Integrations

Rampart connects to your existing security stack. Threat intel feeds, SIEM exports, cloud platforms, and more.

Threat Intelligence Feeds

CISA AIS

Real-time Automated Indicator Sharing from the Cybersecurity and Infrastructure Security Agency.

Recorded Future

Intelligence-driven threat data, vulnerability analytics, and threat actor insights.

Mandiant Intelligence

Threat research from Google Cloud's Mandiant division. APT profiles, malware analysis, and campaign tracking.

MITRE ATT&CK

Framework for mapping adversary techniques and tactics. Updated continuously with real-world observations.

Open-Source Feeds

AbuseCH, Phishtank, OpenPhish, URLhaus, and community-contributed threat data.

Custom Feeds

Integrate your own threat intelligence from internal SOC reports, partner organizations, or industry consortiums.

SIEM & Observability Platforms

Splunk

Send Rampart alerts to Splunk Enterprise for correlation with your SIEM data.

Elasticsearch / ELK

Stream raw detections to Elasticsearch for visualization and historical analysis.

Datadog

Integrate Rampart alerts into Datadog dashboards and monitors.

New Relic

Alert enrichment and incident tracking via New Relic's observability platform.

Sentinel

Send detections to Microsoft Azure Sentinel for SIEM aggregation.

Sumo Logic

Stream normalized alerts to Sumo Logic for cross-platform correlation.

Cloud & Infrastructure

AWS

  • VPC Flow Logs ingestion
  • CloudTrail integration
  • GuardDuty correlation
  • S3 event logging

Google Cloud

  • Cloud Logging integration
  • Cloud Armor signals
  • VPC Flow logs
  • Workspace audit logs

Microsoft Azure

  • Azure Activity Logs
  • Azure Firewall logs
  • Defender integration
  • Entra ID audit logs

Incident Response & Ticketing

PagerDuty

Automatic incident creation and escalation for high-severity threats.

Slack

Real-time alert notifications with rich formatting and incident context.

Jira

Create issues automatically for security incidents and track remediation.

Linear

Streamlined issue tracking integrated with your engineering workflow.

Webhooks

Custom HTTP webhooks for any third-party system or internal tools.

REST API

Full-featured API for building custom integrations and workflows.

Building Custom Integrations

REST API

Full-featured REST API with authentication, rate limiting, and comprehensive documentation.

  • ✓ Query alerts & detections
  • ✓ Create & manage cases
  • ✓ Integration webhooks
  • ✓ Audit log export

Webhooks

Real-time event streaming to your systems for low-latency automation.

  • ✓ Detection events
  • ✓ Case state changes
  • ✓ Threat intel updates
  • ✓ Configurable routing

Need a custom integration?

Contact our integrations team to discuss building connectors for your stack.