanctioned cloud apps.
Have I Been Pwned?
Demisto integrates with Have I Been Pwned? to check whether emails or domains have been compromised in recent breaches.
Icebrg reduces risk by accelerating threat detection, triage, and response to rapidly-evolving breaches across global networks.
Demisto integrates with iDefense for contextual, timely, and actionable security intelligence.
IntSights delivers rapid, accurate cyberthreat intelligence and incident mitigation in real time.
Joe Security Sandbox
Demisto integrates with Joe Security Sandbox to automate detonation and malware analysis.
Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and remediate vulnerabilities faster.
Demisto integrates with Lastline Analyst for advanced malware isolation and inspection.
Demisto integrates with Keylight, an enterprise GRC platform with tools for managing risk and compliance.
McAfee Active Response
Demisto integrates with McAfee Active Response for comprehensive endpoint detection and response.
McAfee Advanced Threat Defense
Demisto integrates with McAfee Advanced Threat Defense for protection against stealthy, zero-day malware.
Demisto integrates with McAfee Database Activity Monitoring for real-time, reliable protection for business-critical databases.
Demisto integrates with McAfee ePolicy Administrator for unified policy management.
Demisto integrates with McAfee NSM for simple, centralized control for distributed network security appliances.
McAfee Threat Intelligence Exchange
Demisto integrates with McAfee Threat Intelligence Exchange to optimize threat detection and response.
McAfee Web Gateway
McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine.
Micro Focus (specifically, ArcSight) integrates with Demisto through its ESM SIEM and events logger, allowing seamless creation and updation of events.
Micro Focus Service Support Manager
Demisto integrates with Micro Focus Service Support Manager for automated IT Service Management.
Demisto integrates with the Malware Information Sharing Platform for threat information sharing.
This integration enables access of MX records, DNS, blacklists and SMTP diagnostics in one integrated tool.
Nessus is a vulnerability scanner for auditors and security analysts by Tenable Network Security.
Netsmart is a full-service information security company made up of an expert team of dedicated security specialists.
OpenPhish uses proprietary AI algorithms to automatically identify zero-day phishing sites and provide actionable, real-time threat intelligence.
Demisto integrates with OpsGenie for alerting and incident management for Dev and Ops teams.
The Metadefender multi-scanning engine uses 30+ anti-malware engines to scan files for threats, significantly increasing malware detection.
Palo Alto AutoFocus
Demisto integrates with AutoFocus for threat intelligence, analysis, and prevention workflows.
Palo Alto LightCyber Magna
Demisto’s integration with LightCyber empowers you to stop active attackers and malware operating inside your network.
Palo Alto Panorama
Demisto integrates with Palo Alto Panorama for network security and firewall management.
Palo Alto Wildfire
Automate data enrichment and analysis with Demisto’s playbooks and Palo Alto Networks’ WildFire.
Demisto integrates with VxStream Sandbox from Payload Security for fully automated malware analysis.
Performanta, the global purple tribe, delivering the bedrock of quality managed cyber security services and consulting to our customers, enabling them to do business safely.
Demisto playbooks use data collected by ProtectWise for hunting file, IP, domain and other indicators, enabling fast and accurate responses to incidents.
QRadar from IBM Security is an integrated analytics platform that streamlines critical capabilities into common workflows and helps increase analyst efficiency.
Demisto integrates with PassiveTotal from RiskIQ for threat infrastructure analysis from a variety of sources.
RSA and Demisto provide an evolved SIEM and threat defense offering to overcome SOCs’ biggest challenges through automation and response.
rSolutions is a leading cyber security firm strategically aligned with best of breed security vendors to assist clients in securing their enterprises.
Sayers provides customers with the right IT solutions, including cloud and virtualization, data center storage, security, mobility, and professional services.
Secdo’s automated incident response platform hunts threats in real time and delivers an endpoint detection and response solution.
Demisto integrates with SecureWorks to enable ticket management with Dell’s Counter Threat Operations Center.
Shodan is a search engine for Internet-connected devices integrated with Demisto for data enrichment.
SMSAM Systems Ltd.
Leading pan-African cybersecurity consultancy partnering with large financial services firms and businesses across other verticals.
Demisto integrates with Sumo Logic to provide a cloud-based service for logs and metrics management.
Demisto integrates with Symantec to provide ATP, Endpoint Protection, and Webpulse site review.
Symantec Endpoint Protection
Artificial intelligence fused with critical endpoint technologies deliver the most complete endpoint security on the planet.
Leverage the power of Symantec Managed Security Services for continual threat monitoring and 24×7 customized guidance.
tCell and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.
Demisto integrates with TCPIPUtils for comprehensive enrichment and reputation checks for domains, IPs, and providers.
Demisto’s integration with Threat Crowd enables report queries on a wide variety of indicators.
Demisto integrates with ThreatConnect to find threats, evaluate risk, and mitigate harm to your organization.
ThreatExchange by Facebook
Learn more about threats & make your systems safer with the ThreatExchange API by Facebook, within Demisto playbooks.
Demisto integrates with Trend Micro to help eliminate security gaps across any user activity and endpoint.
Vectra and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.
VMware vCenter Server
VMware vCenter Server is a centralized management application that lets you manage virtual machines and ESXi hosts centrally.
Zscaler Cloud Security
Zscaler is a cloud security solution built for performance and flexible scalability.
CrowdStrike Falcon Intel
Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Demisto playbooks.
Automatically enrich incident data with user risk score and complete session details from Exabeam and trigger responses to watchlist based on investigation.
Automatically check the threat intelligence of files and hashes with the Cylance Inifinity API.
Active Directory Query
Query active directory for user, computer and other objects in real time from Demisto’s automated playbooks.
Carbon Black Enterprise Response
Query and take action across your enterprise using Carbon Black Live Response from Demisto’s playbooks.
Use volatility to analyze memory dumps for infected systems as part of playbook automations or interactive ChatOps commands.
Automatically create incidents from the emails in a security mailbox. Custom parsers can trigger different types from same mailbox.
Send notifications to Slack (direct messages and channels) for new incidents, assigned incidents and assigned tasks from Demisto Enterprise.
Automatically enrich incidents with latest intelligence from Threat Central for IP address, URL and other indicators.
Navilogic is a dedicated team of experienced, certified professionals with deep knowledge of enterprise and IT programs, services and technologies.
Blue Turtle is one of South Africa’s leading enterprise technology management companies, focused on IT and Service Management solutions.
Import critical alerts from McAFee ESM as incidents into Demisto Enterprise and automate response actions.
Automatically whitelist and blacklist web URLs in Forcepoint Triton from within Demisto playbooks.
Enrich all the indicators related to an incident with the relevant whois information automatically.
Automatically send notification emails for task assignment, incident assignment or other actions from Demisto Enterprise.
Automatically update IOC blacklist and change firewall policy from Demisto Enterprise based on the incident investigation data.
Check for reputation of IP addresses, URL and files using IBM X-Force exchange database from automated playbooks and war-room.
Collect vulnerability data and initiate incidents upon discovery of major vulnerabilities in sensitive systems.
Use SSH and WMI to run actions on compromised endpoints via automated playbooks or from investigation war-room.
Carbon Black Enterprise Protection
Reduced risk and exposure by automating response to security incidents and using rich endpoint data from Carbon Black and automated playbooks from Demisto.
Crowdstrike Falcon Host
Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Demisto playbooks and from investigation war-room.
Search and run queries against Tanium server from playbooks or via ChatOps enabled war-room within Demisto Enterprise.
Splunk and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.
Zendesk Help Center
Integrated help with knowledge base articles available within the Demisto Enterprise product.
Analyze malware samples collected from endpoint and other security tools automatically using Fireeye.
Collect high severity alerts and run advanced queries against endpoints from Demisto server.
Check for reputation of IP addresses, URL and files using VirusTotal database from automated playbooks and war-room.
Create incidents from alarms in Logrhythm automatically and search for logs from within Demisto interface.
Run custom and pre-defined queries against your Elasticsearch instance to look for IOC, analyze logs or other tasks.
Active Directory Authentication
Query active directory for user and system details using different attributes like email, username, system name etc.