Integrations

Integrations

Connect Arbiter to your existing MDM, identity and SIEM tooling.

Available now

Microsoft Intune

Live

Arbiter reads device compliance state from Intune and enforces it at the network layer. Compliant devices authenticate normally; non-compliant devices are quarantined to a remediation VLAN automatically.

  • Compliance-based VLAN assignment via RADIUS attributes
  • No additional agent required on endpoints
  • Works alongside 802.1X and MAB policies
  • Supports Azure AD joined and hybrid-joined devices

SIEM egress

Live

Outbound HTTPS push of Arbiter security events into your SIEM. Per-tenant destination configuration with vendor-specific adapters over a shared transport. No inbound ports on your firewall.

  • Microsoft Sentinel via Data Collection Rule (OAuth client credentials)
  • Elastic / Elasticsearch via the _bulk API with an API key
  • Syslog over TLS (RFC 5424 / RFC 6587) for Graylog, Wazuh, QRadar, Rapid7 InsightIDR and the rest
  • Splunk HEC token-auth, native batch payload over 8088 or 443
  • Generic HTTPS webhook with a configurable auth header covers Datadog, New Relic and custom collectors

Coming soon

The following integrations are in development.

Roadmap
API access

REST API for policy management and log export.