Integrations

Integrations

DNS, SIEM, webhooks, Slack/Teams, WAF, scanners, API, and Hidden Hand attack surface orchestration.

Last updated May 2026

DNS provider integrations

Technitium DNS (token or credentials + zone) and Azure DNS (service principal) are first-class. Route53 patterns are supported in enterprise deployments. Always run Test Connection before first lure DNS assignment.

SIEM and webhooks

Export CSV or stream events via webhooks to Splunk, Sentinel, QRadar, or custom SIEM parsers. Map threat level and lure ID fields in your CIM or ECS schema early.

Slack, Teams, and WAF

Slack webhooks notify channels on Critical events. WAF integrations (Cloudflare, Akamai, Fortinet, AWS, Azure, Imperva) power Block IP from Investigation—configure before analysts expect one-click block.

Hidden Hand integration

Hidden Hand (codename ultrared in APIs) connects attack surface orchestration—target ID and API key per workspace. The Simulator proposes lure plans from external asset inventories. UI labels say Hidden Hand; integration docs for vendors may use legacy codenames.

Screenshot Placeholder

Integrations Page

Insert: Integrations settings: DNS card with Test Connection, Slack webhook, WAF provider tiles, Hidden Hand credentials section.

API and scanner integrations

REST API covers lure lifecycle, logs, and threats—see API Reference. Scanner integrations align with Nuclei rule compilation in Admin for consistent classification inside and outside the platform.