API Coverage
Compare API endpoint support across different endpoint detection and response platforms. This matrix shows which features are available for each integration.
Filter by capabilities
| RESOURCE | Device | DeviceAlert |
|---|---|---|
 CrowdStrike | ||
 Defender | ||
 SentinelOne |
Field Mappings
Our unified API standardizes data models across different EDR providers. Below you can see how Unizo fields map to provider-specific fields for each data model.
Device
Security alert
| Unizo Field | CrowdStrike | Defender | SentinelOne |
|---|---|---|---|
idAlert ID | |||
stateAlert state | |||
platformDevice platform | |||
hostnamesDevice hostname | |||
osOperating system | |||
fqdnsDevice FQDNs | |||
ipv4sIPv4 address | |||
macAddressesMAC address | |||
sourceVendorsAlert updated | |||
installedSoftwareInstalled software | |||
adInfoAD information | |||
cloudMetadataCloud metadata | |||
tagsDevice tags | |||
identitiesDevice identities | |||
changeLogChange log | |||
lastUpdatedByUpdated by |
Device Alert
Device alert
| Unizo Field | CrowdStrike | Defender | SentinelOne |
|---|---|---|---|
idAlert ID | |||
stateAlert state | |||
titleAlert title | |||
descriptionAlert description | |||
severityAlert severity | |||
vendorAlert vendor | |||
sourceAlert source | |||
statusAlert status | |||
changeLogChange log | |||
lastUpdatedByUpdated by |
Native Provider Field Support
Leveraging nativeResponse
The nativeResponse field enables you to access provider-specific features beyond our unified common data model. This feature allows you to:
- Access provider-specific threat intelligence not included in the common data model
- Implement custom security workflows using native provider capabilities
- Utilize advanced detection features unique to each EDR platform
- Maintain compatibility with existing provider-specific integrations
The nativeResponse field is available exclusively for Enterprise and Launch Customer subscriptions. Contact our sales team to upgrade your plan and unlock access to native provider data.
How to Use nativeResponse
{
"id": "agent-123",
"hostname": "workstation-01",
"os": "Windows 10",
// ... other unified fields
"nativeResponse": {
// Complete provider-specific response
"device_policies": {
"prevention_level": "aggressive",
"sensor_update_policy": "automatic"
},
"threat_graph_id": "tg-456789",
"behavioral_detections": true,
"kernel_driver_version": "6.42.16301.0"
}
}
Need Something More?
Working on a unique EDR integration? Need extra fields for your security tools? We're here to help.
Get in touch:
- Email: support@unizo.ai
- Web: Contact Us
We'd love to hear about your use case and help expand our API to meet your needs.