How Integrations Work
When you connect an integration, Wirespeed automatically:- Syncs your data — We pull user directories, endpoint inventories, and detection history to build context about your environment
- Ingests detections — Security alerts flow into Wirespeed in real-time from your detection platforms
- Enriches and triages — Each detection is automatically enriched with context and triaged using our verdict system
- Takes action — Based on your configured verdicts, Wirespeed can contain threats, notify users via chat ops, or escalate to your team
All integrations use secure OAuth or API tokens. We request only the permissions necessary to deliver our service and never store credentials in plain text.
Integration Categories
Detection Sources
EDR, XDR, and SIEM platforms that generate security alerts
User Directories
Identity providers that define your users and their attributes
Endpoint Management
MDM and endpoint platforms that inventory your devices
Communication
Chat and messaging platforms for user verification
Ticketing
Ticket systems for case management and escalation
Enrichment
Threat intelligence and data enrichment services
Detection Sources
Detection sources are the foundation of Wirespeed. These integrations provide the security alerts that Wirespeed automatically triages and responds to. Connect your EDR, XDR, identity protection, or SIEM platform to get started.AWS
CloudTrail and GuardDuty security events
Check Point Harmony
Unified endpoint and email security
CrowdStrike Falcon
Endpoint detection and incident response
Darktrace
AI-powered network detection and response
Google Alert Center
Google Workspace security alerts
Google Security Center
Google Cloud security findings
Jamf Protect
Mac-focused endpoint security
Microsoft 365
Defender for Endpoint, Entra ID Protection, Sentinel, and more
Mimecast
Email security and threat protection
Okta
Identity threat detection
Orca Security
Cloud security posture and workload protection
SafeBreach
Breach and attack simulation
SentinelOne
Autonomous endpoint protection platform
Thinkst Canary
Honeypot-based intrusion detection
Vectra
Network detection and response
Wordfence
WordPress security and firewall
User Directories
User directories help Wirespeed understand your organization. We sync users, groups, roles, and managers to enrich detections with context and enable features like VIP protection, chat ops escalation, and user containment.Cisco Duo
Multi-factor authentication directory
Google Workspace
Google directory and sign-in logs
Microsoft 365
Entra ID (Azure AD) directory sync
Okta
Universal directory and SSO
Endpoint Management
Endpoint management integrations provide device inventory and health data. Wirespeed uses this information to identify high-value assets, correlate detections with device context, and enable endpoint containment actions.CrowdStrike Falcon
Host management and isolation
Jamf Pro
Apple device management
Kandji
Modern Apple MDM
ManageEngine
AD audit and endpoint monitoring
Microsoft Intune
Cloud-based endpoint management
SentinelOne
Endpoint inventory and containment
Communication
Communication integrations enable Chat Ops—Wirespeed’s ability to verify suspicious activity directly with your users. When a detection requires user verification, we reach out through your existing communication channels.Email-based user notification
Microsoft Teams
In-app chat ops experience
Slack
Direct message users for verification
SMS verification is available as an add-on to any communication integration for enhanced identity verification. Learn more about SMS Chat Ops.
Ticketing
Ticketing integrations sync Wirespeed cases with your existing ticket management system. Cases and detections can automatically create tickets, and updates flow bidirectionally.ConnectWise PSA
Professional services automation
Jira Cloud
Atlassian’s cloud-hosted Jira
Jira Data Center
Self-hosted Jira deployment
Enrichment
Enrichment integrations provide additional context and threat intelligence to enhance detection triage. These services help identify known-bad indicators and provide reputation data.Have I Been Pwned
Credential breach detection
IPinfo
IP address geolocation and ASN data
Reversing Labs
File reputation and malware analysis
Log Forwarding
For platforms without native integrations, Wirespeed supports standard log forwarding protocols and network-based telemetry sources. These allow you to send security events from any source, including firewalls, network devices, and log aggregation platforms.1Password
Password manager audit and sign-in events
Bitwarden
Organization events and user activity
Box
Cloud content management events
Cisco Meraki
Cloud-managed network security
Cisco Umbrella
DNS-layer security
Fortinet FortiAnalyzer
Centralized log and analytics
Fortinet FortiGate
Next-gen firewall security events
Generic JSON
Webhook-based JSON ingestion
Generic Syslog
CEF and standard syslog formats
HYAS Protect
Adversary infrastructure intelligence
Microsoft On-Prem AD
On-premises Active Directory
Microsoft Sign-In Logs
Standalone Entra ID sign-in data
Windows Event Logs
Windows event forwarding
Getting Started
Ready to connect your first integration? Here’s the recommended order:Connect a User Directory
Start with Microsoft 365, Google Workspace, or Okta to import your users and organizational structure.
Add a Detection Source
Connect your primary security platform—Microsoft Defender, CrowdStrike, or SentinelOne are great starting points.
Enable Communication
Set up Slack or Microsoft Teams to enable Chat Ops for user verification.
Configure Containment
Review your containment settings to enable automated threat response.
Need help setting up an integration? Use the Chat button in the Wirespeed platform to talk directly with our engineers, or email [email protected].