Our Integrations
Covering More of the Cloud's Attack Surface
Modern threat actors are compromising identity providers, and moving across environments through cloud service providers, SaaS apps, and CI/CD pipelines. Permiso's library of integrations tracks activity across cloud environments.

Okta
Monitor when multiple MFA verifications were denied, factors were reset or deactivated, as well as Okta detections such as threat suspected, suspicious sessions, high risk session API tokens created and more
Identity Provider
Identity Provider

Ping Identity
Detect bucket versioning being disabled, MFADelete disabled, Workmail Mailbox Exported Public, Public access and more.
Identity Provider
Identity Provider

Google Cloud Platform
Detect suspicious activity in Google Cloud Platform such as Compute, Storage, App Engine, Secrets Manager, Logging, Network, SSO and IAM.
Infrastructure
IaaS

AWS
S3
Detect bucket versioning being disabled, MFADelete disabled, Workmail Mailbox Exported Public, Public access and more.
Infrastructure
IaaS

AWS
S3
Detect bucket versioning being disabled, MFADelete disabled, Workmail Mailbox Exported Public, Public access and more.
Infrastructure
IaaS

AWS
IAM
Monitor Root passwords or email changes, activity of potentially compromised secrets, mass mailer scripts, roles that allow for external access and more.
Infrastructure
IaaS

AWS
Config
Monitor if Amazon Config has been disabled in any of your environments, a common tactic by threat actors.
Infrastructure
IaaS

AWS
ECS
Detects when an Elastic Container Service (ECS) Task Definition has been modified and run.
Infrastructure
IaaS

AWS
Cloudwatch
Detect when a CloudWatch alarm has been deleted, this may be an attempt to evade detection.
Infrastructure
IaaS

AWS
APIGateway
Detect when an AWS API Gateway key was created. These keys grant access to an API, often for development purposes.
Infrastructure
IaaS

AWS
Workmail
Detect when a workmail mailbox has been exported, exported public or if a suspicious user has been created.
Infrastructure
IaaS

AWS
SSM
Detect SSM remote code execution and suspected malicious script execution.
Infrastructure
IaaS

AWS
GuardDuty
Monitor when IPSet Lists have changed, threat lists of changed or status has been altered.
Infrastructure
IaaS

AWS
RDS
Monitor RDS Snapshot sharing with vendors, given or restored public access, as well as deletion protection disabled and master password resets.
Infrastructure
IaaS

AWS
Cloudtrail
Get notified when CloudTrail logging has been stopped or deleted, a common tactic employed by threat actors.
Infrastructure
IaaS

AWS
Route53
Monitor Route53 domain transfer activity as well as those created with public zone selected.
Infrastructure
IaaS

AWS
CodeBuild
Detect any AWS CodeBuild projects that have been made public.
Infrastructure
IaaS

AWS
Resource Access Manager (RAM)
Learn when AWS Resource Access Manager (RAM) settings were modified
Infrastructure
IaaS

AWS
SES
SES Access key activity such as enable sending, request production status, list identities verified, verify sending status, key abuse, key list identities and more.
Infrastructure
IaaS

AWS
Elastic Block Storage (EBS)
Monitor when Amazon Elastic Block Store (EBS) encryption has been disabled for a particular region.
Infrastructure
IaaS

AWS
STS
Learn when federation tokens are created that have overly permissive policies that allows all actions.
Infrastructure
IaaS

AWS
Secrets Manager
Detect when an identity has successfully retrieved a key from AWS Secrets Manager via the GetSecretValue action.
Infrastructure
IaaS

Microsoft
Azure Compute
Learn when an azure virtual machine (VM) has had commands executed against it, which may execute as System.
Infrastructure
IaaS

Microsoft
Azure Blob Storage
Detect when Azure blob storage has had permissions modified that could lead to data exposure.
Infrastructure
IaaS

Microsoft
Azure Key Vault
Monitor when an Azure Key Vault was either created or updated in order to secure certificates, connection strings, encryption keys and passwords.
Infrastructure
IaaS

Microsoft
Azure Automation
Discover when Automation Runbooks have been created or deleted, webhooks have been created or code has changed, as well as when accounts were created or deleted.
Infrastructure
IaaS

Microsoft
Defender
Know when an Azure Defender for Cloud alert has been suppressed, a common tactic by threat actors.
Infrastructure
IaaS

Microsoft
Azure Network
Monitor when Azure Network watchers are created, updated or deleted, packet capture was created or updated or network taps are created or updated.
Infrastructure
IaaS

Microsoft
Azure Backup Vault
Learn when Azure Backup Vaults are created or disabled, signs of ransomware or similar attacks.
Infrastructure
IaaS

Microsoft
Azure Role-based Access Control
Learn when Azure Backup Vaults are created or disabled, signs of ransomware or similar attacks.
Infrastructure
IaaS

Microsoft
Entra ID
Learn when service principle creates certificates or secrets, PIM identity denied role as well as when alerts are fired or disabled, as well as tenants or resources offboarded. Monitor when general admin or high risk admin, privileged admin, medium risk admin and global admin role memberships are added.
Identity Provider
Identity Provider

Microsoft
Entra ID IAM
Learn when password reset verification is blocked, registered app certificates created as well as suspicious MFA activity such as factor deletion or rotation by both user and Admins.
Identity Provider
Identity Provider

Applications
Detect suspicious gmail activity such as deep scan disabled, routing rules modified or delayed delivery disabled, in addition to password reuse enabled or strong enforcement disabled.
SaaS
Productivity Tools

IAM
Monitor when accounts are disabled, passwords have leaked, MFA disabled, admin role assignment and suspicious login behavior.
SaaS
Productivity Tools

Account
Learn when domains have been added or removed to the trusted list for the account.
SaaS
Productivity Tools

Drive
Detect when an identity has performed a mass deletion or download of files and folders.
SaaS
Productivity Tools

Microsoft
Exchange
Detect transport rules and inbox rules that redirect or forward to external domains, when identities give full access to another mailbox or forwarded to an external domain.
SaaS
Productivity Tools

Microsoft
Sharepoint
Detect when an identity has performed a mass deletion or download of files and folders, as well as malware detections via Microsoft 365 virus detection.
SaaS
Productivity Tools

Microsoft
OneDrive
Detect when an identity has performed a mass deletion or download of files and folders, as well as malware detections via Microsoft 365 virus detection.
SaaS
Productivity Tools

Github
Monitor when Github repositories have been transferred outside the organization or updated to public.
SaaS
Code Repository

Atlassian
Jira
Monitor when a Jira Service has been deleted, mail queue flushed, monitor JMX disabled, global permissions added and more.
SaaS
Ticketing

Atlassian
Confluence
Detection for your company's wiki when support Zip is created or downloaded, data is exported, or global settings are edited.
SaaS
Collaboration Tools

1Password
Threat detection for 1Password's password management system.
SaaS
Security

Snowflake
Detect anomalous access, compromised credentials and malicious data access, credential leakage in Snowflake.
SaaS
Data & Analytics

Slack
Detect when EKM keys are added, user anomaly exfiltration, reconnaissance and other suspicious behavior in a slack instance.
SaaS
Productivity Tools

Salesforce
CRM
Detect anomalous access and activity into your salesforce account, exporting of data and more
SaaS
Productivity Tools

Terraform
Hashicorp
Inventory all of your users in Terraform, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
Infrastructure
PaaS

Zoom
Inventory all of your users in Zoom monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Notion
Inventory all of your users in Notion, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Miro
Inventory all of your users in Miro, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Gitlab
Gitlab Cloud
Inventory all of your users in Gitlab Cloud, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Code Repository

Postman
Inventory all of your users in Postman, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Open AI
Inventory all of your users in Open AI, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
AI Provider

Vanta
Inventory all of your users in Vanta, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Grafana Labs
Inventory all of your users in Grafana Labs, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Data & Analytics

FrontEgg
Inventory all of your users in FrontEgg, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Anthropic
Inventory all of your users in Anthropic, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
AI Provider

Docusign
Inventory all of your users in Docusign, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Semgrep
Inventory all of your users in Semgrep, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Calendly
Inventory all of your users in Calendly, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Sentry
Inventory all of your users in Sentry, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Atlassian
BitBucket
Inventory all of your users in BitBucket, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Code Repository

Tableau
Inventory all of your users in Tableau, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Data & Analytics

Deel
Inventory all of your users in Deel, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Human Resources

Trello
Inventory all of your users in Trello monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Dropbox
Inventory all of your users in Dropbox, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Hubspot
Inventory all of your users in Hubspot, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
CRM

Duo Security
Inventory all of your users in Duo Security, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
Identity Provider
Identity Provider

Smartsheet
Inventory all of your users in Smartsheet, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Zoho
Inventory all of your users in Zoho CRM, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
CRM

Zendesk
Inventory all of your users in Zendesk, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Ticketing

Xero
Inventory all of your users in Xero, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Accounting

Apollo io
Inventory all of your users in Apollo, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Asana
Inventory all of your users in Asana, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Automox
Inventory all of your users in Automox, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

BambooHR
Inventory all of your users in BambooHR, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Human Resources

Cisco Meraki
Inventory all of your users in Cisco Meraki, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Cloudflare
Inventory all of your users in Cloudflare, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Databricks
Inventory all of your users in Databricks, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Data & Analytics

Dynatrace
Inventory all of your users in Dynatrace, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

JFrog
Artifactory
Inventory all of your users in JFrog Artifactory, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Security

Mailchimp
Inventory all of your users in Mailchimp, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

Monday
Inventory all of your users in Monday, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools

ServiceNow
Inventory all of your users in ServiceNow, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Ticketing

Webex
Inventory all of your users in Webex, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.
SaaS
Productivity Tools



Hear Ye, Hear Ye
Subscribe to Cloud Chronicles for the latest in cloud security!