Integrations

Integrations

ASTRA BASTION connects with 31+ enterprise security and DevOps tools. Normalize events to OCSF, trigger SOAR playbooks, and embed AI security into your existing workflows.

All integrations use webhook-based event forwarding with exponential backoff retry and dead-letter queues.

SIEM (8)

Forward normalized OCSF events to your security information and event management platform.

Splunk

GA

HEC + saved searches

Microsoft Sentinel

GA

Log Analytics workspace

Google Chronicle

GA

MALACHITE ingestion

IBM QRadar

GA

Syslog + REST API

Elastic Security

GA

Fleet agent + SIEM rules

Sumo Logic

Beta

HTTP source + dashboards

LogRhythm

Beta

Open Collector + SmartResponse

Datadog

GA

Logs + Security Monitoring

SOAR (5)

Trigger automated playbooks for incident response and remediation workflows.

Cortex XSOAR

GA

Playbooks + incident sync

Swimlane

GA

Turbine workflows

Tines

GA

Stories + webhook actions

Torq

Beta

Hyperautomation flows

ServiceNow

GA

Security Incident Response

Identity Providers (8)

SSO, SCIM provisioning, and identity lifecycle management integration.

Okta

GA

SAML/OIDC + SCIM 2.0

Azure AD (Entra ID)

GA

SAML + Graph API

Auth0

GA

Universal Login + Actions

OneLogin

GA

SAML + user provisioning

Ping Identity

Beta

PingFederate + PingOne

JumpCloud

Beta

SAML + directory sync

Google Workspace

GA

SAML + Admin SDK

CyberArk

GA

PAM + Identity Security

Cloud Security (5)

Correlate AI security findings with your cloud security posture management.

AWS Security Hub

GA

ASFF findings + EventBridge

Azure Defender

GA

Alerts + Recommendations

GCP Security Command Center

GA

Findings + sources

Palo Alto Prisma Cloud

Beta

CSPM + CWPP alerts

Wiz

Beta

Issues + graph queries

DevOps & CI/CD (5)

Embed AI security checks into your software delivery lifecycle.

GitHub

GA

Actions + SARIF + Code Scanning

GitLab

GA

CI/CD pipelines + SAST

Jenkins

GA

Pipeline plugin + webhooks

ArgoCD

Beta

Sync hooks + health checks

Terraform

Beta

Provider + policy-as-code

How Integrations Work

1

Event Normalization

All internal events are normalized to OCSF v1.4.0 format (22 event types mapped to 7 OCSF classes) before forwarding to external systems.

2

Webhook Dispatch

Events are dispatched via HTTPS webhooks with HMAC-SHA256 signatures. Failed deliveries retry with exponential backoff (up to 5 attempts) before routing to a dead-letter queue.

3

Bi-Directional Sync

Supported integrations (SIEM, SOAR, Identity) offer bi-directional sync -- import findings, incidents, and user lifecycle events back into ASTRA for unified governance.