The types of Connectors:
Enrichment Connectors
Enrichment connectors enhance existing alert or incident information by pulling additional context from external systems. This enriched data helps security teams better understand the scope, severity, and impact of an alert or incident, enabling faster and more informed decision-making during investigation and triage.
Ingestion Connectors
Ingestion connectors are used to ingest alerted or security-relevant data from external sources into XDR. These connectors ensure that alerts, events, and signals generated outside XDR are centralized and correlated, providing comprehensive visibility across the security ecosystem.
Response Connectors
Response connectors enable automated or manual remediation actions by invoking specific functions through playbooks. They help streamline incident response by triggering predefined actions—such as isolating assets, blocking indicators, or notifying stakeholders—directly from XDR workflows.
The following table describes fields that you can view on the Connectors page.
| Fields | Description |
| CONNECTOR NAME | Displays the name of the Connector. |
| VENDOR | Displays the name of the Vendor. |
| TENANT INSTANCE | Displays whether the instance is configured. |
| FUNCTIONS | Displays functions associated with the Connector. |
When you click any row of the connector, the details of the connector appear in the right pane.
In Ingestion Connector, the Checkpoint Firewall Connector support is available.
With the new functions supported in the Response Connector, a user can perform the following remediation actions through playbooks.
- Host Reboot
- Host Isolation
- Host Reconnection
- Process Kill
- Process Quarantine
- File Quarantine
- Registry Delete