Elastic integrations

Stream in logs, metrics, traces, content, and more from your apps, endpoints, infrastructure, cloud, network, workplace tools, and every other common source in your ecosystem. Send alerts to your notification tool of choice. Connect to all the systems that matter with ease.

icon-magnifying-glass

.NET
1Password
Abuse.ch Malware & URL Threat Intel
ActiveMQ
Aerospike
Airflow
Akamai
AlienVault Open Threat Exchange (OTX)
Amazon CloudFront
Amazon CloudWatch
Amazon DynamoDB
Amazon EBS
Amazon EC2
Amazon EMR
Amazon GuardDuty
Amazon Kinesis Data Firehose
Amazon RDS
Amazon Redshift
Amazon S3
Amazon S3 Storage Lens
Amazon Security Lake
Amazon SNS
Amazon SQS
Amazon VPC
Amazon VPC NAT Gateway
Anomali ThreatStream
Apache
Apache Spark
Apache Tomcat
Arista Firewall
Atlassian Confluence
Atlassian Jira
auditd
Auditd Manager
AWS
AWS API Gateway
AWS Billing
AWS CloudTrail
AWS ECS
AWS Elastic Load Balancing
AWS Fargate
AWS Inspector
AWS Lambda
AWS Network Firewall
AWS Security Hub
AWS Transit Gateway
AWS Usage
AWS VPN
AWS WAF
Azure
Azure Activity Logs
Azure App Service
Azure Application Gateway
Azure Application Insights
Azure Application State Insights
Azure Audit Logs
Azure Billing
Azure Blob Storage
Azure Container Instance
Azure Container Registry
Azure Container Service
Azure Database Account
Azure Event Hub
Azure Firewall
Azure Front Door
Azure Functions
Azure Monitor
Azure Platform
Azure Spring Cloud
Azure Storage Account
Azure VM
Azure VM Scale Sets
Azure WAF
Barracuda CloudGen Firewall
Barracuda WAF
Beats
Bitbucket
BitDefender
Bitwarden
Box
Box Events
Bravura Monitor
Cassandra
Ceph
Check Point Firewall
CISA Known Exploited Vulnerabilities
Cisco Aironet
Cisco ASA
Cisco Duo
Cisco Firepower Threat Defense
Cisco Identity Services Engine (ISE)
Cisco IOS
Cisco Meraki
Cisco Nexus
Cisco Secure Email Gateway
Cisco Secure Endpoint
Cisco Umbrella
Citrix ADC
Citrix Web Application Firewall
Cloud Foundry
Cloudflare
CockroachDB
collectd
Collective Intelligence Framework
Common Event Format (CEF)
Confluence Cloud
Confluence Data Center
Confluence Server
Consul
CoreDNS
Couchbase
CouchDB
Cribl
CrowdStrike Falcon
CrowdStrike Falcon Intelligence
Custom Windows event logs
Customized Connector
CyberArk Privileged Access Security
CyberArk Privileged Threat Analytics
Cybersixgill
Darktrace
Data Exfiltration Detection
Docker
Dropbox
Dropbox Paper
Dropwizard
EclecticIQ
Elastic Agent
Elastic APM Server
Elastic App Search
Elasticsearch
Email
Endpoint Security
Envoy
ESET Protect
ESET Threat Intelligence
etcd
F5 BIG-IP
F5 BIG-IP Access Policy Manager
Fargate
File Integrity Monitoring
FireEye Network Security
Fleet Server
Fluentd
Forcepoint
Forcepoint Web Security
ForgeRock
Fortinet Forticlient Endpoint Protection
Fortinet FortiEDR
Fortinet Fortigate
Fortinet FortiMail
Fortinet FortiManager
GCP Metrics Input
GitHub
Gmail
Go
Go Expvar
Google Cloud
Google Cloud Anthos
Google Cloud Audit
Google Cloud Billing
Google Cloud Compute
Google Cloud Dataproc
Google Cloud DNS
Google Cloud Firestore
Google Cloud Firewall
Google Cloud Functions
Google Cloud GKE
Google Cloud Load Balancing
Google Cloud Pub/Sub
Google Cloud Redis
Google Cloud Stackdriver
Google Cloud Storage
Google Cloud VPC
Google CloudSQL Metrics
Google Drive
Google Santa
Google Security Command Center
Google Workspace
Graphite
HA-Proxy
Hadoop
Hashicorp Vault
HTTP
HTTP Check
IBM MQ
IBM Resilient
IBM Websphere
Icinga
ICMP Check
IIS
Imperva Cloud WAF
Imperva WAF
InfluxDB
Infoblox BloxOne DDI
Infoblox NIOS
iptables
Istio
Jaeger
Jamf Compliance Reporter
Jamf Protect
Java
JavaScript
JDBC
Jira Cloud
JIRA Data Center
Jira Server
JMS
JMX Jolokia
journald
JumpCloud
Juniper SRX Series
Kafka
Keycloak
Kibana
Kubernetes
Kubernetes API Server
Kubernetes Controller Manager
Kubernetes Events
Kubernetes Metrics Service
Kubernetes Proxy
Kubernetes Scheduler
kvm
LastPass
Linux
Linux Audit Framework
Linux systemd journals
Log files (Generic)
Logstash
LotL Attack Detection
Lumos
Lyve Cloud
Maltiverse
Malware Information Sharing Platform (MISP)
Mandiant Advantage
Memcached
Menlo Security
Microsoft 365 (Office 365) & OneDrive
Microsoft 365 Defender
Microsoft Defender for Cloud
Microsoft Defender for Endpoint
Microsoft DHCP Server
Microsoft Entra ID
Microsoft Exchange Message Trace
Microsoft Exchange Server
Microsoft Graph Activity
Microsoft OneDrive
Microsoft Outlook
Microsoft SQL Server
Microsoft Teams
Mimecast
ModSecurity
MongoDB
MQTT
Munin
MySQL
Nagios XI
NATS
NATS Streaming
NetFlow
Netscout Arbor Sightline
Netskope
Network Drive & File Systems
Network Packet Capture
NGINX
NGINX Ingress Controller
Node.js
Notion
Okta
OpenCTI
OpenMetrics
OpenTelemetry
OpenTracing
OpsGenie
Oracle
Oracle Weblogic
Osquery Log Collection
Osquery Manager
PagerDuty
Palo Alto Cortex XDR
Palo Alto Networks
Palo Alto Prisma Cloud
Pensando
pfSense
PHP
PHP FPM
Ping Identity PingOne
Pleasant Password Server
PostgreSQL
PowerShell
Prebuilt Security Detection Rules
Prometheus
Prometheus Input
Proofpoint Targeted Attack Protection (TAP)
Python
QNAP NAS
Qualys VMDR
RabbitMQ
Radware DefensePro
Rapid7 InsightVM
Rapid7 Threat Command
Recorded Future
Redis
Redis Enterprise
Ruby
Salesforce
Salesforce Sandboxes
SentinelOne
SentinelOne Cloud Funnel
ServiceNow ITOM
ServiceNow ITSM
ServiceNow SecOps
SharePoint Online
SharePoint Server
Slack
SNMP
Snort
Snyk
Sonicwall Firewall
Sophos Central
Sophos UTM
Sophos XG Firewall
Spring Boot
SQL
SQL Input
StatsD
Suricata
Swimlane SOAR
Symantec Endpoint Protection
syslog
Sysmon
Sysmon for Linux
System
System Audit
Tanium
TCP Check
Tenable Security Center
Tenable Vulnerability Management
ThreatConnect
ThreatQuotient
Thycotic Secret Server
Tines
Tomcat NetWitness Logs
Torq
Traefik
Trellix EDR Cloud
Trellix ePO
Trend Micro Deep Security
Trend Vision One
Twitter
Universal Profiling
uWSGI
Vectra Detect
VMware Carbon Black Cloud
VMware Carbon Black EDR
vSphere
Web Crawler
Webhook
Windows
Wiz
X.509 SSL/TLS Certificate Check
xMatters
Zeek (Bro)
Zero Networks
ZeroFox
ZooKeeper
Zoom
Zscaler Internet Access
Zscaler Private Access