Power security automation and Agentic AI use-cases with normalized data, real-time detections, and deep integration across tools like CrowdStrike, SentinelOne, Microsoft Defender, and more — all through Unizo’s unified schema.
id
device.state
device.platform
device.name
device.type
device_id
state
platform
name
category
machine_id
status
platform
fullName
deviceType
id
status
hostType
host_name
type
id
state
platform
name
type
os.version
fqdns
Fetch alerts, detections, and threat intel in real time
Automatically enrich events with asset, user, or process context
Trigger response playbooks: quarantine host, kill process, log to SIEM, notify analyst
Ingest alerts from multiple EDR/XDR tools in a unified schema
Normalize severities, tactics (MITRE ATT&CK), and threat categories
Feed into SOAR, SIEM, case management, or data lake platforms
Query detection trends, response times, or threat types across tools
Group data by tactic, severity, asset, or source
Export unified logs to your observability or compliance stack
Normalize alerts, assets, processes, and threat context across EDR/XDR tools — with a consistent schema that powers automation, analysis, and agentic decision-making.
Represents credentials or token metadata used to authenticate with the EDR/XDR platform. Tracks token type, expiry, and scopes, and is linked to a tenant or device context.
Represents a security event flagged by the platform’s detection engine. Includes severity, category, technique mapping (e.g., MITRE), and links to device, process, evidence, and user context.
Represents a physical or virtual machine monitored by the EDR/XDR platform. Includes identifiers like hostname, agent version, OS details, status (online/offline), and enrichment like asset group or department.
Represents applied security configurations such as endpoint protection settings, detection thresholds, and response rules. Used to audit coverage and evaluate posture across tenants.
Artifacts collected during alert or incident generation — such as files, hashes, process trees, registry entries, or behavioral signals. Used to enrich alerts and correlate incidents.
Links endpoint and alert activity to an identified user account. Includes domain, email, login context, and optionally directory or IdP metadata.
Explore docs for APIs, SDKs, Connect UI, and MCP servers for Agentic AI workflows
Contact us for a demo. We are looking forward to connecting.
Unizo expert support team is always available for help.
Unizo transforms integrations from a burden into a catalyst for innovation, helping AI and SaaS companies simplify, scale, and accelerate with its embedded integrations platform.
🚀 Grow and scale your startups with Unizo. Talk to us for startup specials! Learn more →
