Triago
Sign inStart free
ProductWorkflowsIntegrationsSecurityCustomersPricingDocsSign inStart free
Integrations

Plug into your stack.
No agents to deploy.

120+ deep, bidirectional connectors. OAuth-first, idempotent, semantically-mapped. Bring your SIEM, EDR, IdP, cloud, and ticketing — Triago figures out the rest.

SIEM & data lakes

Splunk

Search, alerts, SOAR handoff

Microsoft Sentinel

KQL, incidents, watchlists

Elastic SIEM

Search, signals, cases

Chronicle

UDM search, detections

Sumo Logic

Search, signals

Panther

Detections, lookups

EDR / XDR

CrowdStrike Falcon

RTR, detections, contain

SentinelOne

Storyline, contain

Microsoft Defender

Hunting, isolate

Palo Alto Cortex

XDR, response

Trellix

Endpoints, hunting

Sophos

Detections, contain

Identity & SSO

Okta

Sessions, users, MFA

Azure AD / Entra

Sign-ins, conditional access

Google Workspace

Users, drives, logs

OneLogin

Sessions, users

Duo

MFA, push

WorkOS

SSO/SCIM brokerage

Cloud

AWS

GuardDuty, IAM, CloudTrail

Azure

Defender, Activity logs

GCP

SCC, Cloud Audit

Cloudflare

Zero Trust, WAF, logs

Snowflake

Audit, lineage

Kubernetes

Falco, audit logs

Ticketing & comms

Jira

Tickets, transitions

ServiceNow

SIRs, CMDB

Linear

Issues, projects

Slack

Notify, approve, query

Microsoft Teams

Notify, approve

PagerDuty

Page on escalation

Threat intel

Recorded Future

Risk, IOCs

Mandiant

Actor, malware

VirusTotal

File, URL, IP

GreyNoise

IP context

Shodan

Exposure

MISP

Custom feeds

Don't see yours?

We ship new connectors in days.

Triago's connector framework is open. Forward-deployed engineering will scope, build, and certify a new integration on a typical 5-day turn.

Request a connector