Integrations
Jutsu connects to your SIEM and log sources, cloud and identity providers, response tools, and notification channels — so detection, investigation, and response all run against the systems you already operate.
How integrations work
Integrations fall into two halves of the SOC loop. Inbound integrations bring telemetry in: data sources stream alerts and events into the Jutsu Ingest API, where they are normalized and surfaced as alerts and events. Outbound integrations act on the world: cloud and identity connectors, SOAR platforms, ticketing systems, and notification channels let Jutsu and its AI agents respond, escalate, and inform.
Most inbound sources authenticate to the Ingest API with an organization-scoped API key, so each connection writes only to your organization's data. Outbound actions run through AgentSOAR connectors with a full, revertible audit trail.
Availability
The matrix below shows what is available today versus what is on the roadmap, grouped by category.
Roadmap items are planned and not yet available. Only entries marked Available can be connected in your deployment today.
Data sources
Telemetry that flows into Jutsu and becomes alerts and events. See Data sources.
| Integration | Status |
|---|---|
| Wazuh | Available |
| Google Workspace email logs | Available |
| Syslog | Available |
| Custom events | Available |
| Splunk | Roadmap |
| Elastic SIEM | Roadmap |
| Microsoft Sentinel | Roadmap |
| CrowdStrike | Roadmap |
| Datadog | Roadmap |
| Sumo Logic | Roadmap |
| Graylog | Roadmap |
| IBM QRadar | Roadmap |
Cloud & identity
AgentSOAR connectors to cloud and identity providers that response actions run against. See Cloud & identity.
| Integration | Status |
|---|---|
| AWS | Available |
| GCP | Available |
| Azure | Available |
| Hostinger | Available |
| Google Workspace | Available |
| Microsoft 365 | Available |
| AgentSOC Mail Block | Available |
Response & SOAR
Where Jutsu runs and orchestrates response. See AgentSOAR overview.
| Integration | Status |
|---|---|
| AgentSOAR (native) | Available |
| Shuffle | Available |
| Splunk SOAR | Roadmap |
| Tines | Roadmap |
| Cortex XSOAR | Roadmap |
| n8n | Roadmap |
| Torq | Roadmap |
Threat intelligence
Enrichment sources for indicators and reputation.
| Integration | Status |
|---|---|
| VirusTotal | Roadmap |
| AbuseIPDB | Roadmap |
| AlienVault OTX | Roadmap |
| GreyNoise | Roadmap |
| MalwareBazaar | Roadmap |
| MISP | Roadmap |
| CISA KEV | Roadmap |
| Shodan | Roadmap |
| Recorded Future | Roadmap |
ITSM & ticketing
Hand off incidents to your service-management tools.
| Integration | Status |
|---|---|
| ServiceNow | Roadmap |
| Jira | Roadmap |
| TheHive | Roadmap |
| PagerDuty | Roadmap |
| Opsgenie | Roadmap |
| Zendesk | Roadmap |
Notifications
Where Jutsu sends alerts and updates.
| Integration | Status |
|---|---|
| Slack | Available |
| Telegram | Available |
| Microsoft Teams | Roadmap |
| Discord | Roadmap |
| Mattermost | Roadmap |
| Twilio | Roadmap |
Categories
Browse each category to set up a connection.
Stream alerts and events from Wazuh, Google Workspace, syslog, and custom sources.
Connect AWS, GCP, Azure, and identity providers for response actions.
Run and orchestrate response with AgentSOAR and supported SOAR platforms.
Related
- Wazuh — connect your first data source.
- AWS — connect a cloud provider for response.
- AgentSOAR overview — how response actions run.