Integrations

Auto-scan notes on save. Share via SEP UECIID. XAI pipeline visualization. Offline publish queue. Sidebar view.

Slash command handler with HMAC-SHA256 verification. HIGH/BLOCK + share alerts via webhook.

Duck-typed WardenCallback for seamless LangChain pipeline integration. Zero config change required.

Splunk HEC + Elastic ECS format. Custom field mappings. SOC 2 Type II evidence ingestion.

Test matrix (3.11/3.12) + lint + Docker smoke + mutation testing. Coverage gate ≥75%.

5 commands (Ctrl+Shift+W scan selection, scan file concurrent, scan clipboard, clear, settings). 4 decoration tiers (LOW/MEDIUM/HIGH/BLOCK) with coloured gutter, background tint, and inline after-text verdict. Code Lens above HIGH/BLOCK lines. Concurrent file scan (configurable 1–16 workers). Rich hover: flags + secrets found + request ID. Output channel log. Auto-scan on save. v5.2.0.

Automatically scan every commit message and diff for secrets, injection patterns, and policy violations before code is merged, using a Shadow Warden GitHub Actions workflow.

Automatically create Jira issues for HIGH/BLOCK verdicts with full XAI causal chain and remediation guidance embedded directly in the ticket.

Bring Shadow Warden into Microsoft Teams with a /warden slash command that scans text, shows verdicts, and lets teams respond to security incidents without leaving the conversation.

Automatically scan Notion pages for secrets, injection patterns, and policy violations, then write risk verdicts back as page properties for easy triage.

Consume threat intelligence from any TAXII 2.1 server, automatically ingesting STIX indicators and observables into Shadow Warden's detection pipeline for enhanced threat correlation.

WardenSpanProcessor (sync ThreadPoolExecutor) + WardenAsyncSpanProcessor (asyncio tasks). Extracts span name, string/numeric attributes, event messages — forwarded to /filter. Bounded queue (max 512), shutdown drain, force_flush(), on_finding callback, configurable min_risk + skip_span_names. REST: GET /sdk/status, GET /sdk/stats, POST /sdk/ping. Tier: Pro+.

Bridge MISP's ZMQ event feed directly into Shadow Warden's syslog sink. ZMQ subscriber (pyzmq, multipart frame support) + HTTP pull fallback. Domain IoCs forwarded as dnsmasq-style syslog lines to UDP 5514 for real-time correlation with passive DNS telemetry. Stats at GET /misp/stats. One-shot sync via POST /misp/sync. Auto-starts in lifespan when MISP_ZMQ_URL or MISP_API_URL+KEY is set.

Single-wizard provisioning of all 7 SMB modules. SMBProvisionResult with UECIID + STIX chain ID. get_suite_health() aggregates all module stats. 3 endpoints at /smb-suite/*. Streamlit 6-tab dashboard at page 10.