Two integration paths only. Both have survived every healthcare procurement review we have been asked to support.
CybrIQ emits identity events through two outbound paths only: syslog and a REST API. No webhooks. No STIX/TAXII. No vendor-proprietary connectors. The two paths cover every consumer below.
SIEM (Security Information and Event Management).
Splunk Enterprise, Microsoft Sentinel, Google Chronicle, Elastic, IBM QRadar, Sumo Logic. Identity events arrive via syslog with timestamped switchport context. The same parser that handles the rest of your network infrastructure messages handles CybrIQ events.
GRC (Governance, Risk, and Compliance).
RSA Archer, ServiceNow GRC, MetricStream, OneTrust, LogicGate. Inventory exports via REST land in the asset module on your refresh cadence. The methodology paragraph cites the API contract; the field mapping is documented in the integration guide.
CMMS (Computerized Maintenance Management System) and biomedical asset systems.
Nuvolo, TRIMEDX, Medigate CMMS, AssetWatch. Reconciliation between Clinical Engineering's CMMS and InfoSec's inventory has historically been manual. The REST API supports the bidirectional reconciliation pattern most programs adopt.
NAC (Network Access Control).
Cisco ISE, Aruba ClearPass, Forescout. We feed identity context for the NAC's posture decisions. The NAC remains the enforcement point; we are the identity input.
NDR (Network Detection and Response) and threat-detection platforms.
ExtraHop, Vectra, Corelight, Darktrace. Identity events enrich detection context. We do not perform threat detection ourselves; we supply the device-identity dimension to the platforms that do.
What we do not integrate via.
Webhooks (no), STIX/TAXII (no), vendor-proprietary push (no). The discipline keeps the integration footprint reviewable and the security posture defensible. Customers occasionally request these; we do not add them on request because the surface-area cost is real.