This table provides a list of platforms supported in Threat Detection Marketplace and the functions available for each platform.
Platform Name | Functions |
Anomali Security Analytics | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ✅ (cloud) Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Apache Kafka ksqlDB | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
ArcSight | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ✅ (cloud) Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
AWS Athena | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ✅ Preset: ❌ Custom Field Mapping: ✅ |
AWS OpenSearch | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ✅ (cloud) Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Coralogix | Detection Translation: ✅ Rule Page Deploy: ✅ (cloud) Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ✅ (cloud) Deploy Content Lists: ✅ (cloud) Filter: ✅ Preset: ✅ Custom Field Mapping: ✅ |
Cribl | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
CrowdStrike Endpoint Security | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ✅ (cloud) Quick Hunt: ✅ (cloud) Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
CrowdStrike Next-Gen SIEM | Detection Translation: ✅ Rule Page Deploy: ✅ (cloud) Rule Page Search: ❌ Quick Hunt: ✅ (cloud) Inventory: ✅ (cloud) Deploy Content Lists: ✅ (cloud) Filter: ✅ Preset: ✅ Custom Field Mapping: ✅ |
Devo | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Elastic Stack | Detection Translation: ✅ Rule Page Deploy: ✅ (cloud, on-prem available via TDM API Integration Tool) Rule Page Search: ✅ (cloud) Quick Hunt: ✅ (cloud) Inventory: ✅ (cloud) Deploy Content Lists: ✅ (cloud) Filter: ✅ Preset: ✅ Custom Field Mapping: ✅ |
Exabeam New-Scale | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
Falco | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
FireEye | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
FortiSIEM | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
Graylog | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ✅ Preset: ❌ Custom Field Mapping: ✅ |
Google SecOps | Detection Translation: ✅ Rule Page Deploy: ✅ (cloud) Rule Page Search: ❌ Quick Hunt: ✅ (cloud) Inventory: ✅ (cloud) Deploy Content Lists: ✅ (cloud) Filter: ✅ Preset: ✅ Custom Field Mapping: ✅ |
Hunters | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ✅ Preset: ❌ Custom Field Mapping: ✅ |
Level Blue USM | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
LimaCharlie | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ✅ (deploy via socprime add-on on the LimaCharlie marketplace) Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
LogPoint | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Microsoft Defender for Endpoint | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ✅ (cloud) Quick Hunt: ✅ (cloud) Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Microsoft PowerShell | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
Microsoft Sentinel | Detection Translation: ✅ Rule Page Deploy: ✅ (cloud) Rule Page Search: ❌ Quick Hunt: ✅ (cloud) Inventory: ✅ (cloud) Deploy Content Lists: ✅ (cloud) Filter: ✅ Preset: ✅ Custom Field Mapping: ✅ |
Palo Alto Cortex XDR | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
Palo Alto Cortex XSIAM | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
QRadar | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Qualys | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Regex Grep | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
RSA NetWitness | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Securonix | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Semgrep | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
SentinelOne | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Snowflake | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Splunk | Detection Translation: ✅ Rule Page Deploy: ✅ (cloud, on-prem available via SOC Prime CCM App for Splunk - Optimized) Rule Page Search: ✅ (cloud, on-prem) Quick Hunt: ✅ (cloud, on-prem) Inventory: ❌ Deploy Content Lists: ✅ (available via SOC Prime CCM App for Splunk - Optimized) Filter: ✅ Preset: ✅ Custom Field Mapping: ✅ |
Sumo Logic | Detection Translation: ✅ Rule Page Deploy: ✅ (cloud) Rule Page Search: ✅ (cloud) Quick Hunt: ✅ (cloud) Inventory: ✅ (cloud) Deploy Content Lists: ✅ (cloud) Filter: ✅ Preset: ✅ Custom Field Mapping: ✅ |
Sysmon | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |
Tanium | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
Trend Vision One | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ❌ Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ❌ |
VMware Carbon Black | Detection Translation: ✅ Rule Page Deploy: ❌ Rule Page Search: ❌ Quick Hunt: ✅ (cloud) Inventory: ❌ Deploy Content Lists: ❌ Filter: ❌ Preset: ❌ Custom Field Mapping: ✅ |