Integrations & Reporting

Your clients pay
for answers.
Shield gives you the receipts.

Shield gives MSSPs a prevention-first network security capability that reduces analyst workload and improves customer outcomes. Shield blocks malicious traffic at the network layer using the Global Threat Engine.

Know More. Miss Less.

Shield gives you the raw material: every killed event, every permitted destination, every new host and IP on the network. Export on your terms. Shape the story your clients want to read.

At a Glance
AudienceMSSP integration and reporting teams
ProblemNeed Shield data flowing into existing SIEM, ticketing, and reporting workflows
How Shield helpsShield Command Hub exports to CSV, integrates with SIEM, and provides per-tenant reporting
Best fitMSSPs running Splunk, Shield Sentinel, QRadar, or similar SIEM platforms
Next stepTalk to an Engineer
Integrations Overview

What Shield
connects to.

Shield is built to feed your existing analyst workflow, not replace it. Standard exports go where you already work. Direct platform integrations are limited and we’re honest about that.

Today

What Shield does

Shield exports event data via standard formats. Command Hub exports CSV and Excel for analyst workflows and customer reports. Shield OnPremise forwards via Syslog to your existing SIEM. Connection-level evidence is available for 72 hours of direct query.

Honest List

What Shield doesn’t do

No exposed API today. No native integrations to ticketing, PSA, RMM, or SOAR tools. No SSO on Command Hub. Partners bridge Shield to those workflows through standard exports today. Deeper platform integrations are on the roadmap.

Data Outputs

Your stack. Your tools.
No translation needed.

Command Hub lays every Shield deployment side by side. Search, filter, and pull what you need without hopping between tools.

01 Every Connection

Full traffic record

Every inbound and outbound connection across every Shield deployment. Killed, permitted, or observed, all timestamped and tenant-scoped.

02 Standard Formats

Works with what you have

Command Hub exports to CSV and Excel. Shield OnPremise forwards via Syslog. Your existing analyst workflow, your existing tools, no middleware.

03 72-Hour Window

Evidence when you need it

Connection evidence stays accessible for 72 hours. Pull what matters into your own long-term store the way you do today.

SIEM Integration

Built for
bridging.

Syslog forwarding

Shield OnPremise forwards event data via Syslog to your existing SIEM. A standard ingestion path your team already knows, with no middleware.

Mapping guidance

Key fields documented. Recommended parsing patterns provided. Your engineers don’t need to reverse-engineer the schema.

What’s in the box today

Command Hub feeds analyst workflows. Shield OnPremise feeds SIEMs. Two paths, well documented, used by partners today.

Roadmap

Deeper platform integrations to ticketing, PSA, RMM, SOAR are on the roadmap. We’ll tell you when they land.

Reporting for Customers

The story you tell
your clients.

You own the client relationship. Shield arms you with the evidence. Daily operations, monthly rollups, quarterly reviews: the cadence is yours, the data is the same.

What’s in the data

Every Shield deployment writes to the same connection record. Pull from it at any cadence your clients want.

  • + Killed events (DNS, TCP, UDP)
  • + Permitted destinations (including new user-permits)
  • + Bandwidth by connection
  • + New internal hostnames, IPs, MACs
  • + Traffic logs per device

Your rhythm, your voice

Build a weekly digest for your SMB clients. A monthly executive summary for your mid-market. A quarterly board-ready rollup for enterprise. Same source data, three different stories.

This is a feature of how partners work with Shield, not a limitation. You own the client relationship; Shield supplies the evidence.

MSSP Reporting Pack

Templates ready
to attach.

Standard templates partners use to convert Shield’s raw evidence into customer-ready reports. Use them as-is or adapt them to your brand.

Monthly Customer Report

Recurring rollup

Threat blocks, traffic patterns, suspicious endpoints, and risk reduction summary. The standard rhythm your clients expect.

POV Report

Onboarding proof of value

Executive summary plus technical appendix from a 7-to-14 day deployment. Customer-ready language. Recommended next actions.

Custom KPIs

What to show clients

Suggested KPIs partners showcase: threats blocked per period, alert volume reduction, analyst time saved, downtime avoided. All sourced from Shield evidence.

Evidence & Audit

When somebody asks
"what happened,"
you have the receipt.

Connection Detail

Evidence per connection

Every connection Shield blocks or permits is backed by detail-level record. When a client, auditor, or insurer asks what happened, the answer is already in the tenant.

Audit-Ready Format

Out of the gate

Pull evidence the way an auditor wants to see it: timestamped, per-connection, with source and destination intact. No custom parsers, no weird blobs.

Compliance Posture

Connection-level evidence

Every permitted or killed connection has an evidence trail. Shield does not process GDPR or HIPAA-regulated data as part of its operation, so those frameworks don’t apply to it.

SIEM Integration via Syslog.

Shield OnPremise supports syslog output for sending real-time Shield traffic blocking log events to a remote syslog server or SIEM tool. This is the primary integration path for MSSPs who need Shield event data in Splunk, QRadar, Sentinel, or any SIEM that ingests standard syslog.

Detailed message format examples and field definitions are available in the Shield OnPrem Syslog technical note. Contact your Intrusion solutions engineer for the full documentation.

Request Syslog Technical Documentation →

RECOMMENDED NEXT STEP

Ready to see what Shield finds in your environment?

Request a POV Book a Meeting Talk to an Engineer