Connectors:
build your cyber shield

The openness of a solution is crucial to ensure augmented deployment of your cyber roadmap. With HarfangLab, you are free to build your SOC platform with the solutions that meet your technical requirements and context.

Choose the security capabilites you need to protect your information system, and easily correlate data from different sources.

Find out more about our connectors, and their benefits for cyber experts teams
Splunk

HarfangLab Security events, Threats and Audit Logs can be fetched and indexed in Splunk using the HarfangLab EDR Splunk App.

Provided by: HarfangLab
IBM QRadar

HarfangLab EDR can send the security events to an IBM QRadar SIEM for further alert correlation and aggregation. HarfangLab provides a DSM to parse HarfangLab’s security events.

Provided by: HarfangLab
Sekoia

HarfangLab EDR can send its security events, EDR telemetry and EDR logs to the Sekoia.io platform for Threat Intelligence for contextualization and correlation with other security events.

Provided by: HarfangLab
Thales

HarfangLab EDR can send its security events, EDR telemetry and EDR logs to Thales Cybels Analytics for Threat Intelligence contextualization and correlation with other security events.

Provided by: HarfangLab
Syslog

Security events, EDR telemetry and EDR logs can be transmitted using the Syslog protocol (TCP, UDP, TCP/TLS) to an external Syslog collector.

Provided by: HarfangLab
Oversoc

OverSOC provides a real-time comprehensive view of cybersecurity risks that everyone can see and understand. Gain transparent, clear, and practical insights you can use to take control of your information system.

Provided by: Oversoc
Cortex Xsoar

HarfangLab provides a rich set of XSOAR functions to manage the EDR and run advanced playbooks. The provided playbooks allow to automate the security event management and the Threat Intelligence management.

Provided by: HarfangLab
The Hive

HarfangLab provides a connector to send security events to TheHive, a scalable, open source and free Security Incident Response Platform, tightly integrated with MISP.

Provided by: HarfangLab
Cortex

30+ responders that allow security analysts to take actions on the EDR directly from TheHive alerts (isolate agent, start forensics collection jobs, retrieve forensics artifacts, search in telemetry…).

Provided by: HarfangLab
Mindflow

Mindflow’s no-code building platform is able to collect HarfangLab EDR’s security events and automate cybersecurity operations to empower analysts’ capacities.

Provided by: Mindflow
IBM QRadar

IBM Security QRadar SOAR connector allows to fetch security events from an HarfangLab EDR Manager and manage the incident response.

Provided by: HarfangLab
Shuffle

Open source SOAR with various connectors with communication tools, SIRP/Ticketing platforms, CTI platforms, SIEMs, Firewalls. Allows to automate any kind of operations through workflows.

Provided by: HarfangLab
Airbus

Airbus Prophecy’s SOAR can collect HarfangLab EDR’s security events and automate cyber operations through playbooks.

Provided by: Airbus
Misp

HarfangLab EDR is able to collect Threat Intelligence from a MISP Threat Intelligence platform. 

Provided by: HarfangLab
OpenCTI

The connector allows security events & threats to be sent to OpenCTI + YARA, Sigma rules and IOCs sent to HarfangLab (hash, IPv4, IPv6, DNS, URL).

Provided by: Filigran
Defants

Defants brings essential automation to assist investigations, with automatic scores standardized by MITRE ATT&CK framework, knowledge graph to explore and discover complex attack paths…

Provided by: Defants
Glimps

Binaries automatically collected by HarfangLab EDR can be transmitted to GLIMPS, that offers a unique Deep Learning technology designed to read and understand the elements that compose a binary.

Provided by: HarfangLab
Cape

Binaries automatically collected by HarfangLab EDR can be transmitted to a CAPE sandbox for dynamic behavioral analysis.

Provided by: HarfangLab
Virustotal

Hashes of runned binaries identified by HarfangLab EDR can be matched against VirusTotal database to identify known viruses.

Provided by: HarfangLab
Airbus

Binaries automatically collected by HarfangLab EDR can be transmitted to an Orion sandbox for static analysis through dozens of analyzers, antivirus analysis with 5 different antiviruses, and dynamic behavioral analysis.

Provided by: HarfangLab
Gatewatcher

Gatewatcher connector allows to provide system context information (endpoint information, process) associated to network security events.

Provided by: Gatewatcher
Thales

HarfangLab EDR can send its security events, EDR telemetry and EDR logs to Thales Cybels Sensor’s Operation Center for further Threat Intelligence enrichment and correlation with network security events.

Provided by: HarfangLab
Vectra

Allows to provide system context information (endpoint information, process) associated to network security events, and isolate compromised agents from Vectra user interface.

Provided by: Vectra
Open ID

HarfangLab EDR Manager supports the OpenID Connect protocol to authenticate users with a 3rd party identity provider.

Provided by: HarfangLab
Open LDAP

HarfangLab EDR’s Open LDAP connector allows to authenticate users from an Open LDAP central directory.

Provided by: HarfangLab
Azure

HarfangLab EDR’s Active Directory connector allows to authenticate users from an Active Directory, including Azure AD Domain Services’ Active Directory.

Provided by: HarfangLab
Google Auth

HarfangLab EDR can use Google Authenticator application for Multi-Factor authentication.

Provided by: HarfangLab
Microsoft Auth

HarfangLab EDR can use Microsoft Authenticator application for Multi-Factor authentication.

Provided by: HarfangLab
Okta

HarfangLab EDR can use an Okta LDAP interface to authenticate users.

Provided by: HarfangLab