Demisto

Demisto Enterprise integrates with an ever-growing list of partners, from SIEMs and endpoint tools to threat intelligence platforms and non-security products. By integrating with Demisto Enterprise, partner products can leverage the industry’s first bot-powered security operations platform to standardize, scale, and accelerate incident response.

Become a Partner

Demisto is a 100% channel-friendly company with great benefits and robust joint go-to-market strategies for partners, VARs, and resellers. Start the process to become a technology or channel partner below.

active directory logo

Active Directory Query

Query active directory for user, computer and other objects in real time from Demisto’s automated playbooks.

algosec logo

AlgoSec

Demisto integrates with AlgoSec BusinessFlow, Firewall Analyzer, and FireFlow.

AlienVault

Demisto integrates with AlienVault OTX to enable data enrichment and IOC hunting.

Amazon AWS Logo

Amazon SQS

Demisto integrates with Amazon SQS for orchestration of SQS tasks as part of security operations and incident response.

Anomali

Demisto integrates with Anomali ThreatStream for forensics and malware analysis.

Amazon AWS Logo

AWS S3

Demisto integrates with AWS S3 for orchestration of cloud security response and IT tasks.

Blockade

Blockade

Blockade brings antivirus-like capabilities to users who run the Chrome browser, blocking malicious resources from being viewed or loaded inside of the browser.

BMC Remedy AR System

A professional development environment that provides a foundation for Business Service Management (BSM) solutions.

Box

Demisto integrates with Box to manage Box users.

carbonblack live response logo

Carbon Black Defense

Next-generation antivirus + EDR in one cloud-delivered platform that stops range of malware and non-malware attacks.

carbonblack live response logo

Carbon Black Enterprise Protection

Reduced risk and exposure by automating response to security incidents and using rich endpoint data from Carbon Black and automated playbooks from Demisto.

Censys

Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.

Centreon

Demisto integrates with Centreon for orchestration of IT and network monitoring.

cisco logo

Cisco AMP

AMP continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.

cisco cloudlock logo

Cisco CloudLock

Cloudlock is a cloud-native CASB that helps protect your cloud users, data, and apps.

cisco logo

Cisco Email Security

Demisto integrates with Cisco Email Security to protect against ransomware, business email compromise, spoofing, and phishing.

cisco meraki logo

Cisco Meraki

Demisto integrates with Cisco Meraki for device and firewall management.

cisco spark logo

Cisco Spark

Demisto integrates with messaging platform Cisco Spark for user and team management.

cisco logo

Cisco Threat Grid

Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.

cisco umbrella investigate

Cisco Umbrella Investigate

Cisco Umbrella Investigate provides a complete view of Internet domains, IP addresses, and systems to pinpoint attackers’ infrastructures and predict future threats.

Cofense logo

Cofense

Demisto integrates with Cofense for human-vetted, phishing-specific threat intelligence.

confer logo

Confer

Collect alerts from Confer and create incidents inside of Demisto Enterprise.

Crowdstrike Falcon Host

Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Demisto playbooks and from investigation war-room.

CrowdStrike Falcon Intel

Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Demisto playbooks.

CrowdStrike Falcon Streaming

Demisto integrates with the Falcon Streaming API to provide a constant source of information for real-time threat detection and prevention.

cuckoo sandbox logo

Cuckoo

Analyze malware using the open source Cuckoo sandbox via automated playbooks.

cve logo

CVE Search

Demisto integrates with CVE Search for vulnerability management.

cyberark logo

CyberArk

Demisto integrates with CyberArk Application Identity Manager for accounts and credentials.

Cybereason

This integration enables search for connections and processes on Cybereason.

cylance logo

Cylance

Automatically check the threat intelligence of files and hashes with the Cylance Inifinity API.

Digital-Shadows logo

Digital Shadows

Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the open, deep, and dark web.

DomainTools

Query cyber threat intelligence data about domains, IP and URLs from DomainTools.

DUO-Logo

Duo

Duo is a comprehensive security solution confirms the identity of users and health of their devices before they connect to your applications.

Elastic Logo

Elasticsearch

Run custom and pre-defined queries against your Elasticsearch instance to look for IOC, analyze logs or other tasks.

endgame logo

Endgame

Endgame enables endpoint protection built to stop advanced attacks before damage and loss occurs.

microsoft logo

EWS

Search and delete malicious email using EWS API from within Demisto playbooks.

Exabeam

Automatically enrich incident data with user risk score and complete session details from Exabeam and trigger responses to watchlist based on investigation.

F5 Networks

Demisto integrates with F5 for firewall policy management.

Farsight Security

Demisto integrates with Farsight Security to access real-time and historical Passive Domain Name System data.

FireEye

Analyze malware samples collected from endpoint and other security tools automatically using Fireeye.

FireEye HX

Demisto integrates with FireEye HX for faster endpoint threat prevention and response.

Forcepoint

Forcepoint CASB

Demisto integrates with Forcepoint CASB to provide visibility and control over sanctioned and unsanctioned cloud apps.

Forcepoint

Forcepoint Triton

Automatically whitelist and blacklist web URLs in Forcepoint Triton from within Demisto playbooks.

giphy logo

Giphy

Demisto integrates with Giphy for displaying GIFs in the War Room to enhance discussions.

google apps logo

Google Apps

Demisto integrates with both GSuite and Admin API for authentication and messaging.

grr logo

GRR

Demisto integrates with GRR to enable Rapid Response framework for investigations.

GuardiCore logo

GuardiCore

Demisto integrates with GuardiCore to provide data center breach detection.

haveibeenpwned logo

Have I Been Pwned?

Demisto integrates with Have I Been Pwned? to check whether emails or domains have been compromised in recent breaches.

IBM-XFE

IBM XFE

Check for reputation of IP addresses, URL and files using IBM X-Force exchange database from automated playbooks and war-room.

icebrg logo

Icebrg

Icebrg reduces risk by accelerating threat detection, triage, and response to rapidly-evolving breaches across global networks.

iDefense logo

iDefense

Demisto integrates with iDefense for contextual, timely, and actionable security intelligence.

Imperva

Demisto integrates with Incapsula to manage sites and IPs.

Intezer Analyze

Demisto integrates with Intezer Analyze for malware detection and analysis.

Intsights

IntSights delivers rapid, accurate cyberthreat intelligence and incident mitigation in real time.

ipinfo logo

ipinfo

Demisto integrates with the ipinfo.io API to get data about an IP address.

IsItPhishing logo

IsItPhishing

Collaborative web service that provides validation on whether a URL is a phishing page.

Jamf

Demisto integrates with Jamf for comprehensive device management.

kafka logo

Kafka

Kafka is an open-source distributed streaming platform.

kenna logo

Kenna

Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and remediate vulnerabilities faster.

Koodous

Check Android app samples against the Koodous API using this integration.

lastline logo

Lastline Analyst

Demisto integrates with Lastline Analyst for advanced malware isolation and inspection.

Lockpath logo

Lockpath

Demisto integrates with Keylight, an enterprise GRC platform with tools for managing risk and compliance.

Logrithm Logo

LogRythm

Create incidents from alarms in Logrhythm automatically and search for logs from within Demisto interface.

mail-listener

Mail Listener

Automatically create incidents from the emails in a security mailbox. Custom parsers can trigger different types from same mailbox.

mail-sender

Mail Sender

Automatically send notification emails for task assignment, incident assignment or other actions from Demisto Enterprise.

Malwr

Analyze files using the Malwr sandbox using this integration.

McAfee DAM

Demisto integrates with McAfee Database Activity Monitoring for real-time, reliable protection for business-critical databases.

McAfee DXL

Demisto integrates with McAfee DXL for secure, fast messaging across security and allied apps.

McAfee ePO

Demisto integrates with McAfee ePolicy Administrator for unified policy management.

McAfee ESM

Import critical alerts from McAFee ESM as incidents into Demisto Enterprise and automate response actions.

McAfee NSM

Demisto integrates with McAfee NSM for simple, centralized control for distributed network security appliances.

McAfee Web Gateway

McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine.

micro focus logo

Micro Focus

Micro Focus (specifically, ArcSight) integrates with Demisto through its ESM SIEM and events logger, allowing seamless creation and updation of events.

mimecast logo

Mimecast

Demisto integrates with Mimecast for unified email management.

misp logo

MISP

Demisto integrates with the Malware Information Sharing Platform for threat information sharing.

moloch logo

Moloch

Moloch is a large scale, open source, full packet capturing, indexing, and database system.

MXToolBox

MXToolBox

This integration enables access of MX records, DNS, blacklists and SMTP diagnostics in one integrated tool.

MySQL

Run SQL queries for gathering rich information against any MySQL database.

Nessus

Nessus is a vulnerability scanner for auditors and security analysts by Tenable Network Security.

Netskope

Demisto integrates with Netskope for orchestration of cloud security incident response.

nmap logo

nmap

Demisto integrates with nmap to run scans with the given parameters.

Okta logo

Okta

Demisto integrates with Okta’s cloud based identity management service.

openphish logo

OpenPhish

OpenPhish uses proprietary AI algorithms to automatically identify zero-day phishing sites and provide actionable, real-time threat intelligence.

opsgenie logo

OpsGenie

Demisto integrates with OpsGenie for alerting and incident management for Dev and Ops teams.

OPSWAT Metadefender

The Metadefender multi-scanning engine uses 30+ anti-malware engines to scan files for threats, significantly increasing malware detection.

osxcollector logo

OSXCollector

Collect rich forensics data from Mac OSX endpoints using the Demisto Enterprise and OSXCollector integration.

packetsled logo

Packetsled

Demisto integrates with Packetsled for automated network visibility and packet captures.

pagerduty logo

PagerDuty

Get user on call or trigger pagerduty alerts from Demisto Enterprise.

Palo Alto Networks Logo

Palo Alto AutoFocus

Demisto integrates with AutoFocus for threat intelligence, analysis, and prevention workflows.

Palo Alto Networks Logo

Palo Alto LightCyber Magna

Demisto’s integration with LightCyber empowers you to stop active attackers and malware operating inside your network.

Palo Alto Networks Logo

Palo Alto Panorama

Demisto integrates with Palo Alto Panorama for network security and firewall management.

Palo Alto Networks Logo

Palo Alto Wildfire

Automate data enrichment and analysis with Demisto’s playbooks and Palo Alto Networks’ WildFire.

payload security logo

Payload Security

Demisto integrates with VxStream Sandbox from Payload Security for fully automated malware analysis.

phish ai logo

Phish.AI PhishProtect

Demisto integrates with Phish.AI for automated threat intelligence for more effective phishing response.

phishtank logo

PhishTank

Demisto integrates with PhishTank to check URL reputation.

pipl logo

Pipl

Automatically search for people details based on various attributes like email.

postgre sql logo

PostgreSQL

This integration allows users to query the PostgreSQL database.

ProtectWise

Demisto playbooks use data collected by ProtectWise for hunting file, IP, domain and other indicators, enabling fast and accurate responses to incidents.

qradar logo

QRadar

QRadar from IBM Security is an integrated analytics platform that streamlines critical capabilities into common workflows and helps increase analyst efficiency.

Qualys

Demisto integrates with Qualys for network security and vulnerability management.

Rapid7 Nexpose

Collect vulnerability data and initiate incidents upon discovery of major vulnerabilities in sensitive systems.

Recorded Future

Centralize threat intelligence across sources in real-time and respond at machine speed.

rekall logo

Rekall

Conduct memory analysis using Rekall with real-time interactive ChatOps.

RemoteAccess

Use SSH and WMI to run actions on compromised endpoints via automated playbooks or from investigation war-room.

riskiq logo

RiskIQ PassiveTotal

Demisto integrates with PassiveTotal from RiskIQ for threat infrastructure analysis from a variety of sources.

rsa logo

RSA Archer

Demisto integrates with Archer for policy management.

rsa logo

RSA NetWitness

RSA and Demisto provide an evolved SIEM and threat defense offering to overcome SOCs’ biggest challenges through automation and response.

SafeBreach

Demisto integrates with SafeBreach for orchestration of attack simulation and response.

Salesforce

Demisto integrates with Salesforce CRM Services for object management.

saml logo

SAML

Single sign-on support for any SAML 2.0 supported provider.

secdo logo

Secdo

Secdo’s automated incident response platform hunts threats in real time and delivers an endpoint detection and response solution.

securecontrols logo

Secure Controls

SecureControls makes IT Security more effective, easier, and more efficient.

secureworks logo

SecureWorks

Demisto integrates with SecureWorks to enable ticket management with Dell’s Counter Threat Operations Center.

SentinelOne

Collect high severity alerts and run advanced queries against endpoints from Demisto server.

ServiceNow Logo

ServiceNow

Create and update tickets from Demisto playbooks automatically.

shodan logo

Shodan

Shodan is a search engine for Internet-connected devices integrated with Demisto for data enrichment.

Skyformation logo

Skyformation

Demisto integrates with Skyformation for orchestration of cloud application security.

slack logo

Slack

Send notifications to Slack (direct messages and channels) for new incidents, assigned incidents and assigned tasks from Demisto Enterprise.

splunk logo

Splunk

Splunk and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.

Sumo Logic

Demisto integrates with Sumo Logic to provide a cloud-based service for logs and metrics management.

Symantec Logo

Symantec

Demisto integrates with Symantec to provide ATP, Endpoint Protection, and Webpulse site review.

Symantec Logo

Symantec Endpoint Protection

Artificial intelligence fused with critical endpoint technologies deliver the most complete endpoint security on the planet.

Symantec Logo

Symantec Messaging Gateway

Symantec Messaging Gateway protects against spam, malware, and targeted attacks through email encryption and advanced content filtering.

Symantec Logo

Symantec MSS

Leverage the power of Symantec Managed Security Services for continual threat monitoring and 24×7 customized guidance.

Tanium

Search and run queries against Tanium server from playbooks or via ChatOps enabled war-room within Demisto Enterprise.

tcell logo

tCell

tCell and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.

tcpiputils logo

TCPIPUtils

Demisto integrates with TCPIPUtils for comprehensive enrichment and reputation checks for domains, IPs, and providers.

micro focus logo

Threat Central

Automatically enrich incidents with latest intelligence from Threat Central for IP address, URL and other indicators.

Threat Crowd Logo

Threat Crowd

Demisto’s integration with Threat Crowd enables report queries on a wide variety of indicators.

ThreatConnect

Demisto integrates with ThreatConnect to find threats, evaluate risk, and mitigate harm to your organization.

ThreatExchange by Facebook

Learn more about threats & make your systems safer with the ThreatExchange API by Facebook, within Demisto playbooks.

tren micro logo

Trend Micro

Demisto integrates with Trend Micro to help eliminate security gaps across any user activity and endpoint.

twilio logo

Twilio

Twilio is a cloud communication platform for building messages applications at scale.

urlscan logo

urlscan.io

Demisto integrates with urlscan.io to help scan websites for reputation.

vectra logo

Vectra

Vectra and Demisto have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.

venafi logo

Venafi

Demisto integrates with Venafi for key management and certificate management actions.

verodin logo

Verodin

This integration allows users to manage Verodin simulations and topology.

Virus Total

Check for reputation of IP addresses, URL and files using VirusTotal database from automated playbooks and war-room.

VMRay

Demisto integrates with VMRay for agentless threat analysis and detection.

vmware logo

VMware vCenter Server

VMware vCenter Server is a centralized management application that lets you manage virtual machines and ESXi hosts centrally.

volatility foundation

Volatility

Use volatility to analyze memory dumps for infected systems as part of playbook automations or interactive ChatOps commands.

whois logo

Whois

Enrich all the indicators related to an incident with the relevant whois information automatically.

Zendesk Logo

Zendesk Help Center

Integrated help with knowledge base articles available within the Demisto Enterprise product.