What's Needed to Use Dropzone

To get started with Dropzone, you'll need at minimum one Alert Source and one Data Source. This gives Dropzone alerts to investigate and the contextual information needed to perform thorough analysis.

Alert Sources

We recommend starting with your primary security monitoring platform, typically your:

• SIEM, for example:

  • Splunk

  • Microsoft Sentinel

  • Panther

• Cloud-native security services, for example:

  • AWS GuardDuty

  • Microsoft Defender

  • Google Cloud Security Command Center

These serve as your “single pane of glass” for security events and provide the most comprehensive alert coverage.

Dropzone also integrates with additional alert-producing tools, including:

• EDR platforms, such as:

  • CrowdStrike

  • SentinelOne

  • Palo Alto Cortex XDR

• Email security tools

• Identity platforms, such as:

  • Okta

  • Microsoft 365

  • Google Workspace

• And many other security tools

Data Sources

For Data Sources, the more you enable, the more powerful Dropzone becomes. Think of it like giving a SOC analyst access to more institutional knowledge—each additional data source enhances the platform’s ability to provide context, correlate information, and make informed decisions.

Dropzone supports 100+ integrations across technologies such as:

• Threat intelligence, for example:

  • CrowdStrike Falcon Intelligence

  • VirusTotal

  • Hybrid Analysis

  • GreyNoise

  • PhishTank

  • And more

• Corporate systems, for example:

  • Microsoft Entra ID

  • Google Workspace

  • Active Directory

  • Jira

  • ServiceNow

• Cloud platforms, for example:

  • AWS

  • Azure

  • Google Cloud

The platform intelligently determines which data sources are relevant for each investigation, so you can confidently enable as many as possible without worrying about information overload.

Check out all of our integrations here.