Connector Library
Surface Command supports a wide variety of asset, vulnerability, automation, control, vulnerability, threat, and enrichment data through Connectors. Connectors in Surface Command provide several features, including:
- Ingestion of asset (machines, people, software, etc.) details from the source
- Integration with source-provided functionality (for example, creating a ticket or quarantining a host) for optional use in automation workflows
- Source-specific queries and reporting within the Surface Command interface
For more information on Connectors in general, visit Connectors.
Looking to set up a Connector?
For details on setting up a Connector, visit the Quick Start Guide.
Supported Connectors
For Connector details, check out the Rapid7 Extension Library.
- Admin by Request
- Amazon AWS – EC2, IAM, Route53, S3
- Amazon Inspector (Beta)
- Aqua CSPM (Beta)
- Aqua Enterprise (Beta)
- Armis
- Atlassian Compass (Beta)
- Atlassian Jira
- Automox
- Bitdefender
- BitSight
- BlackBerry Cylance (Beta)
- Broadcom CCS (Beta)
- Cato Networks
- CIRCL CVE – additional detail and context about CVEs
- CISA Known Exploitable Vulnerability (KEV) Database – U.S. Government list of CVEs with known exploitation
- Cisco Duo Security
- Cisco Endpoint Security (AKA “AMP for Endpoints”)
- Cisco Meraki
- CIS Controls V8
- Cloudaware (CMDB)
- CrowdStrike Falcon
- Device42 (CMDB)
- Driftnet.io (External Attack Surface)
- Elastic Fleet Agents (Beta)
- endoflife.date – additional detail and context about CVEs (Beta)
- Exabeam
- FIRST EPSS – probability of exploitation for CVEs
- Forescout (Beta)
- Fortinet FortiClient EMS
- Freshservice
- GitHub
- GitLab
- Google Cloud (Compute, Disk, and Network services)
- Google Drive
- Google Security Command Center (Beta)
- Google Workspace
- Guardicore Centra (Beta)
- Have I Been Pwned (Beta)
- HCL BigFix
- Infoblox BloxOne DDI (Beta)
- Infoblox BloxOne Threat Defense (Beta)
- Jamf (Apple device management)
- K8S (Kubernetes cloud-native platform)
- KnowBe4
- Lansweeper
- Lookout MES (Beta)
- Microsoft 365
- Microsoft Active Directory
- Microsoft Azure Active Directory
- Microsoft Azure (Compute services, including Azure Kubernetes Service)
- Microsoft Defender
- Microsoft Intune / Endpoints
- Microsoft SCCM
- Microsoft Security Response Center – vulnerability details and remediation resources
- Microsoft SQL (SQL Server, Azure SQL and Sybase)
- Microsoft Teams – send query results via Teams webhook
- MITRE ATT&CK – threat and mitigation reference
- MITRE CWE
- MITRE D3FEND
- Mosyle Business (MDM)
- MySQL
- N-able N-central
- NetBox (network inventory and tracking)
- Netskope
- NinjaOne RMM
- NIST NVD – core reference of published vulnerabilities (CVEs)
- OCI (Open Container Initiative)
- Okta
- Orca
- Palo Alto Networks Cortex XSOAR
- Palo Alto Networks XDR
- Penetration Test
- phpIPAM
- PostgreSQL (Beta)
- Qualys Patch Management (Beta)
- Qualys VMDR
- Rapid7
- Rapid7 Data Warehouse
- Rapid7 InsightCloudSec (Beta)
- Rapid7 InsightIDR
- Rapid7 InsightVM Cloud
- Recorded Future
- Red Hat Ansible Automation Platform
- Red Hat Satellite
- Remediant SecureONE (Beta) (Lateral Movement Prevention)
- RDAP - DNS & Whois enrichment (Beta)
- Rubrik Polaris (Beta)
- runZero (formerly Rumble)
- SailPoint IdentityNow
- Send Email – send emails with report and query result attachments
- SentinelOne
- ServiceNow
- SSH File Transfer Protocol (SFTP) (Beta)
- Shodan
- Slack
- Snipe-IT
- Snyk
- Sophos Central
- Splunk
- Tanium
- Tenable.io
- Tenable.sc
- Tenable Nessus
- Trellix HX
- Trend Micro Cloud One
- Trend Micro Deep Security
- Trend Micro Vision One
- VMware Carbon Black Cloud
- VMware vCenter
- VMware Workspace ONE UEM
- WatchGuard Endpoint Security
- WithSecure Endpoint Protection
- Wiz (Beta)
- Zscaler Internet Access
Did this page help you?