# Security

This category covers cloud-native security and threat detection platforms. These tools monitor your environments for suspicious activity, misconfigurations, and active threats — and send high-priority alerts to ITOC360 to ensure the right security engineer is reached immediately.

***

### Integrations in this category

| Integration                        | What it monitors                                                            | Alert delivery        |
| ---------------------------------- | --------------------------------------------------------------------------- | --------------------- |
| **AWS GuardDuty**                  | Threat detection across AWS accounts, IAM, S3, and network activity         | Webhook (EventBridge) |
| **Azure Sentinel**                 | Cloud-native SIEM: log analytics, threat intelligence, incident correlation | Webhook               |
| **Google Security Command Center** | GCP asset vulnerabilities, misconfigurations, and active threats            | Webhook               |
| **CrowdStrike**                    | Endpoint detection and response, threat intelligence                        | Webhook               |

***

### How it works

Security platforms continuously analyze activity logs, network traffic, and endpoint behavior for indicators of compromise. When a threat is detected or a security rule is triggered, the platform sends an alert to your ITOC360 Source webhook URL. ITOC360 applies your escalation policy for that source and immediately notifies the designated security on-call engineer through their configured channel.

{% hint style="warning" %}
Security alerts are typically high severity. Make sure your escalation policy for security sources has short timeouts and at least two escalation levels to ensure critical threats are never missed.
{% endhint %}

***

### Get started