● TLP:GREEN · DISTRIBUTABLEvault security · ops console v8.4

OPS / 01 · integrations · the catalogRead-only

Integrations · 6 families · 30+ native

The integrations that matter, natively maintained.

Vault sits between your stack and your SIEM/SOAR. Every integration below is built and supported by the Vault engineering team — not a marketplace listing. Six families, all native, all bi-directional where it makes sense.

OPS / 02 · legendRead-only

● Native

● Beta

● Webhook

Native = built + maintained by Vault engineering · Beta = in private beta with named customers · Webhook = supported via documented event stream

OPS / 03 · family · cloudRead-only

AWS

All services · CloudTrail / Config / GuardDuty native ingest

Native

GCP

Full coverage including Anthos · Cloud Audit Logs

Native

Azure

ARM + Defender for Cloud · Sentinel bidirectional

Native

Oracle Cloud

OCI integration in private beta · GA Q3 2026

Beta

OPS / 04 · family · siem · logRead-only

Splunk Enterprise

OTLP streaming + saved-search reciprocal

Native

Datadog

Logs + traces + metrics · two-way

Native

Microsoft Sentinel

Bi-directional alert + IoC sync

Native

Sumo Logic

Native log streaming · OTLP

Native

Elastic Security

ECS-mapped event ingest

Native

Chronicle (Google)

UDM-mapped streaming

Native

OPS / 05 · family · ticketing · soarRead-only

Jira

Findings → tickets, status sync, custom fields

Native

ServiceNow

ITSM + SecOps · CMDB sync

Native

Tines

Story webhook + back-channel

Native

Torq

Workflow trigger + result post-back

Native

Cortex XSOAR

Bi-directional incident sync

Native

OPS / 06 · family · iam · directoryRead-only

Okta

SSO + SCIM + OIN published

Native

Microsoft Entra ID

SSO + group sync + Conditional Access posture

Native

Google Workspace

SSO + directory provisioning

Native

Auth0

OIDC SSO

Native

Ping Identity

SAML SSO + SCIM

Native

OPS / 07 · family · endpoint · networkRead-only

CrowdStrike Falcon

Detection + response signal ingest

Native

SentinelOne

Threat ingest + isolation playbook

Native

Microsoft Defender

MDE alert ingest + response

Native

Palo Alto · Cortex

Network telemetry + isolation

Native

Zscaler

ZIA + ZPA log streaming

Native

Tenable

Vulnerability finding ingest + reconcile

Native

OPS / 08 · family · open protocolRead-only

OpenTelemetry

Native exporter · OTLP HTTP + gRPC

Native

STIX 2.1 / TAXII

Threat-intel publish + consume

Native

OCSF (Open Cybersecurity Schema)

Native schema · we contribute

Native

Webhooks

180+ event types · signed payloads

Native

OPS / 09 · missing your tool?Read-only

Not in the catalog? Tell us.

We build native integrations every quarter, prioritized by customer demand and on-call ergonomics. If your tool is on the roadmap, we'll add you to the early-access list.

Request an integration →