# Security

This category covers cloud-native security and threat detection platforms. These tools monitor your environments for suspicious activity, misconfigurations, and active threats — and send high-priority alerts to ITOC360 to ensure the right security engineer is reached immediately.

***

### Integrations in this category

| Integration                        | What it monitors                                                            | Alert delivery        |
| ---------------------------------- | --------------------------------------------------------------------------- | --------------------- |
| **AWS GuardDuty**                  | Threat detection across AWS accounts, IAM, S3, and network activity         | Webhook (EventBridge) |
| **Azure Sentinel**                 | Cloud-native SIEM: log analytics, threat intelligence, incident correlation | Webhook               |
| **Google Security Command Center** | GCP asset vulnerabilities, misconfigurations, and active threats            | Webhook               |
| **CrowdStrike**                    | Endpoint detection and response, threat intelligence                        | Webhook               |

***

### How it works

Security platforms continuously analyze activity logs, network traffic, and endpoint behavior for indicators of compromise. When a threat is detected or a security rule is triggered, the platform sends an alert to your ITOC360 Source webhook URL. ITOC360 applies your escalation policy for that source and immediately notifies the designated security on-call engineer through their configured channel.

{% hint style="warning" %}
Security alerts are typically high severity. Make sure your escalation policy for security sources has short timeouts and at least two escalation levels to ensure critical threats are never missed.
{% endhint %}

***

### Get started


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.itoc360.com/integrations/inbound-integrations/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.