Integrations

Connect Your Stack

Name: OpenSOAR
Author: OpenSOAR

OpenSOAR ships with a focused built-in integration set today and a Python-first extension path for the rest of your stack.

5 built-in integrations Python extension path for everything else External directories and webhooks supported

Built-in today

Elastic Security

Webhook ingestion and detection workflow

VirusTotal

File, domain, and URL enrichment

AbuseIPDB

IP reputation lookups

Slack

Notifications and escalation messaging

SMTP-style notifications

Common external systems

Splunk

Enterprise security analytics

Microsoft Sentinel

Cloud-native SIEM

QRadar

IBM threat detection

EDR/XDR

CrowdStrike Falcon

Endpoint detection & response

SentinelOne

Autonomous endpoint protection

Microsoft Defender

XDR across endpoints & cloud

Carbon Black

VMware endpoint security

Cloud Security

AWS GuardDuty

AWS threat detection

Azure Security Center

Azure workload protection

GCP Security Command Center

Google Cloud security

Threat Intelligence

VirusTotal

File & URL analysis

AbuseIPDB

IP reputation lookups

OTX (AlienVault)

Open threat exchange

MISP

Threat intelligence sharing

Email Security

Proofpoint

Email threat protection

Mimecast

Email security gateway

Microsoft Defender for Office 365

Office 365 protection

Network

Suricata

Network IDS/IPS

Zeek

Network traffic analysis

Palo Alto

Next-gen firewall

Fortinet

Network security platform

Identity

Okta

Identity & access management

Azure AD

Microsoft identity platform

CrowdStrike Identity

Identity threat detection

Ticketing & Communication

Jira

Issue tracking & workflows

ServiceNow

IT service management

Slack

Team messaging & alerts

Microsoft Teams

Collaboration & notifications

PagerDuty

Incident management & on-call

Monitoring & Observability

Datadog

Infrastructure and application monitoring

Grafana

Dashboards and alerting

Prometheus

Metrics and alerting

New Relic

Full-stack observability

Cloud Platforms

AWS

EC2, Lambda, CloudWatch, S3

Google Cloud

GKE, Cloud Functions, Cloud Monitoring

Azure

VMs, Functions, Monitor, Key Vault

DevOps & CI/CD

GitHub

Actions, Issues, Webhooks

GitLab

Pipelines, Issues, Webhooks

Terraform

Infrastructure state and drift

Kubernetes

Pod health, scaling, rollbacks

Custom

Webhooks

HTTP callback integrations

REST API

Connect any HTTP API

Syslog

Standard log forwarding

Python SDK

Build custom integrations

Build your own integrations

Any tool with an API can be integrated into OpenSOAR in a few lines of Python. Built-ins are discovered automatically, and external connector directories can be loaded alongside them. Import any library, call any endpoint, parse any response format.

custom_integration.py

from opensoar.integrations.base import IntegrationBase

class MyTool(IntegrationBase):
    async def lookup(self, indicator):
        resp = await self.http.get(
            f"https://api.mytool.com/v1/{indicator}"
        )
        return resp.json()

View core repo Playbook docs

All integrations are open source. Contribute new ones or customize existing ones for your environment.

Browse on GitHub Learn about playbooks

One command. No credit card.

Apache 2.0 licensed. Self-host on your infrastructure. No feature gates, no per-action billing, no vendor lock-in. Your playbooks are yours.

$curl -fsSL https://opensoar.app/install.sh | sh

GitHub