Integrations

Works with your tools, without locking you to them

Connect sources to every destination through one declarative pipeline model — define one Job, route outputs to the platforms your teams already use, and avoid per-tool scripts or vendor agents.

Browse integrations See how it works

Sources → Actions → Destinations

Sources

EDR, Windows Events, syslog, APIs

Actions

Filter, mask, enrich, split

Destinations

SIEM, storage, analytics, observability

The Integration Catalog at a Glance

LyftData supports a broad ecosystem across five categories:

SIEM Destinations

Send curated, masked telemetry into security platforms with predictable ingest.

Reduced ingest volume · Consistent masking policy · Longer retention via archives

Observability Platforms

Deliver high-signal logs and metrics without paying for noise.

Cleaner dashboards and faster triage · Predictable ingest billing · Shared pipelines across teams

Storage & Lakes

Keep full-fidelity copies for years in storage you control.

Cheap historical archives · Replay into new tools later · Training sets for ML

Security & OS Sources

Read from EDR, Windows Events, syslog, and APIs without vendor agents.

Consistent ingestion across regions · One masking policy everywhere · Faster source onboarding

Analytics & Warehouses

Send structured outputs to analytics teams without brittle ETL glue.

Shared telemetry for security + data · Faster investigations with joins · Vendor-neutral workflows

Integrate once. Deliver everywhere.

Inputs flow into Jobs, Actions describe transformations, Channels clone governed streams, and Outputs deliver to every destination you choose.

Inputs

Actions

Channels

Destinations

Define once

Model Inputs and Actions once, not per destination vendor.

Clone streams

Use Channels to fan out governed streams in parallel.

Change tools

Swap SIEM/observability outputs with configuration, not re-instrumentation.

Example integration flow

One Job ingests EDR telemetry and fans out to multiple destinations:

Read logs

Read EDR logs from CrowdStrike and Windows Events.

Filter noise

Actions drop duplicates and filter noise.

Mask PII

Actions mask employee IDs and enrich IPs.

Split channels

Fan out governed streams into multiple lanes.

Route to tools

Send curated outputs to Splunk, S3, and Snowflake.

Each step is defined once in the Job and versioned, so governed changes flow safely to every lane.

Result: curated SIEM ingest, cheap archives, and analytics visibility — no duplicated pipelines.

Key connectors

Browse common sources and destinations teams start with, grouped by category.

SIEM

Splunk HEC

Filter, mask, and enrich before ingesting into Splunk.

Microsoft Sentinel

Stream governed events via Azure Blob + Sentinel connectors.

Elastic Security

Send curated, masked telemetry into Elastic.

Observability

Datadog

Deliver only the high-signal metrics and logs you choose.

Elastic Logs

Deliver high-signal events into Elastic logs.

New Relic

Route governed telemetry into New Relic.

Storage

Amazon S3

Archive full-fidelity logs for years in your own buckets.

Google Cloud Storage

Keep full-fidelity archives in GCS for replay.

Azure Blob

Route long-term archives into Azure Blob.

Analytics

Snowflake

Keep analytics teams in sync with security telemetry.

BigQuery

Send structured outputs to BigQuery.

Databricks

Stream governed telemetry into Databricks.

Ready to connect your stack?

Browse common connectors teams start with, then open docs to see configuration details.

Browse all connectors Open docs →

Understand the architecture

See how Inputs, Actions, Channels, and Outputs fit together.

Want to see what you can actually build?

Explore the capabilities unlocked by this model.

Ready to choose a plan?

Compare editions and licensing options.