Integrations#
AttackTrace plugs into the stack you already use. The homepage positioning is the baseline: use built-in threat intelligence, then connect SIEM, cloud logs, ticketing systems, private APIs, and preferred LLMs through APIs and MCP when the investigation needs them.
Built-in intelligence#
AttackThreat is the built-in threat intelligence layer. It is the default place to start for IOC and infrastructure pivots.
| Tool | Use cases |
|---|---|
| AttackThreat | IP, domain, URL, file, infrastructure, reputation, enrichment, and investigation context where available |
Customer-selected connectors#
Other integrations connect customer-owned systems or customer-selected vendor services. They may require your own credentials, network access, and provider terms.
Examples include:
- SIEM and log platforms.
- Cloud logs and cloud security services.
- Ticketing and knowledge-base systems.
- Databases and private APIs.
- Customer-run MCP servers.
- Optional third-party threat intelligence connectors configured by the customer.
AWS cloud security#
| Tool | Version | Use cases |
|---|---|---|
| AWS EC2 | 1.0.1 | Instance inventory, exposure analysis, and console log forensics |
| AWS IAM | 1.0.1 | Users, access keys, and policy analysis |
| AWS Lambda | 1.0.1 | Function configuration, public access, and triggers |
| AWS S3 | 1.0.1 | Public bucket detection, sensitive file identification |
| AWS Network | 1.0.1 | VPC topology, flow logs, and IP-to-ENI lookup |
| AWS Security | 1.0.1 | Security service status and alert retrieval |
| CloudTrail | 1.0.1 | AWS API audit log queries |
| CloudWatch | 1.0.1 | Logs Insights queries, alarms, and metrics |
SIEM#
| Tool | Version | Use cases |
|---|---|---|
| Elasticsearch | 0.7.3 | Log search, index analysis |
| Kibana | 0.7.3 | Dashboard health, saved object management |
| Splunk | 1.0.1 | SPL queries, indexes, and saved searches |
Ticketing#
| Tool | Version | Use cases |
|---|---|---|
| Jira | 1.0.0 | Create and manage security incident tickets |
| Confluence | 1.0.0 | Read and write runbooks, post-mortems, and investigation notes |
Where to start#
Start with the investigation question, not the connector list.
- Ask about the alert, IOC, account, host, or hypothesis.
- Use built-in threat intelligence for early pivots where available.
- Connect customer evidence sources when you need logs, cloud context, tickets, or private system data.
Typical next steps:
- Connect a SIEM such as Splunk or Elasticsearch for log evidence.
- Connect cloud tools when investigating identity, network, resource, or CloudTrail activity.
- Connect ticketing or knowledge-base tools when you need report handoff or runbook context.