22 Integrations with Microsoft Defender for Endpoint
View a list of Microsoft Defender for Endpoint integrations and software that integrates with Microsoft Defender for Endpoint below. Compare the best Microsoft Defender for Endpoint integrations as well as features, ratings, user reviews, and pricing of software that integrates with Microsoft Defender for Endpoint. Here are the current Microsoft Defender for Endpoint integrations in 2025:
-
1
Intezer Analyze
Intezer
Intezer automates Tier 1 SOC tasks, working like an extension of your team. Intezer can monitor incoming incidents from endpoint, email, or SIEM tools, then "autonomously" collects evidence, investigates, triages, triggers remediation action, and escalates only the the serious threats to your team for human intervention. Fast set up and integrations with your SOC and IR teams workflows (EDR, SOAR, SIEM, etc.) means you can starting filtering out false positives, get detailed analysis about every threat, and speed up your incident response time. Make sure every incident and artifact (such as files, URLs, endpoint memory, etc.) gets deeply analyzed, detecting malicious code in memory and other evasive threats.Starting Price: Free -
2
Axonius
Axonius
Axonius gives customers the confidence to control complexity by providing a system of record for all digital infrastructure. With a comprehensive understanding of all assets including devices, identities, software, SaaS applications, vulnerabilities, security controls, and the context between all assets, customers are able to mitigate threats, navigate risk, decrease incident response time, automate action, and inform business-level strategy — all while eliminating manual, repetitive tasks. Recognized as creators of the Cyber Asset Attack Surface Management (CAASM) category and innovators in SaaS Management Platform (SMP) and SaaS Security Posture Management (SSPM), Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically enforce policies and automate action. -
3
JupiterOne
JupiterOne
JupiterOne is a cyber asset analysis platform every modern security team needs to collect and transform asset data into actionable insights to secure their attack surface. JupiterOne was created to make security as simple as asking a question and getting the right answer back, with context, to make the right decision. With JupiterOne, organizations are able to see all asset data in a single place, improve confidence in choosing their priorities and optimize the deployment of their existing security infrastructure.Starting Price: $2000 per month -
4
SOC Prime Platform
SOC Prime
SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 28 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic and zero-trust cybersecurity approach, and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® as core pillars are recognized by the independent research companies, credited by the leading SIEM, XDR & MDR vendors, and trusted by 8,000+ organizations from 155 countries, including 42% of Fortune 100, 21% of Forbes Global 2000, 90+ public sector institutions, and 300+ MSSP and MDR providers. Driven by its advanced cybersecurity solutions, Threat Detection Marketplace, Uncoder AI, and Attack Detective, SOC Prime enables organizations to risk-optimize their cybersecurity posture while improving the ROI of their SOC investments. -
5
Phoenix Security
Phoenix Security
Phoenix Security enables security, developers, and businesses to all talk the same language. We help security professionals focus on the vulnerabilities that matter most across cloud, infrastructure, and application security. Laser focuses on the 10% of vulnerabilities that matter today, and reduces risk faster with prioritized contextualized vulnerabilities. Threat intelligence automatically in the risk improves efficiency enabling fast reaction. Threat intelligence automatically in the risk improves efficiency enabling fast reaction. Aggregate, correlate and contextualize multiple security tools and data sources, providing your business with unprecedented visibility. Break down the silos between application security, operational security, and the business.Starting Price: $3,782.98 per month -
6
Armis
Armis Security
Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California. -
7
Blackpoint Cyber
Blackpoint Cyber
Blackpoint Cyber's 24/7 Managed Detection and Response service provides real-time threat hunting and true response; not just alerts. Blackpoint Cyber is a technology-focused cyber security company headquartered in Maryland, USA. The company was established by former US Department of Defense and Intelligence cyber security and technology experts. Leveraging its real-world cyber experience and knowledge of malicious cyber behavior and tradecraft, Blackpoint provides cyber security products and services to help organizations protect their infrastructure and operations. The company’s proprietary security operations and incident response platform, SNAP-Defense, is available as a product or as a 24x7 Managed Detection and Response (MDR) service. Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world. -
8
Cyber Triage
Sleuth Kit Labs
Fast & Affordable Forensics for Incident Response. Automated incident response software for fast, comprehensive, and easy intrusion investigations. An alert is generated from IDS or SIEM. An endpoint investigation is started from SOAR manually. Cyber Triage is deployed to the endpoint to collect data. Analyst uses Cyber Triage data to find evidence and make decisions. Manual incident response is slow, leaving the entire organization at the intruder’s mercy. By automating every phase of the endpoint forensics process, Cyber Triage ensures state-of-the-art remediation speed. Cyber threats are constantly evolving, and manual incident response can be inconsistent and incomplete. Always operating on the latest threat intelligence, Cyber Triage scours every relevant corner of a compromised endpoint. Forensic tools are often confusing, with features not needed for intrusions. Cyber Triage’s intuitive interface allows even junior staff to analyze data and assemble reports.Starting Price: $2,500 -
9
Pillr
OpenText
Pillr is powerful security operations software backed by 24/7/365 SOC service and support. The platform unifies security data sources and tools in a single console. Incoming data is automatically analyzed, and the resulting telemetry is correlated with over 35 industry leading threat intelligence feeds to produce actionable, reliable alerts. On Pillr, you can examine data in a customizable dashboard, investigate events with powerful threat intelligence tools, and work collaboratively with Pillr SOC teams to remediate issues. The platform supports over 450 integrations, including tools from Autotask, Check Point, ConnectWise, Crowdstrike, Microsoft, SentinelOne, and Sophos—while expanding integration support for new tools daily. Pillr SOCs operate on a true 24/7/365 model and are staffed by 85+ security analysts and threat hunters, so service providers on the platform receive consistent, real-time guidance and support no matter the day or time. -
10
Kroll Cyber Risk
Kroll
We are the world incident response leader. Merging complete response capabilities with frontline threat intelligence from over 3000 incidents handled per year and end-to-end expertise we protect, detect and respond against cyberattacks. For immediate assistance, contact us today. Tackle every facet of today and tomorrow’s threat landscape with guidance from Kroll’s Cyber Risk experts. Enriched by frontline threat intel from 3000+ incidents cases every year, our end-to-end cyber risk solutions help organizations uncover exposures, validate the effectiveness of their defenses, implement new or updated controls, fine-tune detections and confidently respond to any threat. Get access to a wide portfolio of preparedness, resilience, detection and response services with a Kroll Cyber Risk retainer. Get in touch for more info. -
11
HivePro Uni5
HivePro
The Uni5 platform elevates traditional vulnerability management to holistic threat exposure management by identifying your enterprises' likely cyber threats, fortifying your weakest controls, and eliminating the vulnerabilities that matter most to reduce your enterprise risks. Minimizing your threat exposure and outmaneuvering cybercriminals requires enterprises to know their terrain, and the attacker’s perspective well. HiveUni5 platform provides wide asset visibility, actionable threat, and vulnerability intelligence, security controls testing, patch management, and in-platform, cross-functional collaboration. Close the loop on risk management with auto-generated strategic, operational, and tactical reports. HivePro Uni5 supports over 27 well-known asset management, ITSM, vulnerability scanners, and patch management tools out of the box, allowing organizations to utilize their existing investments. -
12
Picus
Picus Security
Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context. Picus transforms security practices by correlating, prioritizing, and validating exposures across siloed findings so teams can focus on critical gaps and high-impact fixes. With Picus, security teams can quickly take action with one-click mitigations to stop more threats with less effort. The Picus Security Validation Platform easily reaches across on-prem environments, hybrid clouds and endpoints coupled with Numi AI to provide exposure validation. The pioneer of Breach and Attack Simulation, Picus delivers award-winning threat-centric technology that allows teams to pinpoint fixes worth pursuing, offering a 95% recommendation in Gartner Peer Review. -
13
Panaseer
Panaseer
Panaseer’s continuous controls monitoring platform sits above the tools and controls within your organisation. It provides automated, trusted insight into the security and risk posture of the organisation. We create an inventory of all entities across your organisation (devices, apps, people, accounts, databases). The inventory highlights assets missing from different sources and where security controls are missing from assets. The platform equips you with metrics and measures to understand your security and compliance status at any level. The platform ingests data from any source in the cloud or on-premises, across security, IT and business domains through out-of-the-box data connectors. It uses entity resolution to clean, normalise, aggregate, de-duplicate and correlate this data, creating a continuous feed of unified asset and controls insights across devices, applications, people, databases and accounts. -
14
Query Federated Search
Query
Query is a federated search platform delivering a single search bar to access all your security-relevant data, wherever it is stored. The Query Federated Search Platform unlocks access to and value from cybersecurity data wherever it is stored (in the cloud, third-party SaaS, or on-prem), regardless of vendor or technology, and without requiring centralization. This leads to massive cost savings, more efficient security operations across real-time and historical data sources, and reduced security analyst ramp-up time. -
15
Learn what a digital risk protection solution is and how it can help you be better prepared by understanding who is targeting you, what they’re after, and how they plan to compromise you. Google Digital Risk Protection delivers a broad digital risk protection solution either via stand-alone self-managed SaaS products or a comprehensive service. Both options give security professionals visibility outside their organization, the ability to identify high-risk attack vectors, malicious orchestration from the deep and dark web, and attack campaigns on the open web. The Google Digital Risk Protection solution also provides contextual information on threat actors and their tactics, techniques, and procedures to provide a more secure cyber threat profile. Gain visibility into risk factors impacting the extended enterprise and supply chain by mapping your attack surface and monitoring deep and dark web activity.
-
16
Blink
Blink Ops
Blink is an ROI force multiplier for security teams and business leaders looking to quickly and easily secure a wide variety of use cases. Get full visibility and coverage of alerts across your organization and security stack. Utilize automated flows to reduce noise and false positives in alerts. Scan for attacks and proactively identify insider threats and vulnerabilities. Create automated workflows that add relevant context, streamline communications, and reduce MTTR. Take action on alerts and improve your cloud security posture with no-code automation and generative AI. Shift-left access requests, streamline approvals flows, and unblock developers while keeping your applications secure. Continuously monitor your application for SOC2, ISO, GDPR, or other compliance checks and enforce controls. -
17
Q-scout
Quokka
Q-scout enables security teams to vet mobile apps while substantiating their decisions with precise, data driven insights. It provides evidence needed to confidently approve or block apps, ensuring compliance, safeguarding privacy, and protecting organizational assets from mobile threats. Q-scout seamlessly integrates with MDMs, giving security teams real-time visibility into the mobile apps installed across MDM-managed devices. App inventories are automatically ingested into Q-scout and continuously updated, allowing each app to be analyzed for security and privacy risks as soon as it is added, updated, or removed. This ensures that administrators always have an up-to-date, actionable view of mobile app exposure without manual effort. Q-scout enables organizations to: • Pre-vet apps before risk hits the device • Set enforceable, risk-based app policies • Meet security & compliance standards • MDM & MTD Integration • Agentless deployment • Scale security visibility -
18
OctoXLabs
OctoXLabs
Detect, prioritize, and respond to asset security threats in minutes. Get Cyber asset attack surface management and improve your visibility. Manage all your cybersecurity inventory. Discover vulnerabilities for all your assets. Fill in the gaps left by agent-based asset management solutions. Discover server, client, cloud, and IoT device gaps. Octoxlabs works with agentless technology and enhances your visibility with 50+ API integrations. Keep track of your installed applications licenses at any time. You can see how many licenses you have left, how many have been used, and the renewal date from a single point. Keep track of your installed applications licenses at any time. Users that you have to open separately for each product. Enrich your user data with integrations with intelligence services. Follow the local account and you can do this for all products. Devices that have a vulnerability but no security agents installed can be discovered. -
19
Notus
Notus
Notus integrates with a wide range of data sources to deliver continuous, unified asset visibility, enabling actionable insights for critical remediation. Identify all devices, software, and configurations with existing tools. Focus on the most critical vulnerabilities first. Stay informed of changes and emerging threats. Uncover vulnerabilities and misconfiguration. Ensure that security considerations are addressed throughout the asset and software lifecycles. Track software usage, prevent violations, and optimize costs. continuous. Streamline issue resolution by assigning tasks to relevant teams. Conducting manual cybersecurity asset inventories is labor-intensive, often carried out around 12 times annually. Despite this effort, you still won't achieve an up-to-date, consolidated view of your entire environment. By using Notus, the process of managing cybersecurity asset inventories becomes straightforward and instantaneous. -
20
ContraForce
ContraForce
With ContraForce, orchestrate multi-tenant investigation workflows, automate security incident remediation, and deliver your own managed security service excellence. Keep costs low with scalable pricing and performance high with a platform architected for your operational needs. Bring velocity and scale to your existing Microsoft security stack with optimal workflows, built-in security engineering content, and enhanced multi-tenancy. Response automation that adapts to business context to enable defense for customers from endpoint to cloud, with no scripting, agents, or coding needed. One place to manage multiple Microsoft Defender and Sentinel customer tenants while managing Incidents and cases from other XDR, SIEM, and ticketing tools. You'll see your security alerts and data in one unified investigation experience. You can operate your threat detection, investigations, and response workflows all within ContraForce. -
21
Cisco XDR
Cisco
Go from endless investigation to remediating the highest priority incidents with AI-enhanced speed, efficiency, and decisiveness. Identify and stop the most complex attacks with a network-led open XDR approach powered by a simple, built-in Network Detection and Response (NDR) to gain comprehensive visibility. Natively integrate network data from Meraki MX devices to gain clear visibility beyond what EDR-based tools provide, so defenders can take more informed and timely actions. Remediate threats quickly and decisively with AI-guided response and automation that levels up the performance and effectiveness of your security operations team. Make defenders more effective and efficient by uncovering sophisticated attacks and using AI to prioritize incidents across multiple security controls. It's one of the fastest, easiest ways to achieve unified threat detection, investigation, and response in your security posture. -
22
Azure Marketplace
Microsoft
Azure Marketplace is a comprehensive online store that provides access to thousands of certified, ready-to-use software applications, services, and solutions from Microsoft and third-party vendors. It enables businesses to discover, purchase, and deploy software directly within the Azure cloud environment. The marketplace offers a wide range of products, including virtual machine images, AI and machine learning models, developer tools, security solutions, and industry-specific applications. With flexible pricing options like pay-as-you-go, free trials, and subscription models, Azure Marketplace simplifies the procurement process and centralizes billing through a single Azure invoice. It supports seamless integration with Azure services, enabling organizations to enhance their cloud infrastructure, streamline workflows, and accelerate digital transformation initiatives.
- Previous
- You're on page 1
- Next