Integrations That Connect Your Investigation Ecosystem

Investigation Software Must Connect

Investigation teams do not operate in isolation. Cases originate from HR systems, compliance hotlines, and security operations centres. Evidence comes from email systems, financial platforms, and document repositories. Outcomes feed into HR actions, regulatory submissions, and board reports. Identity management governs who can access what.

A standalone investigation platform that does not connect to these systems creates the same information silos it was supposed to eliminate. SentinelOps is built API-first, with integration capabilities designed for the enterprise environments where investigations operate.

API Architecture

RESTful API

SentinelOps provides a comprehensive RESTful API that enables programmatic access to platform capabilities:

• Case management: create, read, update, and query cases via API
• Evidence management: upload and retrieve evidence items with metadata
• User management: manage users, roles, and permissions
• Reporting: extract investigation data for external analytics and reporting
• Webhooks: receive real-time notifications of platform events

API Security

API access is secured through:

• API key authentication with scoped permissions
• OAuth 2.0 for delegated access flows
• Rate limiting to prevent abuse
• IP allowlisting for additional access control
• Full API audit logging: every API call is recorded in the audit trail

API Documentation

Comprehensive API documentation is provided with interactive examples, enabling your development team to integrate SentinelOps into your technology ecosystem efficiently.

Identity & Access Management

SSO Integration

SentinelOps integrates with enterprise identity providers through industry-standard protocols:

• SAML 2.0: integration with Azure AD, Okta, OneLogin, PingFederate, and other SAML-compliant identity providers
• OpenID Connect (OIDC): OAuth 2.0 based authentication for modern identity platforms
• SCIM provisioning: automated user provisioning and deprovisioning synchronised with your identity provider

SSO integration ensures that investigation platform access is governed by your existing identity management policies, including MFA enforcement, conditional access, and session management.

Directory Synchronisation

User accounts can be synchronised with your corporate directory (Azure AD, Google Workspace, on-premises Active Directory), ensuring that user information, group memberships, and access permissions remain consistent.

Security Operations Integration

SIEM Integration

For enterprise security teams operating a Security Operations Centre (SOC), SentinelOps integrates with SIEM platforms to enable bidirectional intelligence flow:

• Alert-to-case creation: security alerts from your SIEM (Splunk, Microsoft Sentinel, QRadar, Elastic) can automatically generate investigation cases in SentinelOps
• Investigation enrichment: SIEM data can be pulled into active investigations as contextual intelligence
• Outcome feedback: investigation outcomes feed back into SIEM analytics to improve detection rules

Incident Response Integration

Cyber security incidents that escalate to investigation can flow from incident response platforms into SentinelOps with full context, ensuring continuity between response and investigation.

HR System Integration

Intake from HR Platforms

Workplace investigations frequently originate from HR systems: complaint forms, grievance submissions, or manager referrals. SentinelOps integrates with HR platforms to:

• Receive complaints: automated intake from HR case management or ticketing systems
• Sync employee data: subject and complainant details populated from HR records (with appropriate access controls)
• Outcome integration: investigation outcomes can be communicated back to HR systems for action tracking

Common HR Platforms

Integration is supported with major HR platforms including SAP SuccessFactors, Workday, Oracle HCM, and custom HRIS systems via API.

Email Integration

Email-to-Case

Complaints, referrals, and tips received via email can be captured directly into SentinelOps as new cases or as evidence attached to existing cases. Email-to-case conversion captures:

• Sender and recipient details
• Email body and attachments
• Timestamp and headers
• Threading for email conversations

Email Notifications

SentinelOps sends configurable email notifications for case assignments, deadline reminders, status updates, and escalation alerts. Notification preferences are configurable per user and per case type.

Document Management Integration

Repository Integration

Investigation evidence often resides in enterprise document management systems. SentinelOps integrates with document repositories to:

• Link external documents: reference documents in SharePoint, Google Drive, or other repositories without duplicating storage
• Import evidence: pull documents from external repositories into SentinelOps with chain-of-custody controls
• Export production: produce investigation documents to external repositories for legal review or archival

Supported Platforms

Integration is supported with SharePoint Online, Google Workspace (Drive), and enterprise document management systems via API.

Compliance & Regulatory Integration

AUSTRAC Reporting

For financial crime teams, SentinelOps supports integration with AUSTRAC’s reporting channels to streamline the SMR lodgement process.

Hotline Integration

Integration with third-party whistleblower hotline and reporting platforms ensures that external disclosures flow directly into SentinelOps for investigation, with confidentiality controls applied from the point of intake.

Data Import & Migration

Historical Data Import

Organisations migrating from spreadsheets, legacy investigation tools, or other platforms can import historical case data into SentinelOps. Supported import formats include CSV, Excel, and API-based data transfer.

Migration Support

SentinelOps provides migration support to ensure that historical data is accurately mapped, validated, and imported without loss of fidelity. Migration planning includes data mapping, field validation, and post-migration verification.

Webhook Support

Event-Driven Integration

Webhooks enable real-time event-driven integration with external systems. When specified events occur in SentinelOps, such as case creation, status change, deadline approaching, or evidence uploaded, webhook notifications are sent to configured endpoints.

Common webhook use cases include:

• Slack or Teams notifications: alert channels when new cases are created or when cases require attention
• Ticketing system updates: synchronise SentinelOps case status with external ticketing or GRC platforms
• Automation triggers: initiate automated workflows in external systems based on SentinelOps events
• Dashboard feeds: push real-time data to external dashboards or monitoring systems

How SentinelOps Helps

Integration Need	Without SentinelOps	With SentinelOps
SSO	Separate credentials for investigation tool	Unified identity via SAML/OIDC
SIEM	Manual case creation from security alerts	Automated alert-to-case workflows
HR	Email-based complaint handoff	Structured intake from HR platforms
Document management	Copy files between systems	Integrated access with chain-of-custody
Reporting	Manual data export and compilation	API access for BI platform integration
Notifications	Email-based, manually managed	Automated webhooks to Slack/Teams/custom

Frequently Asked Questions

Does SentinelOps have pre-built integrations?

Yes. SentinelOps provides pre-built integrations for common platforms (Azure AD, Okta, major SIEM platforms, SharePoint). Custom integrations are supported through the RESTful API and webhook infrastructure.

Can SentinelOps integrate with our proprietary internal systems?

Yes. The RESTful API and webhook infrastructure support integration with any system that can make HTTP requests or receive webhook payloads. API documentation and integration support are provided.

Is integration data encrypted?

Yes. All integration communication is encrypted using TLS 1.3. API authentication ensures that only authorised systems can access platform data. See Security for details.

Can we control what data flows through integrations?

Yes. Integration data flows are configurable with scoped permissions. You control which data elements are shared with external systems and which remain within SentinelOps. Sensitive investigation data is never shared through integrations without explicit configuration.

Does integration activity appear in the audit trail?

Yes. All API calls, webhook events, and integration data flows are recorded in the immutable audit trail, ensuring complete visibility into how external systems interact with your investigation data.