The types of Connectors:
- GetFileReputation – Fetch the latest reputation of a file during investigation
- UpdateFileReputation – Submit or refresh file reputation based on analysis outcomes
- GetReputation – Retrieve reputation details for a URL during analysis
- UpdateReputation – Update or refine URL reputation based on investigation findings
Enrichment Connectors
Enrichment connectors enhance existing alert or incident information by pulling additional context from external systems. This enriched data helps security teams better understand the scope, severity, and impact of an alert or incident, enabling faster and more informed decision-making during investigation and triage.
Protecti Connector (File Reputation Enrichment)
The Protecti connector allows Incident Responders (IR) and SOC Analysts to quickly check and update file reputation during investigations. When an alert or incident involves a file (hash or artifact), this connector enriches it with reputation intelligence from Seqrite Protecti, helping you determine whether the file is malicious, suspicious, or safe.
This enrichment enables analysts to validate threats faster, reduce false positives, and confidently take response actions such as containment or remediation.
Analyst actions supported:
URLCAT Connector (URL Reputation & Categorization)
The URLCAT connector helps Incident Responders and Analysts analyze URLs involved in alerts or incidents by providing reputation and categorization details. When investigating phishing attempts, malicious links, or suspicious network activity, this connector enriches URLs with intelligence from Seqrite URLCAT.
This allows analysts to quickly assess whether a URL is malicious, risky, or trusted, improving investigation speed and decision-making.
Analyst actions supported:
Ingestion Connectors
Ingestion connectors are used to ingest alerted or security-relevant data from external sources into XDR. These connectors ensure that alerts, events, and signals generated outside XDR are centralized and correlated, providing comprehensive visibility across the security ecosystem.
Response Connectors
Response connectors enable automated or manual remediation actions by invoking specific functions through playbooks. They help streamline incident response by triggering predefined actions—such as isolating assets, blocking indicators, or notifying stakeholders—directly from XDR workflows.
The following table describes fields that you can view on the Connectors page.
| Fields | Description |
| CONNECTOR NAME | Displays the name of the Connector. |
| VENDOR | Displays the name of the Vendor. |
| TENANT INSTANCE | Displays whether the instance is configured. |
| FUNCTIONS | Displays functions associated with the Connector. |
When you click any row of the connector, the details of the connector appear in the right pane.
In Ingestion Connector, the Checkpoint Firewall Connector support is available.
With the new functions supported in the Response Connector, a user can perform the following remediation actions through playbooks.
- Host Reboot
- Host Isolation
- Host Reconnection
- Process Kill
- Process Quarantine
- File Quarantine
- Registry Delete