Technical reference

VORXOC integration architecture

How VORXOC ingests multi-vendor telemetry, normalizes fields for correlation, and keeps response actions consistent across your SOC stack. Use this page as the starting point before you map products in the live connector catalog.

Ingestion and collection

  • REST APIs and webhooks for cloud-native services and internal applications.
  • Syslog, CEF, and LEEF for network, firewall, and legacy security appliances.
  • Vendor-native connectors for major EDR/XDR, identity, email security, and cloud telemetry.

Parsing and normalization

  • Schema mapping aligns disparate event types to a common analyst timeline.
  • Entity extraction (user, host, IP, process) feeds correlation and incident scoping.
  • Detection logic runs on normalized records so rules stay vendor-agnostic where possible.

Response orchestration

  • Playbooks trigger SOAR-style actions through supported integrations.
  • Analysts approve containment steps from the same incident view where evidence is reviewed.