Data Sources

Astral supports a broad set of data sources across security, infrastructure, cloud, and operational domains. This wide coverage enables comprehensive visibility and correlation across multiple layers of the environment, ensuring that security-relevant signals from different technologies can be analyzed within a unified SIEM platform. The supported data sources are grouped by category below.

Security Tools & EDR Astral integrates with endpoint detection and response and security platforms to collect alerts, detections, and telemetry related to endpoint activity and threat detection. Supported sources include CrowdStrike Falcon, SentinelOne, Microsoft Defender ATP, Carbon Black Cloud, Kaspersky, Cynet, Palo Alto NG, Fortinet, Pfsense, Firewall Cisco, and Trend Micro Vision One.

Threat Intelligence & Enrichment Astral supports multiple threat intelligence and enrichment providers, enabling contextualization of events with external risk information. Supported sources include VirusTotal, URLVoid, Talos ThreatSource, AbuseIPDB, Recorded Future, DomainTools, ThreatQ, Shodan, and JoeSandbox.

Email & Collaboration To support monitoring of communication platforms and collaboration tools, Astral ingests events related to messaging, email activity, and abuse detection. Supported sources include Microsoft Teams, Slack, Exchange, Mimecast, Cisco Email Security, and Twilio.

Cloud & Infrastructure Astral provides native support for major cloud providers and infrastructure platforms, enabling ingestion of security and operational data across hybrid and cloud-native environments. Supported sources include AWS services such as EC2, IAM, S3, GuardDuty, and Security Hub; Azure AD and Security Center; Google Cloud services including API, Armor, and Pub/Sub; as well as Docker, Kubernetes, and vSphere.

Vulnerability Management Astral ingests data from vulnerability management platforms to correlate exposure, asset risk, and security events. Supported sources include Nessus, Tenable.io, Orca Security, and Qualys via HTTP API.

Data Sources & Databases Astral supports direct ingestion and monitoring of structured data sources and databases, enabling correlation with security and operational events. Supported databases include MongoDB, PostgreSQL, Microsoft SQL Server (MSSQL), MySQL, and Redis.

Other Utilities Astral also supports a range of additional utilities and generic ingestion mechanisms, allowing flexible integration with custom systems and data formats. Supported sources include SSH, WMI, REST API ingestion, CSV and JSON input, and Custom HTTP v2 integrations.

Together, these supported data sources enable Astral to operate as a centralized and extensible SIEM, capable of correlating security signals from diverse technologies into a single operational view within the Inopli ecosystem.