Integrations

Most teams integrate Spectops in two directions:

• Inputs: your existing signals (feeds, automations, and workflows) provide candidates to block or exempt.
• Outputs: Spectops distributes the resulting decisions to your network and downstream systems.

The goal is consistency: the same policy and safety model applies whether the data came from a URL feed, an API call, or a webhook push.

• URL feeds: scheduled fetches from HTTP/HTTPS endpoints that return prefix lists.
• Webhook pushes: near real-time updates from your systems.
• API automation: CI/CD or SOAR pipelines that add/remove entries programmatically.
• Manual entry: quick response during incidents when you need to act immediately.

• BGP distribution: publish to your edge peers when you use RTBH workflows.
• Export lists: download or pull lists in multiple formats for firewalls, DNS tooling, or edge policy.
• Webhooks: emit events so other systems can react (tickets, chatops, SOAR, internal automation).
• API: query and mutate state safely from your own tools.

SIEM / SOAR

Use your detection stack to generate candidates and push them into Spectops, then rely on Spectops to enforce precedence rules and distribute outputs.

Ticketing + Approvals

Many teams connect change events to ticketing systems so approvals and post-incident reviews are easy to audit.

Firewall and DNS Tooling

If not every enforcement point speaks BGP, export lists let you publish consistent data to different systems.