Plug in your stack. Every signal. Every action.

Compute, identity, network, data, and security primitives across every AWS region.

Resource Manager, Entra ID, Defender for Cloud, and Sentinel — bidirectional.

GCP projects, IAM, networking, BigQuery, and Chronicle SIEM telemetry.

OCI tenancies, compartments, and security zones managed alongside the rest of the fabric.

Droplets, Kubernetes, and managed databases for lighter-weight workloads.

Edge configuration, WAF rules, and DDoS posture continuously evaluated against policy.

Universal directory, MFA, and conditional access — fully observed and acted on.

AzureAD signals, conditional access, and PIM — bidirectional including identity revocation.

Directory, admin events, alerts, and DLP signals routed through Astute RAG.

Cross-platform directory with policy-driven access decisions surfaced in the Admin Workspace.

MFA telemetry, risk-based authentication, and device trust.

SSO and access management integrated into the cross-stack response layer.

CrowdStrike Falcon

Endpoint & EDR

Falcon EDR alerts feed into autonomous response; isolation actions go back through MAESTRO.

Defender for Endpoint, Identity, and Cloud — first-class telemetry across the suite.

Singularity XDR fused with the broader stack — endpoint actions trigger identity + cloud responses.

Sophos Central endpoint events correlated with identity and email signals.

Vision One telemetry and policy actions integrated through MAESTRO.

Device policy, configuration profiles, and Conditional Access actioned in real time.

Apple device management — inventory, configuration, and security state across the fleet.

Both source and sink — no double-bookkeeping. ES + SOAR fully integrated.

Sentinel workspaces ingest WIT OS findings and emit incidents back for cross-stack response.

Elastic Stack as both observability and SIEM — agents read and write rules.

Metrics, logs, and APM signals into Astute RAG; alerts back via MAESTRO playbooks.

APM, logs, and infra observability for EEOS experience reasoning.

Dashboards, alerting, and Loki/Mimir/Tempo telemetry under one connector.

Application errors and performance regressions surfaced into EEOS workflows.

Catalyst, Meraki, and Umbrella telemetry reasoned over by ENOS.

Palo Alto Networks

Network & Edge

Cortex XDR, Prisma Cloud, and NGFW signal orchestrated by ESOS for unified response.

FortiGate logs and policy actions correlated with the identity and cloud surfaces.

BIG-IP and Distributed Cloud telemetry — included in ENOS posture reasoning.

Kentik

Network & Edge

Flow data and traffic intelligence — the primary L3/L4 source feeding ENOS.

EOS switches and CloudVision — fabric state observed and acted on by ENOS agents.

Asset inventory and Nessus findings deduplicated against KEV and EPSS prioritization.

VMDR scans and policy compliance routed into the WIT ONE remediation workflow.

InsightVM and InsightIDR signals correlated with the rest of the SecOps fabric.

Cloud posture findings reconciled against ECOS and prioritized by attack-path reachability.

Application security findings — code, dependencies, containers, IaC.

Container and Kubernetes runtime security feeding into ESOS hunting workflows.

Bidirectional tickets, change requests, and approval workflows with the full ITSM lifecycle.

Issues, sprints, and approvals — every WIT OS action threadable back to a Jira ticket.

Linear issues and cycles for the engineering-first ITSM motion.

Customer-facing tickets coordinated with internal incident workflows.

Channel routing, threaded approvals, and verified comms playbooks.

Team-channel notifications, adaptive cards, and approval workflows.

Operator pager and verified-message delivery — used by the NHANCE agent fabric in production.

Schedules, escalation policies, and incident lifecycle — pages back into the Admin Workspace.

Atlassian Opsgenie alerts with on-call routing and escalation.

Abnormal AI

Email Security

Behavioral email signals enriching identity-based threat hunting in ESOS.

Email gateway findings and TAP/TRAP signals integrated into the response fabric.

Secure email gateway events fused with downstream endpoint and identity activity.

Org events, secret-scanning findings, branch protection — repo-level posture under one fabric.

Pipelines, audit events, and secrets management integrated into the response loop.

Image registries and scanned vulnerabilities visible to the Vuln Mgmt agent.

Cluster, namespace, and workload state reasoned over by ECOS.

IaC drift detection and approved-change pipelines wired into ECOS.

Secrets management and dynamic credentials brokered through MAESTRO.

CRM context routed into Adaptive Workspaces — every CSM/AE engagement narratively grounded.

Marketing/sales workflow signals available to revenue-focused workspaces.

Documents and team databases ingested into Astute RAG with citations preserved.

Document workflow events and DLP signals fused with the rest of the SaaS posture.

File-event telemetry plus content classification surfaced to the security fabric.

Ops-team databases connected through MAESTRO for low-code workflow extensions.

HRIS events that feed identity lifecycle automation — joiners, movers, leavers.