New · Auto-mapping SOC 2 controls for internally-built agents
SOC 2 Type II·HIPAA·ISO 27001
100 connectors · 12 categories · credentials managed

The tools your agents touch — wrapped, gated, and audited.

Connectors are SDK-shaped on the agent side and policy-enforced on the platform side. Secrets never leave Arx; the agent receives a short-lived handle. Every write is auditable, every high-risk action is gate-able, every rotation is a platform operation — not a deploy.

Browse · EDR & XDR CSPM & cloud Identity SIEM & logs ITSM & ticketing Comms Vuln mgmt Network Data
C · 01 / EDR & XDR

Detection, containment, telemetry.

Endpoint actions are where agents do the most damage when they misbehave. Every write here is behind a declared approval gate by default. Simulation mode lets you flip enforcement on safely.

CS

CrowdStrike Falcon

v2.14 · GA · 34 methods

Detections, incidents, host containment, RTR commands, IOA/IOC management. Write paths default-gated with diff preview for approvers.

Rdetections.list
Rincidents.aggregate
Whosts.contain · approval
Wrtr.execute · approval
SN

SentinelOne Singularity

v1.8 · GA · 28 methods

Threats, deep visibility queries, network quarantine, agent management. Designed so a CAB-approved runbook can execute in seconds without credential handoff.

Rthreats.list
Rdv.queries.run
Wagents.disconnect · approval
Wthreats.mitigate
MD

Microsoft Defender

v2.2 · GA · 41 methods

Defender XDR, Defender for Cloud, Defender for Endpoint, Identity. Cross-product alert correlation exposed as a single connector surface.

Ralerts.list
Rincidents.get
Wmachineactions.isolate · approval
Wincidents.update
Pa
GA
Palo Alto Cortex XDR
22 methods · v1.6
ReadWrite · gated
CB
GA
Carbon Black Cloud
18 methods · v1.3
ReadWrite · gated
Tv
GA
Trellix EDR
14 methods · v1.1
Read
Cb
Beta
Cybereason
12 methods · v0.9
Read
C · 02 / CSPM & CLOUD

Posture, misconfig, remediation.

Cloud-write connectors ship with a declared blast-radius contract. Resource-level gate rules, not just action-level — so "destroy test S3 bucket" doesn't unlock "destroy prod."

Wz
GA
Wiz
31 methods · v2.1
ReadWrite · gated
AW
GA
AWS
IAM · EC2 · S3 · RDS
ReadWrite · gated
Az
GA
Azure
ARM · Entra · Defender
ReadWrite · gated
GC
GA
Google Cloud
IAM · GCE · GCS
ReadWrite · gated
Pc
GA
Prisma Cloud
26 methods
ReadWrite · gated
La
GA
Lacework
19 methods
Read
Or
GA
Orca Security
22 methods
Read
Sy
Beta
Sysdig Secure
14 methods · v0.8
Read
C · 03 / IDENTITY

Users, groups, sessions.

Deactivations, unlocks, MFA resets — the highest-frequency agent write target and the one most frequently misused. Default-gated, with per-OU scoping.

Ok
GA
Okta
Users · Groups · Apps
ReadWrite · gated
En
GA
Entra ID
36 methods
ReadWrite · gated
Du
GA
Duo Security
18 methods
ReadWrite · gated
Pa
GA
PingOne
22 methods
ReadWrite · gated
Cb
GA
CyberArk
28 methods
ReadWrite · gated
Hv
GA
HashiCorp Vault
Secrets · PKI · DB
ReadWrite · gated
1P
Beta
1Password Business
11 methods · v0.6
Read
JC
Beta
JumpCloud
14 methods · v0.7
Read
C · 04 / SIEM & LOGS

Search, correlate, enrich.

Query timeouts, row limits, and per-index ACLs enforced in the connector. Your agent can't accidentally DoS the SIEM because the policy won't let it.

Sp
GA
Splunk
ES · Core · SOAR
ReadWrite · gated
Se
GA
Microsoft Sentinel
Workbooks · KQL · rules
ReadWrite · gated
El
GA
Elastic Security
ES · cases · rules
ReadWrite
Dd
GA
Datadog
Logs · APM · signals
Read
Sr
GA
Sumo Logic
Cloud SIEM · search
Read
Qr
GA
IBM QRadar
Offenses · AQL
Read
Cr
GA
Chronicle (GSec)
UDM · rules
Read
Ex
GA
Exabeam
Sessions · alerts
Read
C · 05 / ITSM & TICKETING

Incidents, changes, problems.

The most common "agent did something weird" surface area. Every state transition is policy-evaluated against the CAB-defined transition graph for that table.

SN
GA
ServiceNow
ITSM · SecOps · IRM
ReadWrite · gated
Ji
GA
Jira
Cloud · DC
ReadWrite
PD
GA
PagerDuty
Incidents · schedules
ReadWrite
Op
GA
Opsgenie
Alerts · on-call
ReadWrite
Fr
GA
Freshservice
19 methods
ReadWrite
Zd
GA
Zendesk
22 methods
ReadWrite
Sh
Beta
Shortcut
9 methods · v0.5
Read
Li
Beta
Linear
12 methods · v0.7
Read
C · 06 / COMMS & COLLAB

Notify, escalate, attach.

Per-channel rate limits and recipient ACLs enforced server-side. Your agent will not accidentally at-here the entire company because a prompt told it to.

Sl
GA
Slack
Messages · channels · files
ReadWrite · gated
Tm
GA
Microsoft Teams
Messaging · files
ReadWrite · gated
Em
GA
SMTP (generic)
Send · attach
Write · gated
Tw
Beta
Twilio
SMS · Voice
Write · gated
Don't see what you need?

A connector, built to your team's standards, in ten business days.

If your agent needs a tool we don't ship yet, we build it — on-contract, with the same SDK shape, secret-handling posture, and control-bound evidence emitter as every other connector in the catalog. You file a spec, we build, your review board gets exactly one new artifact to review.

Spec acceptedSame day
Beta connector5 business days
GA, gated10 business days
SOC 2 controls mappedWith GA release
Source licenseYours, perpetually
Request a connector How connectors work

Wire your agent to the whole stack in an afternoon.

30-minute demo. We'll swap one of your agents onto Arx-managed connectors and show you the audit trail, approval gate, and control-mapped evidence emitter live.

Book a demo Read the platform brief