PocketSOC integrations for security platforms
PocketSOC connects to the security platforms SOC teams already run. Choose your vendor for setup details, supported actions, authentication notes, and a vendor-specific FAQ.
Supported security platforms
CrowdStrike Falcon →
Endpoint Detection and Response (EDR). PocketSOC connects to CrowdStrike Falcon through a customer-created OAuth2 API client.
Microsoft Defender for Endpoint →
Endpoint Detection and Response (EDR). PocketSOC connects to Microsoft Defender for Endpoint (MDE) through a tenant-scoped Azure app registration.
Microsoft Defender for Cloud →
Cloud Workload Protection (CWP). PocketSOC connects to Microsoft Defender for Cloud through an Azure app registration with appropriate RBAC.
AWS GuardDuty →
Cloud Threat Detection. PocketSOC connects to AWS GuardDuty using an IAM user with scoped read access.
Not seeing your platform?
Additional vendor integrations are on the roadmap. If your team uses a security platform that is not listed, let us know. Enterprise plans also support Splunk Enterprise Security via portal log forwarding — see pricing.