Build on SenseOn
REST API, Zapier, and MCP-compatible integration for builders, partners, and MSSPs. Build on the Intelligence Fabric — the governance control plane for human analysts and AI agents, with policy-controlled approval and full audit trail.
Programmatic access to cases, observations, devices, and AI summaries
Programmatic access to investigations, observations, assets, AI-generated case summaries, and response actions (isolate, contain, close). Every event normalises to OCSF with SenseOn extensions; OpenTelemetry-compatible logs, traces, and metrics. Get started in three lines: authenticate with a Bearer token, call GET /cases, parse OCSF-normalised JSON (quickstart at docs.senseon.io). MCP-compatible integration with Claude Agent SDK and OpenAI AgentKit enables frontier AI agents to query cases, trigger response actions, and read device state — governed by the Guardrails Engine, which detects prompt injection, tool-call abuse, agent impersonation, and data exfiltration via agent tool calls. Every action logged to the DecisionTrace Ledger: the append-only, immutable System of Record for regulator-grade chain-of-custody. Multi-tenant API surface with tenant-scoped keys and usage attribution for MSSP and partner integrations. Webhooks and event streaming for real-time alerting, SOAR playbooks, and custom dashboards. The full reference at docs.senseon.io/en/latest/api_reference/ covers all endpoints plus a Zapier app (3 triggers, 13 actions) for low-code automation.
What you need to integrate
Authentication, rate limits, standards, and procurement paths.
Base URL
api.senseon.io/v1 — OpenAPI 3.1 spec available at docs.senseon.io
Authentication
Bearer token (per-tenant Personal Access Token). Multi-tenant: tenant-scoped keys with RBAC and usage attribution for MSSP/partner deployments.
Rate limits
1,000 req/min per key
Standards
OCSF-native with SenseOn extensions. OpenTelemetry-compatible logs, traces, and metrics. MCP (Model Context Protocol) server surface for AI agent integration.
Full reference
docs.senseon.io/en/latest/api_reference/ — cases (read and write), devices, observations, raw telemetry, response actions, AI case summaries
Low-code (Zapier)
3 triggers and 13 actions for no-code automation across 6,000+ apps
Marketplaces
Procure via AWS Marketplace (live) and Microsoft Marketplace (expected soon) with consolidated billing
Webhooks & Streaming
Real-time event delivery via webhooks and streaming for alerting, SOAR playbooks, and custom dashboards. Subscribe to case, observation, and device events.
Production Scale
33.4B events analysed monthly in Fortune 500 environments. 92.5% of incidents resolved by AI under human governance. MTTD and MTTR under 20 minutes. Trusted by BT, Kingspan, Mitsubishi Chemical, and Advantage Solutions.
Selected endpoints from the full reference
A representative selection. The full API reference at docs.senseon.io/en/latest/api_reference/ documents every endpoint, schema, and parameter.
GET /cases
List investigations with filters for severity, status, and time range. Returns full case context including correlated observations and DecisionTrace audit trail.
GET /cases/{id}
Retrieve a single case with full investigation timeline, observations, decision trail, and current status. Every AI and human action traced from detection to resolution.
POST /cases/{id}/actions
Trigger response actions: isolate device, disable user, add IOC, close case. Every action governed by the Guardrails Engine — policy approval required, evidence justification logged to DecisionTrace.
GET /cases/{id}/summary
AI-generated case summary suitable for executive review, compliance packs, or ticketing systems. Includes severity assessment, recommended actions, and chain-of-custody.
GET /observations
Query raw and enriched observations across endpoint, network, identity, cloud, and AI agent telemetry. OCSF-normalised. Supports time-range and entity filters.
GET /devices
Enumerate protected devices with status, agent version, risk score, and last-seen telemetry. Supports filtering by tag, OS, tenant, and risk score.
Integrations and partner ecosystem
Bidirectional integrations with CrowdStrike, Defender, Trellix, SentinelOne, Sophos, Splunk, and ServiceNow. Your existing stack stays in place.
Splunk / Sentinel / Chronicle
Forward enriched alerts and incident data into existing SIEM workflows. Bi-directional alert and incident sync for hybrid SOC operations.
CrowdStrike / Defender / SentinelOne
Bidirectional EDR integrations — read detections, push containment actions, synchronise IOC feeds. Universal Sensor (0.7% CPU, 70–80 MB RAM) runs alongside your existing EDR.
ServiceNow / Jira
Automatic ticket creation and bi-directional status sync. Full case context including AI-generated summaries.
Okta / Entra ID
Identity signals from your identity provider. Cross-domain correlation ties identity events to endpoint and network telemetry.
Claude Agent SDK / OpenAI AgentKit
MCP-compatible governance for any AI agent — Claude, Operator, GPT, or custom LLM workflows. The Guardrails Engine detects prompt injection, tool-call abuse, and agent impersonation while controlling which actions agents can take. DecisionTrace provides the append-only System of Record. Enterprise AI deployments get auditable, policy-controlled, regulator-grade security for EU AI Act, NIS2, and ISO 27001.
For AI Safety & Governance Teams
If your organisation deploys AI agents with real-world tool access, the Intelligence Fabric provides the governance layer your AI safety team needs: red-team visibility into agent tool-call chains, adversarial prompt detection, multi-hop delegation monitoring, and policy-controlled action boundaries. Integrates with ML ops pipelines and agent orchestration frameworks. DecisionTrace satisfies EU AI Act Article 14 (human oversight) and NIS2 incident-reporting obligations with continuous, machine-readable evidence.
Zapier
Low-code automation across 6,000+ apps with 3 triggers and 13 actions.
Ready to integrate?
Browse the full API reference or see the Intelligence Fabric in action. Trusted by BT, Kingspan, Mitsubishi Chemical, and Advantage Solutions.