Integrations Overview
Noxys integrates seamlessly with your existing security, identity, and productivity tools. Forward events in real-time to SIEMs, enable SSO, sync with EDR platforms, and receive alerts in Slack or Teams.
Integration Categories
SIEM & Threat Intelligence
Send AI interaction events and alerts to your security information and event management system.
| Platform | Type | Real-Time | Status | Guide |
|---|---|---|---|---|
| Microsoft Sentinel | SIEM | Yes (Webhook) | Certified | → |
| Splunk | SIEM | Yes (HEC) | Certified | → |
| Sekoia XDR | XDR | Yes (Webhook) | Supported | → |
| Datadog | Monitoring | Yes (Webhook) | Coming Q3 2026 | - |
| Elastic | SIEM | Yes (Webhook) | Coming Q2 2026 | - |
Identity & Access Management
Enable Single Sign-On and synchronize user directories.
| Platform | Type | SSO | Directory Sync | Guide |
|---|---|---|---|---|
| Microsoft Entra ID | Identity | OIDC/SAML | User sync | → |
| Okta | Identity | OIDC/SAML | User sync | Coming Q2 2026 |
| Google Workspace | Identity | SAML | User sync | Coming Q3 2026 |
| Ping Identity | Identity | SAML | User sync | Coming Q2 2026 |
| LDAP | Directory | Not supported | Sync support | Coming Q2 2026 |
Endpoint Detection & Response
Integrate with EDR and MDM platforms for endpoint visibility.
| Platform | Type | Connection | Guide |
|---|---|---|---|
| Microsoft Defender for Endpoint | EDR | API integration | → |
| CrowdStrike Falcon | EDR | API + webhook | → |
| HarfangLab EDR | EDR | Webhook | → |
Data Governance & Sensitivity Labels
Integrate with data classification and governance platforms.
| Platform | Type | Connection | Guide |
|---|---|---|---|
| Microsoft Purview | DLP/Classification | API integration | → |
Productivity & Notifications
Send alerts to teams and create tickets automatically.
| Platform | Type | Connection | Guide |
|---|---|---|---|
| Slack | Messaging | Webhook | → |
| Microsoft Teams | Messaging | Webhook | → |
| Jira | ITSM | API integration | → |
| ServiceNow | ITSM | API integration | → |
Authentication & Authorization
Configure enterprise SSO for all users.
| Type | Protocols | Guide |
|---|---|---|
| SSO Setup | OIDC, SAML, Entra, Okta, Google | → |
Quick Integration Matrix
Use this matrix to find the right integration for your needs:
┌─────────────────────────────────────────────────────────┐
│ What do you need? │
├─────────────────────────────────────────────────────────┤
│ │
│ 📊 Send events to SIEM? │
│ → Microsoft Sentinel, Splunk, Sekoia │
│ │
│ 🔐 Enable SSO for users? │
│ → Microsoft Entra, Okta, Google │
│ │
│ 🛡️ Connect EDR platform? │
│ → Microsoft Defender, CrowdStrike, HarfangLab │
│ │
│ 📢 Alert my team? │
│ → Slack, Teams │
│ │
│ 📋 Create tickets automatically? │
│ → Jira, ServiceNow │
│ │
│ 🏷️ Sync sensitivity labels? │
│ → Microsoft Purview │
│ │
└─────────────────────────────────────────────────────────┘
Integration Methods
1. Webhook (Event-Driven)
Real-time push of events to your endpoint.
Best for:
- SIEM ingestion (Sentinel, Splunk)
- Slack/Teams alerts
- Custom webhooks
Latency: < 1 second
Configuration: API → Webhooks → Create endpoint
POST /api/v1/webhooks
{
"url": "https://your-system.example.com/events",
"events": ["interaction.policy_violated", "alert.severity_critical"]
}
2. API Integration
Pull data on-demand or via scheduled sync.
Best for:
- EDR (CrowdStrike, Defender)
- Jira/ServiceNow ticketing
- Custom integrations
Latency: Depends on polling interval
Configuration: Admin Panel → Integrations → API Keys
3. SSO (Identity Federation)
Delegate authentication to your identity provider.
Best for:
- Enterprise SSO (Entra, Okta)
- User provisioning
Protocols: OIDC, SAML 2.0
Configuration: Admin Panel → Settings → SSO
4. Directory Sync
Automatically sync users from directory.
Best for:
- Keeping user list in sync
- Automatic deprovisioning
Sources: Entra ID, Google Workspace, LDAP
Configuration: Admin Panel → Users → Directory Sync
Regional Considerations
European Integrations
For EU data residency, we recommend:
- SIEM: Sekoia (French XDR) or on-premise Splunk
- Identity: Microsoft Entra ID with EU data centers
- EDR: HarfangLab (French EDR)
- ITSM: ServiceNow EU cloud
All data stays in EU data centers when using these integrations.
Compliance Notes
- GDPR: All integrations support GDPR data handling
- SOC 2: Certified integrations listed as "Certified"
- ISO 27001: Coming with integrations in Q2 2026
Supported Event Types
All integrations can forward these events:
Interaction Events:
interaction.created— New AI interaction loggedinteraction.policy_violated— Policy triggered (Block/Coach/Log)interaction.high_risk— Risk score >= 0.8
Alert Events:
alert.created— New security alertalert.severity_critical— Critical alertalert.severity_high— High severity alertalert.resolved— Alert marked resolved
Policy Events:
policy.created— New policy createdpolicy.updated— Policy modifiedpolicy.enabled— Policy activatedpolicy.deleted— Policy deleted
User Events:
user.invited— User inviteduser.activated— User accepted invitationuser.role_changed— Role modified
Getting Started
Step-by-Step
- Choose your integration — Pick from the table above
- Read the guide — Follow platform-specific setup steps
- Configure credentials — API keys, URLs, authentication
- Test connection — Verify data is flowing
- Monitor events — Check logs and alert status
Common Integration Flows
SIEM Integration (Splunk Example)
Noxys → Webhook → Splunk HEC → Indexer → Splunk Dashboards
- Create webhook in Noxys Admin Panel
- Get Splunk HEC token
- Configure webhook URL to Splunk HEC endpoint
- Verify events in Splunk search
SSO Integration (Entra ID Example)
User → Noxys Login → Redirect to Entra → User approves → Token issued
- Register Noxys as OIDC application in Entra
- Get client ID and secret
- Configure SSO in Noxys Admin Panel
- Test login via SSO
EDR Integration (CrowdStrike Example)
Noxys → API → CrowdStrike API → Falcon Events → Falcon Dashboards
- Create API client in CrowdStrike console
- Get API key and secret
- Configure integration in Noxys Admin Panel
- Verify detection in Falcon console
Troubleshooting Integration Issues
Events Not Flowing
- Check webhook is
active: true - Verify destination endpoint is accessible
- Check firewall rules (Noxys IPs must reach endpoint)
- Test webhook manually:
POST /api/v1/webhooks/:id/test - Review delivery history:
GET /api/v1/webhooks/:id/deliveries
Authentication Failures
- Verify API keys/credentials are correct
- Check token expiration (refresh if needed)
- Confirm firewall allows outbound HTTPS
- Verify IP whitelist if configured
- Check integration logs in Admin Panel
SSO Not Working
- Verify OIDC/SAML configuration is correct
- Check identity provider allows Noxys redirect URI
- Verify user exists in identity provider
- Test SSO login URL:
https://api.noxys.cloud/auth/sso - Check browser console for redirect errors
Integration Support
- Documentation: Platform-specific guides below
- Testing: Use Admin Panel → Integrations → Test Connection
- Logs: Check Admin Panel → Audit Log for integration events
- Support: Email support@noxys.eu for integration issues
- Status: Check status.noxys.cloud for platform-specific status
Custom Integration
Need something not listed? We support:
- Webhook: POST JSON to your endpoint
- REST API: Query our API endpoints directly
- OAuth: Coming Q2 2026
Contact sales@noxys.eu for custom integration requirements.
What's Next?
Choose your integration from the list above:
- Microsoft Sentinel — SIEM integration
- Microsoft Entra ID — SSO & identity
- Splunk — SIEM integration
- CrowdStrike — EDR integration
- Slack/Teams — Real-time alerts
- SSO Configuration — Enterprise SSO setup