Works with your
existing security stack
Centraleyezer ingests results from the scanners you already run, fits your identity infrastructure, and forwards events to your SIEM — no rip-and-replace required.
Showing 60 integrations — 43 available, 17 on roadmap
Nessus Professional
Industry-standard vulnerability scanner. Covers network hosts, ports, services, authenticated local checks, web application scanning, and CIS/DISA STIG compliance auditing.
Tenable.io SC (Security Center)
Tenable Security Center with distributed sensor architecture for continuous network vulnerability and compliance assessment at enterprise scale.
Qualys VMDR
Qualys Vulnerability Management, Detection and Response — covers network assets, web application DAST, and policy compliance. All POD regions: US, EU, India, Canada, UK, Australia.
Rapid7 InsightVM
Rapid7 InsightVM network vulnerability assessment with live exposure analytics and full finding lifecycle mapping.
OpenVAS / Greenbone
Open-source network vulnerability scanner (OpenVAS / Greenbone Community Edition). CSV export import covering hosts, services, and authenticated OS checks with CVE correlation.
Outpost 24
Outpost 24 vulnerability assessment findings covering network and web application vulnerabilities. XML import.
BeyondTrust
BeyondTrust network vulnerability scanner findings imported via CSV export for centralised tracking and risk prioritisation.
Intruder
Intruder continuous vulnerability scanner findings covering network exposure and web application issues. CSV import.
GFI Languard
GFI Languard network security scanner findings — covers patch status, missing hotfixes, and network vulnerability alerts. XML import.
Metasploit Pro
Metasploit Pro vulnerability scan and exploitation results imported via XML for validated finding tracking.
Nipper
Nipper network device security audit results for routers, switches, and firewalls. XML and CSV import with CIS/DISA benchmark mapping.
Shodan
Shodan API for external perimeter visibility — discovers internet-exposed services, open ports, banners, and misconfigurations across your IP ranges.
AlienVault USM
AlienVault USM vulnerability and threat data imported via CSV and XLS exports for unified risk tracking.
Microsoft Defender for Endpoint
Microsoft Defender vulnerability management findings from the Microsoft 365 Defender portal — covering Windows, macOS, and Linux endpoint vulnerabilities.
AWS Inspector
Amazon Inspector vulnerability findings for EC2 instances, Lambda functions, and ECR container images. JSON import with CVE and CVSS mapping.
Trivy
Aqua Trivy open-source scanner for container images, filesystems, and IaC. JSON import covering OS packages and language library vulnerabilities.
Harbor (container registry)
Harbor OCI-compliant registry scan result ingestion. Tracks vulnerabilities across your entire container image catalogue as images are built and pushed.
AgentSec
Centraleyezer AgentSec endpoint agent for host-level vulnerability collection on assets where agentless scanning is not possible. Task-driven via the Centraleyezer agent API.
Wazuh
Wazuh agent-based security monitoring deployed on endpoints and servers. Feeds vulnerability data, security events, and SCA compliance check results into Centraleyezer.
Red Hat Satellite
Red Hat Satellite patch and vulnerability data ingestion for RHEL-based infrastructure. Tracks package-level vulnerabilities and errata across managed hosts.
Lynis
Lynis host security audit findings covering system hardening, configuration weaknesses, and compliance checks across Linux and Unix systems.
Burp Suite Enterprise
PortSwigger Burp Suite Enterprise Edition web application DAST. XML and API import with full request/response evidence, OWASP classification, and issue confidence mapping.
Acunetix
Acunetix DAST web vulnerability scanner. XML and JSON import covering SQLi, XSS, SSRF, authentication bypass, and 7,000+ web vulnerability checks.
Detectify
Detectify continuous DAST and external attack surface management via API. Covers web application vulnerabilities and exposed assets across your domains.
HCL AppScan
HCL AppScan On Cloud and AppScan SAST — covers dynamic web application testing and static source code analysis. API and file import.
OWASP ZAP
OWASP Zed Attack Proxy open-source DAST findings. XML import covering active and passive scan results with OWASP classification.
Netsparker / Invicti
Invicti (formerly Netsparker) web application security scanner findings. XML and JSON import with proof-based scanning results and CVSS mapping.
HP WebInspect
OpenText (HP) WebInspect dynamic application security testing findings. XML import covering web vulnerabilities, authentication flaws, and business logic issues.
AppSpider (Rapid7)
Rapid7 AppSpider DAST scan results. XML import with full vulnerability detail, attack traffic evidence, and remediation guidance.
Nikto
Nikto open-source web server scanner findings. XML import covering misconfigurations, dangerous files, outdated software, and server-level vulnerabilities.
w3af
w3af open-source web application attack and audit framework findings. XML import with OWASP-classified vulnerabilities.
WPScan
WPScan WordPress vulnerability scanner findings. JSON import covering plugin, theme, and core vulnerabilities in WordPress installations.
SSL Labs
Qualys SSL Labs API for TLS/SSL configuration assessment. Identifies weak cipher suites, expired certificates, BEAST/POODLE/CRIME exposure, and insecure protocol versions.
Snyk Code
Snyk SAST and SCA findings import covering static code analysis (Snyk Code) and open-source dependency vulnerabilities (Snyk Open Source).
Semgrep
Semgrep static analysis findings for custom and community rule sets. Covers security anti-patterns, hardcoded secrets, and OWASP Top 10 code-level issues.
Checkmarx
Checkmarx SAST scan result import covering source code vulnerabilities, data flow analysis, and OWASP/SANS classification.
Fortify SAST (OpenText)
OpenText Fortify Static Code Analyzer scan results — covers 800+ vulnerability categories across 27+ programming languages.
Mend.io (WhiteSource)
Mend.io (formerly WhiteSource) open-source vulnerability findings. JSON export import for centralised dependency risk tracking.
OWASP Dependency-Check
OWASP Dependency-Check open-source SCA findings covering known vulnerable libraries in Java, .NET, Python, Node.js, and more.
Black Duck (Synopsys)
Synopsys Black Duck SCA findings for open-source component vulnerabilities and licence risk across all major package managers.
JFrog Xray
JFrog Xray SCA and container security findings — covers binary components, Docker layers, and artefact dependencies across JFrog Artifactory.
AppDetectivePro
Application Security AppDetectivePro database vulnerability scanner. CSV import covering Oracle, SQL Server, MySQL, PostgreSQL, and DB2 misconfigurations and patch levels.
Imperva Scuba
Imperva Scuba free database vulnerability scanner. File-based import covering database configuration weaknesses, patch levels, and CIS benchmark compliance across Oracle, SQL Server, MySQL, PostgreSQL, and DB2.
IBM Guardium
IBM Guardium database vulnerability assessment and activity monitoring findings. Covers misconfigurations, patch levels, privilege abuse, and compliance policy violations.
Trustwave DbProtect
Trustwave DbProtect database vulnerability scanner covering Oracle, SQL Server, MySQL, PostgreSQL, DB2, and Sybase.
Qualys Database Security
Qualys database vulnerability and compliance module covering major RDBMS platforms and CIS/DISA benchmark checks.
FOFA
FOFA cyberspace search engine API for external attack surface discovery — identifies exposed services, banners, and assets on your IP ranges and domains.
Censys
Censys internet intelligence API for attack surface management — discovers exposed hosts, certificates, and misconfigured services.
OpenSCAP / SCAP Workbench
OpenSCAP findings against DISA STIG, CIS Benchmarks, and PCI-DSS profiles. XCCDF/ARF result import for OS hardening compliance tracking.
CIS-CAT Pro
CIS-CAT Pro benchmark assessment results — maps configuration compliance findings to CIS Controls v8 and specific OS/application benchmark profiles.
LDAP / Active Directory
Microsoft Active Directory and generic LDAP authentication. Supports user provisioning, group-based role mapping, and nested group resolution.
Entra ID / Azure AD
Microsoft Entra ID (Azure Active Directory) via OAuth2 / OIDC for cloud-first and hybrid organisations.
2FA — TOTP
Time-based one-time password (TOTP) two-factor authentication compatible with Google Authenticator, Authy, and any RFC 6238-compliant app.
SSO — SAML 2.0
SAML 2.0 single sign-on for enterprise identity providers including Okta, OneLogin, Ping Identity, and any SAML-compliant IdP.
Email notifications
Rule-based email alerts on finding creation, severity changes, SLA breaches, status transitions, and resolution. Configurable per project, asset, and network.
Slack
Slack webhook notifications for finding and project events — keep your security channel informed without manual status updates.
XML
Import vulnerability findings from any XML-based scanner export — .nessus, Burp Suite XML, Acunetix XML, GFI Languard XML, Metasploit XML, OWASP ZAP XML, WebInspect XML, AppSpider XML, Nipper XML, Outpost 24 XML, XCCDF/ARF (SCAP), and more.
JSON
Import vulnerability findings from any JSON-based scanner export — Rapid7 InsightVM, AWS Inspector, Acunetix JSON, Trivy, Harbor, WPScan, Mend.io, Qualys JSON, and more.
CSV
Import vulnerability findings and bulk asset data from CSV exports — OpenVAS/Greenbone, BeyondTrust, AlienVault USM, AppDetectivePro, Intruder, and more. Also supports plain-text asset lists with custom field mapping.
REST API
Full REST API across findings, assets, projects, networks, users, roles, tags, categories, software, and permissions. JSON over HTTPS with token authentication.
Enables custom integration with any ticketing system, ITSM, SOAR, or orchestration platform.
Not on the list?
Build it with the API.
Centraleyezer exposes a full REST API across every resource — findings, assets, projects, networks, users, roles, and tags. Connect any ticketing system, ITSM, SOAR, or orchestration platform that isn't listed above.
- Findings CRUD — create, update, close via API
- Asset management — sync from your CMDB
- User and role provisioning
- Project and scope management
- Bulk operations with full audit logging
// Close a finding via API
PUT /api/finding/{id}
{
"status": "resolved",
"resolution_note": "Patched in deploy 4.2.1",
"resolved_by": "jsmith"
}
// 200 OK — finding closed, audit logged