Integrations Overview
BleedWatch integrates with the tools your team already uses so security findings land where they'll actually be addressed — not in another dashboard nobody reads.
What we integrate with today
| Category | Integration | What it does |
|---|---|---|
| Cloud | Google Cloud | Inventory public-facing cloud assets for EASM scans |
| ITSM | ServiceNow | Auto-create incidents from critical findings |
| Issue tracking | Jira, Linear | Create issues from findings in your team's tracker |
| Chat | Slack, Microsoft Teams | Post finding summaries to a channel |
| SIEM | Splunk, Datadog, Elastic, QRadar, custom | Forward findings as CEF/JSON events (see Settings → SIEM) |
| Code | GitHub | PR creation, webhook-driven scans (see Shield) |
If an alert doesn't reach its channel as expected, start at Routing Troubleshooting.
How most integrations work
The majority follow one of two patterns:
OAuth-based (Jira, Linear, ServiceNow): you authorize BleedWatch against your instance once; we store encrypted access + refresh tokens and handle renewal transparently.
Credential-based (GCP, AWS, Azure, DigitalOcean): you paste a long-lived credential (service account JSON, access key, etc.); we encrypt it with AES-256-GCM envelope encryption — the plaintext is never persisted.
Neither pattern requires BleedWatch to write to your systems beyond the specific capability the integration advertises (create issue, create incident, post to channel). All credentials are scoped per company — there is no cross-tenant access.
Choosing where findings go
Integrations are the transport. The decision of which findings go where lives in Sentinel → Routing Rules:
Finding matches rule → Rule fires → Alert dispatches via its configured channel
A single finding can fan out to multiple channels. A rule can also be narrow — e.g. severity=critical AND secret_type=aws_access_key → servicenow only. See Sentinel → Routing Rules for the full model.
Can I use integrations without Sentinel?
Yes — most integrations work standalone. Cloud providers are independent of Sentinel (they feed EASM discovery directly). SIEM export can be configured at Settings → SIEM. Issue trackers and ServiceNow can be driven from the Findings page (⋯ menu → Create issue / incident) without any routing rule.
Sentinel becomes valuable when you want this to happen automatically based on rules you define once.