This section is a catalog. Pick a source, follow a short setup guide, then validate that:Documentation Index
Fetch the complete documentation index at: https://docs.socfortress.co/llms.txt
Use this file to discover all available pages before exploring further.
- logs are ingesting
- dashboards populate (after provisioning)
- alerting can be enabled (built-in or custom)
The mental model
Almost every integration follows this pattern:- Ingest events (API integration or syslog)
- Store events in your SIEM datastore (Wazuh Indexer / OpenSearch-backed)
- (Often) build alerts in Graylog → alerts land in
gl-events* - CoPilot shows alerts in Incident Management → Alerts → operators open Cases
First-wave integrations
Network connectors (syslog)
- Network connectors overview
- Fortinet: FortiGate
- Palo Alto Networks: PAN-OS
- Cisco: ASA