Skip to content

Tool Marketplace#

The marketplace is where you connect additional evidence sources. It is not the primary product story by itself: AttackTrace is an investigation workspace that connects tools, evidence, memory, and reports.

Built-in threat intelligence is available through AttackThreat. Use the marketplace when an investigation needs customer-owned logs, cloud context, tickets, private APIs, or customer-selected third-party services.

Built-in first, connectors when needed#

Start with a question in chat. AttackTrace can use available built-in intelligence and then pivot into configured connectors when more evidence is needed.

Connector categories#

Examples of customer-selected connectors:

  • SIEM and log platforms in your environment
  • Cloud logs and cloud security services
  • Jira, Confluence, and other workflow systems
  • Databases, internal tools, private APIs, and MCP servers
  • Optional third-party services selected and configured by the customer

What you will need#

Integration type Required credentials
Cloud services Cloud credentials or customer-approved access method
Elasticsearch / Kibana Cluster URL + API key or username/password
Splunk Splunk URL + API token
Jira Jira URL + API token
Confluence Confluence URL + API token
Private APIs / MCP servers Endpoint, credentials, and schema/configuration details
Optional third-party intelligence services Customer-provided account or API key where required

Enabling an integration#

  1. Open the tool marketplace
  2. Find the connector you want to use
  3. Click Add or Configure
  4. Fill in the required credentials as prompted
  5. Save and return to the chat interface

Using tools after enabling#

Once a tool is enabled, you don't need to invoke it manually. Describe what you need and the AI selects the appropriate tool automatically.

Examples:

  • "Investigate IP 185.220.101.45 and explain what evidence supports the verdict"
  • "Search for failed login events in the last 24 hours" (requires Elasticsearch or Splunk)
  • "Check which S3 buckets in my AWS account are publicly accessible" (requires AWS S3)
  • "Create a handoff note for this incident" (requires ticketing or documentation connector if you want to write it externally)

Operational notes#

  • Connected systems process data according to the customer's configuration and the connected provider's terms.
  • Keep credentials scoped to the least privilege needed for investigation.
  • Review tool results and source context before acting on AI-generated conclusions.
  • Private deployments can use customer-selected infrastructure and integrations under separate enterprise terms.