Connector Library

Surface Command supports a wide variety of asset, vulnerability, automation, control, vulnerability, threat, and enrichment data through Connectors. Connectors in Surface Command provide several features, including:

  • Ingestion of asset (machines, people, software, etc.) details from the source
  • Integration with source-provided functionality (for example, creating a ticket or quarantining a host) for optional use in automation workflows
  • Source-specific queries and reporting within the Surface Command interface

For more information on Connectors in general, visit Connectors.

Looking to set up a Connector?

For details on setting up a Connector, visit the Quick Start Guide.

Supported Connectors

For Connector details, check out the Rapid7 Extension Library.

  • Admin by Request
  • Amazon AWS – EC2, IAM, Route53, S3
  • Amazon Inspector (Beta)
  • Aqua CSPM (Beta)
  • Aqua Enterprise (Beta)
  • Armis
  • Atlassian Compass (Beta)
  • Atlassian Jira
  • Automox
  • Bitdefender
  • BitSight
  • BlackBerry Cylance (Beta)
  • Broadcom CCS (Beta)
  • Cato Networks
  • CIRCL CVE – additional detail and context about CVEs
  • CISA Known Exploitable Vulnerability (KEV) Database – U.S. Government list of CVEs with known exploitation
  • Cisco Duo Security
  • Cisco Endpoint Security (AKA “AMP for Endpoints”)
  • Cisco Meraki
  • CIS Controls V8
  • Cloudaware (CMDB)
  • CrowdStrike Falcon
  • Device42 (CMDB)
  • Driftnet.io (External Attack Surface)
  • Elastic Fleet Agents (Beta)
  • endoflife.date – additional detail and context about CVEs (Beta)
  • Exabeam
  • FIRST EPSS – probability of exploitation for CVEs
  • Forescout (Beta)
  • Fortinet FortiClient EMS
  • Freshservice
  • GitHub
  • GitLab
  • Google Cloud (Compute, Disk, and Network services)
  • Google Drive
  • Google Security Command Center (Beta)
  • Google Workspace
  • Guardicore Centra (Beta)
  • Have I Been Pwned (Beta)
  • HCL BigFix
  • Infoblox BloxOne DDI (Beta)
  • Infoblox BloxOne Threat Defense (Beta)
  • Jamf (Apple device management)
  • K8S (Kubernetes cloud-native platform)
  • KnowBe4
  • Lansweeper
  • Lookout MES (Beta)
  • Microsoft 365
  • Microsoft Active Directory
  • Microsoft Azure Active Directory
  • Microsoft Azure (Compute services, including Azure Kubernetes Service)
  • Microsoft Defender
  • Microsoft Intune / Endpoints
  • Microsoft SCCM
  • Microsoft Security Response Center – vulnerability details and remediation resources
  • Microsoft SQL (SQL Server, Azure SQL and Sybase)
  • Microsoft Teams – send query results via Teams webhook
  • MITRE ATT&CK – threat and mitigation reference
  • MITRE CWE
  • MITRE D3FEND
  • Mosyle Business (MDM)
  • MySQL
  • N-able N-central
  • NetBox (network inventory and tracking)
  • Netskope
  • NinjaOne RMM
  • NIST NVD – core reference of published vulnerabilities (CVEs)
  • OCI (Open Container Initiative)
  • Okta
  • Orca
  • Palo Alto Networks Cortex XSOAR
  • Palo Alto Networks XDR
  • Penetration Test
  • phpIPAM
  • PostgreSQL (Beta)
  • Qualys Patch Management (Beta)
  • Qualys VMDR
  • Rapid7
  • Rapid7 Data Warehouse
  • Rapid7 InsightCloudSec (Beta)
  • Rapid7 InsightIDR
  • Rapid7 InsightVM Cloud
  • Recorded Future
  • Red Hat Ansible Automation Platform
  • Red Hat Satellite
  • Remediant SecureONE (Beta) (Lateral Movement Prevention)
  • RDAP - DNS & Whois enrichment (Beta)
  • Rubrik Polaris (Beta)
  • runZero (formerly Rumble)
  • SailPoint IdentityNow
  • Send Email – send emails with report and query result attachments
  • SentinelOne
  • ServiceNow
  • SSH File Transfer Protocol (SFTP) (Beta)
  • Shodan
  • Slack
  • Snipe-IT
  • Snyk
  • Sophos Central
  • Splunk
  • Tanium
  • Tenable.io
  • Tenable.sc
  • Tenable Nessus
  • Trellix HX
  • Trend Micro Cloud One
  • Trend Micro Deep Security
  • Trend Micro Vision One
  • VMware Carbon Black Cloud
  • VMware vCenter
  • VMware Workspace ONE UEM
  • WatchGuard Endpoint Security
  • WithSecure Endpoint Protection
  • Wiz (Beta)
  • Zscaler Internet Access