Integrations

Scanner integrations for your
existing security stack

Centraleyezer ingests results from the scanners you already run, fits your identity infrastructure, and forwards events to your SIEM — no rip-and-replace required.

49 available now17 on the roadmap

Showing 66 integrations 49 available, 17 on roadmap

Nessus Professional

NetworkDASTCompliance

Industry-standard vulnerability scanner. Covers network hosts, ports, services, authenticated local checks, web application scanning, and CIS/DISA STIG compliance auditing.

Integration guide

Tenable.io SC (Security Center)

NetworkCompliance

Tenable Security Center with distributed sensor architecture for continuous network vulnerability and compliance assessment at enterprise scale.

Integration guide

Qualys VMDR

NetworkDASTCompliance

Qualys Vulnerability Management, Detection and Response — covers network assets, web application DAST, and policy compliance. All POD regions: US, EU, India, Canada, UK, Australia.

Integration guide

Rapid7 InsightVM

Network

Rapid7 InsightVM network vulnerability assessment with live exposure analytics and full finding lifecycle mapping.

Integration guide

OpenVAS / Greenbone

NetworkCompliance

Open-source network vulnerability scanner (OpenVAS / Greenbone Community Edition). CSV export import covering hosts, services, and authenticated OS checks with CVE correlation.

Integration guide

Outpost 24

NetworkDAST

Outpost 24 vulnerability assessment findings covering network and web application vulnerabilities. XML import.

Integration guide

BeyondTrust

Network

BeyondTrust network vulnerability scanner findings imported via CSV export for centralised tracking and risk prioritisation.

Integration guide

Intruder

NetworkDAST

Intruder continuous vulnerability scanner findings covering network exposure and web application issues. CSV import.

Integration guide

GFI Languard

NetworkCompliance

GFI Languard network security scanner findings — covers patch status, missing hotfixes, and network vulnerability alerts. XML import.

Integration guide

Metasploit Pro

Network

Metasploit Pro vulnerability scan and exploitation results imported via XML for validated finding tracking.

Integration guide

Nipper

NetworkCompliance

Nipper network device security audit results for routers, switches, and firewalls. XML and CSV import with CIS/DISA benchmark mapping.

Integration guide

Shodan

NetworkOSINT

Shodan API for external perimeter visibility — discovers internet-exposed services, open ports, banners, and misconfigurations across your IP ranges.

Integration guide

AlienVault USM

NetworkSIEM

AlienVault USM vulnerability and threat data imported via CSV and XLS exports for unified risk tracking.

Integration guide

Tripwire IP360

Network

Tripwire IP360 network vulnerability audits imported from the VnE console API — latest completed audit per network, with host and OS detail. CSV import also supported.

Integration guide

NERVE

Network

NERVE open-source network vulnerability scanner findings imported via CSV export.

Integration guide

Microsoft Defender for Endpoint

RoadmapInfraNetwork

Microsoft Defender vulnerability management findings from the Microsoft 365 Defender portal — covering Windows, macOS, and Linux endpoint vulnerabilities.

AWS Inspector

InfraNetwork

Amazon Inspector vulnerability findings for EC2 instances, Lambda functions, and ECR container images. JSON import with CVE and CVSS mapping.

Integration guide

Prowler

InfraCompliance

Prowler cloud security posture findings for AWS, Azure, GCP, and Kubernetes — imported live from the Prowler App API or via Prowler CLI OCSF output files.

Integration guide

Trivy

InfraSCA

Aqua Trivy open-source scanner for container images, filesystems, and IaC. JSON import covering OS packages and language library vulnerabilities.

Integration guide

Harbor (container registry)

Infra

Harbor OCI-compliant registry scan result ingestion. Tracks vulnerabilities across your entire container image catalogue as images are built and pushed.

Integration guide

AgentSec

Infra

Centraleyezer AgentSec endpoint agent for host-level vulnerability collection on assets where agentless scanning is not possible. Task-driven via the Centraleyezer agent API.

Integration guide

Wazuh

InfraSIEMCompliance

Wazuh agent-based security monitoring deployed on endpoints and servers. Feeds vulnerability data, security events, and SCA compliance check results into Centraleyezer.

Integration guide

Red Hat Satellite

Infra

Red Hat Satellite patch and vulnerability data ingestion for RHEL-based infrastructure. Tracks package-level vulnerabilities and errata across managed hosts.

Integration guide

Lynis

InfraCompliance

Lynis host security audit findings covering system hardening, configuration weaknesses, and compliance checks across Linux and Unix systems.

Integration guide

Burp Suite Enterprise

DAST

PortSwigger Burp Suite Enterprise Edition web application DAST. XML and API import with full request/response evidence, OWASP classification, and issue confidence mapping.

Integration guide

Acunetix

DAST

Acunetix DAST web vulnerability scanner. XML and JSON import covering SQLi, XSS, SSRF, authentication bypass, and 7,000+ web vulnerability checks.

Integration guide

Detectify

DASTOSINT

Detectify continuous DAST and external attack surface management via API. Covers web application vulnerabilities and exposed assets across your domains.

Integration guide

HCL AppScan Standard

DAST

HCL AppScan Standard desktop DAST scanner — dynamic web application testing results imported via the scanner’s XML report export, with full test HTTP traffic evidence.

Integration guide

HCL AppScan on Cloud

DASTSAST

HCL AppScan on Cloud (ASoC) — dynamic web application testing and static source code analysis imported over the ASoC API with an API key. XML report import also supported.

Integration guide

HCL AppScan 360

DASTSAST

HCL AppScan 360 self-managed platform — DAST and SAST results imported over the same AppScan REST API, pointed at your own AppScan 360 deployment.

Integration guide

OWASP ZAP

DAST

OWASP Zed Attack Proxy open-source DAST findings. XML import covering active and passive scan results with OWASP classification.

Integration guide

Netsparker / Invicti

DAST

Invicti (formerly Netsparker) web application security scanner findings. XML and JSON import with proof-based scanning results and CVSS mapping.

Integration guide

HP WebInspect

DAST

OpenText (HP) WebInspect dynamic application security testing findings. XML import covering web vulnerabilities, authentication flaws, and business logic issues.

Integration guide

AppSpider (Rapid7)

DAST

Rapid7 AppSpider DAST scan results. XML import with full vulnerability detail, attack traffic evidence, and remediation guidance.

Integration guide

Nikto

DAST

Nikto open-source web server scanner findings. XML import covering misconfigurations, dangerous files, outdated software, and server-level vulnerabilities.

Integration guide

w3af

DAST

w3af open-source web application attack and audit framework findings. XML import with OWASP-classified vulnerabilities.

Integration guide

WPScan

DAST

WPScan WordPress vulnerability scanner findings. JSON import covering plugin, theme, and core vulnerabilities in WordPress installations.

Integration guide

SSL Labs

DASTOSINT

Qualys SSL Labs API for TLS/SSL configuration assessment. Identifies weak cipher suites, expired certificates, BEAST/POODLE/CRIME exposure, and insecure protocol versions.

Integration guide

Barracuda

DAST

Barracuda web application scanner findings imported via CSV export with CWE and CVSS mapping.

Integration guide

Snyk Code

RoadmapSASTSCA

Snyk SAST and SCA findings import covering static code analysis (Snyk Code) and open-source dependency vulnerabilities (Snyk Open Source).

Semgrep

RoadmapSAST

Semgrep static analysis findings for custom and community rule sets. Covers security anti-patterns, hardcoded secrets, and OWASP Top 10 code-level issues.

Checkmarx

RoadmapSAST

Checkmarx SAST scan result import covering source code vulnerabilities, data flow analysis, and OWASP/SANS classification.

Fortify SAST (OpenText)

RoadmapSAST

OpenText Fortify Static Code Analyzer scan results — covers 800+ vulnerability categories across 27+ programming languages.

Mend.io (WhiteSource)

SCA

Mend.io (formerly WhiteSource) open-source vulnerability findings. JSON export import for centralised dependency risk tracking.

Integration guide

OWASP Dependency-Check

RoadmapSCA

OWASP Dependency-Check open-source SCA findings covering known vulnerable libraries in Java, .NET, Python, Node.js, and more.

Black Duck (Synopsys)

RoadmapSCA

Synopsys Black Duck SCA findings for open-source component vulnerabilities and licence risk across all major package managers.

JFrog Xray

RoadmapSCAInfra

JFrog Xray SCA and container security findings — covers binary components, Docker layers, and artefact dependencies across JFrog Artifactory.

AppDetectivePro

DatabaseCompliance

Application Security AppDetectivePro database vulnerability scanner. CSV import covering Oracle, SQL Server, MySQL, PostgreSQL, and DB2 misconfigurations and patch levels.

Integration guide

Imperva Scuba

DatabaseCompliance

Imperva Scuba free database vulnerability scanner. File-based import covering database configuration weaknesses, patch levels, and CIS benchmark compliance across Oracle, SQL Server, MySQL, PostgreSQL, and DB2.

Integration guide

IBM Guardium

RoadmapDatabaseCompliance

IBM Guardium database vulnerability assessment and activity monitoring findings. Covers misconfigurations, patch levels, privilege abuse, and compliance policy violations.

Trustwave DbProtect

RoadmapDatabase

Trustwave DbProtect database vulnerability scanner covering Oracle, SQL Server, MySQL, PostgreSQL, DB2, and Sybase.

Qualys Database Security

RoadmapDatabaseCompliance

Qualys database vulnerability and compliance module covering major RDBMS platforms and CIS/DISA benchmark checks.

FOFA

RoadmapOSINT

FOFA cyberspace search engine API for external attack surface discovery — identifies exposed services, banners, and assets on your IP ranges and domains.

Censys

RoadmapOSINT

Censys internet intelligence API for attack surface management — discovers exposed hosts, certificates, and misconfigured services.

OpenSCAP / SCAP Workbench

RoadmapCompliance

OpenSCAP findings against DISA STIG, CIS Benchmarks, and PCI-DSS profiles. XCCDF/ARF result import for OS hardening compliance tracking.

CIS-CAT Pro

RoadmapCompliance

CIS-CAT Pro benchmark assessment results — maps configuration compliance findings to CIS Controls v8 and specific OS/application benchmark profiles.

LDAP / Active Directory

Identity

Microsoft Active Directory and generic LDAP authentication. Supports user provisioning, group-based role mapping, and nested group resolution.

Entra ID / Azure AD

Identity

Microsoft Entra ID (Azure Active Directory) via OAuth2 / OIDC for cloud-first and hybrid organisations.

2FA — TOTP

Identity

Time-based one-time password (TOTP) two-factor authentication compatible with Google Authenticator, Authy, and any RFC 6238-compliant app.

SSO — SAML 2.0

RoadmapIdentity

SAML 2.0 single sign-on for enterprise identity providers including Okta, OneLogin, Ping Identity, and any SAML-compliant IdP.

Email notifications

SIEM

Rule-based email alerts on finding creation, severity changes, SLA breaches, status transitions, and resolution. Configurable per project, asset, and network.

Slack

RoadmapSIEM

Slack webhook notifications for finding and project events — keep your security channel informed without manual status updates.

XML

Import

Import vulnerability findings from any XML-based scanner export — .nessus, Burp Suite XML, Acunetix XML, GFI Languard XML, Metasploit XML, OWASP ZAP XML, WebInspect XML, AppSpider XML, Nipper XML, Outpost 24 XML, XCCDF/ARF (SCAP), and more.

JSON

Import

Import vulnerability findings from any JSON-based scanner export — Rapid7 InsightVM, AWS Inspector, Acunetix JSON, Trivy, Harbor, WPScan, Mend.io, Qualys JSON, and more.

CSV

Import

Import vulnerability findings and bulk asset data from CSV exports — OpenVAS/Greenbone, BeyondTrust, AlienVault USM, AppDetectivePro, Intruder, and more. Also supports plain-text asset lists with custom field mapping.

REST API

API

Full REST API across findings, assets, projects, networks, users, roles, tags, categories, software, and permissions. JSON over HTTPS with token authentication.

Enables custom integration with any ticketing system, ITSM, SOAR, or orchestration platform.

Available now — fully implemented and supportedRoadmap — planned for an upcoming release
REST API

Not on the list?
Build it with the API.

Centraleyezer exposes a full REST API across every resource — findings, assets, projects, networks, users, roles, and tags. Connect any ticketing system, ITSM, SOAR, or orchestration platform that isn't listed above.

  • Findings CRUD — create, update, close via API
  • Asset management — sync from your CMDB
  • User and role provisioning
  • Project and scope management
  • Bulk operations with full audit logging

// Close a finding via API

PUT /api/finding/{id}

{

"status": "resolved",

"resolution_note": "Patched in deploy 4.2.1",

"resolved_by": "jsmith"

}

// 200 OK — finding closed, audit logged

Ready to connect your stack?

Book a demo and we'll walk through exactly how Centraleyezer fits into your existing tools.

Integrations — Scanners, Identity, SIEM & API | Centraleyezer