Integrations

Connect Your Stack

OpenSOAR connects to the tools your team already uses — security, monitoring, ticketing, communication, and any API.

45 integrations 12 categories 100% open source

SIEMs

4 integrations
E
Elastic Security
Log management & detection
S
Splunk
Enterprise security analytics
M
Microsoft Sentinel
Cloud-native SIEM
Q
QRadar
IBM threat detection

EDR/XDR

4 integrations
C
CrowdStrike Falcon
Endpoint detection & response
S
SentinelOne
Autonomous endpoint protection
M
Microsoft Defender
XDR across endpoints & cloud
C
Carbon Black
VMware endpoint security

Cloud Security

3 integrations
A
AWS GuardDuty
AWS threat detection
A
Azure Security Center
Azure workload protection
G
GCP Security Command Center
Google Cloud security

Threat Intelligence

4 integrations
V
VirusTotal
File & URL analysis
A
AbuseIPDB
IP reputation lookups
O
OTX (AlienVault)
Open threat exchange
M
MISP
Threat intelligence sharing

Email Security

3 integrations
P
Proofpoint
Email threat protection
M
Mimecast
Email security gateway
M
Microsoft Defender for Office 365
Office 365 protection

Network

4 integrations
S
Suricata
Network IDS/IPS
Z
Zeek
Network traffic analysis
P
Palo Alto
Next-gen firewall
F
Fortinet
Network security platform

Identity

3 integrations
O
Okta
Identity & access management
A
Azure AD
Microsoft identity platform
C
CrowdStrike Identity
Identity threat detection

Ticketing & Communication

5 integrations
J
Jira
Issue tracking & workflows
S
ServiceNow
IT service management
S
Slack
Team messaging & alerts
M
Microsoft Teams
Collaboration & notifications
P
PagerDuty
Incident management & on-call

Monitoring & Observability

4 integrations
D
Datadog
Infrastructure and application monitoring
G
Grafana
Dashboards and alerting
P
Prometheus
Metrics and alerting
N
New Relic
Full-stack observability

Cloud Platforms

3 integrations
A
AWS
EC2, Lambda, CloudWatch, S3
G
Google Cloud
GKE, Cloud Functions, Cloud Monitoring
A
Azure
VMs, Functions, Monitor, Key Vault

DevOps & CI/CD

4 integrations
G
GitHub
Actions, Issues, Webhooks
G
GitLab
Pipelines, Issues, Webhooks
T
Terraform
Infrastructure state and drift
K
Kubernetes
Pod health, scaling, rollbacks

Custom

4 integrations
W
Webhooks
HTTP callback integrations
R
REST API
Connect any HTTP API
S
Syslog
Standard log forwarding
P
Python SDK
Build custom integrations

Build Your Own Integrations

Any tool with an API can be integrated into OpenSOAR in a few lines of Python. Integrations are standard Python classes — import any library, call any endpoint, parse any response format. No vendor SDK required, no sandbox limitations.

custom_integration.py 
from opensoar.integrations import Integration

class MyTool(Integration):
    async def lookup(self, indicator):
        resp = await self.http.get(
            f"https://api.mytool.com/v1/{indicator}"
        )
        return resp.json()

All integrations are open source. Contribute new ones or customize existing ones for your environment.

Browse on GitHub Learn about playbooks

One command. No credit card.

Apache 2.0 licensed. Self-host on your infrastructure. No feature gates, no per-action billing, no vendor lock-in. Your playbooks are yours.

$curl -fsSL https://opensoar.app/install.sh | sh
GitHub