Supported Integrations
Connect to all major edr / xdr platforms through a single unified API.
Data Normalization at a Glance
Different vendors, different schemas. Unizo normalizes them all into one unified output.
device.statedevice.platformdevice.namedevice.typeidstatushostTypehost_namemachine_idstatusplatformfullNamedevice_idstateplatformnameConsistent across all vendors
idstateplatformnametypeos.versionfqdnstagsDetailed Field Mapping
Microsoft Defender
device.statestatedevice.platformplatformdevice.namenamedevice.typetypeCrowdStrike
ididstatusstatehostTypeplatformhost_namenameSentinelOne
machine_ididstatusstateplatformplatformfullNamenamePalo Alto Cortex XDR
device_ididstatestateplatformplatformnamenameWhat You Can Build
Use Unizo's unified API to power these capabilities and more.
Automate SOC & Incident Response
Real-time alert fetching, event enrichment, and automated playbook triggering across all EDR platforms.
Build Centralized Alert Pipelines
Multi-tool ingestion with normalized severities and MITRE ATT&CK technique mapping.
Orchestrate Cross-Tool Workflows
Correlate alerts across identity, cloud, and ticketing systems for comprehensive response.
Power Security Analytics
Trend analysis and reporting across unified datasets from all your EDR/XDR tools.
Unified Data Models
Consistent data structures that work the same way across all edr / xdr platforms.
Auth
Credential and token metadata for API authentication
Alert
Security events with severity, status, and MITRE ATT&CK technique mapping
Device
Monitored endpoints with agent status, OS details, and health metrics
Policy
Security configurations, rules, and prevention settings
Evidence
Collected artifacts, behavioral signals, and forensic data
User
Linked user activity and endpoint associations
Threat
Detected threats with classification and remediation status