Varonis
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, threat detection and response. The company provides solutions for protecting enterprise data across cloud and on-premises environments including data classification, access governance, behavioral threat detection, and automated remediation.
4 APIs
8 Features
Cloud SecurityComplianceData AnalyticsData GovernanceData SecurityThreat Detection
API for accessing threat detection and incident response capabilities from Varonis DatAlert. Provides endpoints for retrieving alerts, managing alert status, adding notes to ale...
API for integrating with Varonis Data Security Platform to manage data security policies, access permissions, and threat detection.
REST and SOAP API for integrating Varonis DataPrivilege with IAM and ITSM solutions. Enables synchronization of managed data, execution and reporting on access requests and acce...
Model Context Protocol server that interfaces with Varonis APIs, allowing AI clients such as ChatGPT, Claude, and GitHub Copilot to access and orchestrate the Varonis Data Secur...
Behavioral Threat Detection
AI-powered detection of abnormal user and data access behavior using DatAlert threat models aligned to MITRE ATT&CK.
Data Classification
Automated sensitive data discovery and classification across cloud and on-premises data stores.
Access Governance
DataPrivilege workflow automation for entitlement reviews, access requests, and permission remediation.
Forensic Investigation
Detailed event-level forensics including file access, permission changes, and login activity for incident investigation.
SIEM and SOAR Integration
REST API integration with SIEM platforms (Splunk, QRadar, Sentinel) and SOAR platforms (XSOAR, Phantom) for automated response.
AI-Assisted Security (MCP)
Model Context Protocol server enabling natural language security operations with Claude, ChatGPT, and GitHub Copilot.
Compliance Reporting
Built-in reporting for GDPR, HIPAA, PCI-DSS, SOX, and other compliance frameworks.
Cloud Security Posture
Data security posture management for Microsoft 365, AWS, Azure, and Google Cloud environments.
Insider Threat Detection
Detect and respond to abnormal access patterns that indicate potential insider threats or compromised accounts.
Ransomware Detection
Identify ransomware activity through mass file access, renaming, and encryption patterns.
Data Breach Investigation
Investigate potential data breaches using forensic event trails to determine scope and blast radius.
Privileged Access Review
Automate periodic entitlement reviews to ensure least-privilege access to sensitive data.
Compliance Audit
Generate audit-ready reports demonstrating data access controls for regulatory frameworks.
SOAR Automation
Integrate alert triage and remediation into automated playbooks via the DatAlert REST API.
AI-Driven Security Operations
Use the Varonis MCP Server to enable AI assistants to query alerts, investigate events, and execute remediation.
Microsoft Sentinel
Ingest Varonis alerts and events into Microsoft Sentinel for correlation and automated response.
Splunk
Stream DatAlert events to Splunk via the official Varonis App for Splunk SIEM integration.
IBM QRadar
Forward Varonis DatAlert events to QRadar using the official integration guide.
CrowdStrike Falcon
Enrich endpoint threat data with Varonis user and data access context.
ServiceNow
Create and manage security incident tickets in ServiceNow from Varonis alerts.
Palo Alto XSOAR
Automate alert triage and remediation workflows using the Varonis XSOAR integration.
Microsoft 365
Monitor and protect SharePoint, OneDrive, Exchange, and Teams data natively.
AWS
Data security posture management for S3, RDS, and other AWS data services.
name: Varonis
description: >-
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, threat
detection and response. The company provides solutions for protecting enterprise data across cloud and on-premises
environments including data classification, access governance, behavioral threat detection, and automated remediation.
image: https://www.varonis.com/favicon.ico
url: https://www.varonis.com
created: '2025'
modified: '2026-05-19'
tags:
- Cloud Security
- Compliance
- Data Analytics
- Data Governance
- Data Security
- Threat Detection
apis:
- name: Varonis DatAlert API
description: >-
API for accessing threat detection and incident response capabilities from Varonis DatAlert. Provides endpoints
for retrieving alerts, managing alert status, adding notes to alerts, and accessing alerted events for
investigation and threat hunting. The DatAlert API enables integration with SIEM and SOAR platforms for
centralized security operations.
image: https://www.varonis.com/favicon.ico
humanURL: https://www.varonis.com/products/datalert
baseURL: https://api.varonis.com/datalert
tags:
- Incident Response
- Security Alerts
- Threat Detection
properties:
- type: Documentation
url: https://docs.varonis.com/api/datalert
- type: OpenAPI
url: openapi/varonis-datalert-openapi.yml
- type: Authentication
url: https://docs.varonis.com/api/authentication
- type: JSONSchema
url: json-schema/varonis-datalert-alert-schema.json
title: Alert Schema
- type: JSONSchema
url: json-schema/varonis-datalert-alerted-event-schema.json
title: Alerted Event Schema
- type: JSONSchema
url: json-schema/varonis-datalert-threat-model-schema.json
title: Threat Model Schema
- type: JSONStructure
url: json-structure/varonis-datalert-alert-structure.json
title: Alert Structure
- type: JSONStructure
url: json-structure/varonis-datalert-alerted-event-structure.json
title: Alerted Event Structure
- type: Example
url: examples/varonis-datalert-alert-example.json
title: Alert Example
- type: Example
url: examples/varonis-datalert-alerted-event-example.json
title: Alerted Event Example
- name: Varonis Data Security Platform API
description: >-
API for integrating with Varonis Data Security Platform to manage data security policies, access permissions, and
threat detection.
image: https://www.varonis.com/favicon.ico
humanURL: https://www.varonis.com/products/data-security-platform
baseURL: https://api.varonis.com
tags:
- Access Control
- Data Security
- Permissions
properties:
- type: Documentation
url: https://docs.varonis.com/api
- type: Authentication
url: https://docs.varonis.com/api/authentication
- name: Varonis DataPrivilege API
description: >-
REST and SOAP API for integrating Varonis DataPrivilege with IAM and ITSM solutions. Enables synchronization of
managed data, execution and reporting on access requests and access control changes, and automation of entitlement
reviews and self-service access workflows.
image: https://www.varonis.com/favicon.ico
humanURL: https://www.varonis.com/products/dataprivilege
baseURL: https://api.varonis.com
tags:
- Access Governance
- Entitlement Reviews
- Identity Management
- Self-Service Access
properties:
- type: Documentation
url: https://www.varonis.com/blog/introducing-gdpr-patterns-and-dataprivilege-api
- name: Varonis MCP Server
description: >-
Model Context Protocol server that interfaces with Varonis APIs, allowing AI clients such as ChatGPT, Claude, and
GitHub Copilot to access and orchestrate the Varonis Data Security Platform using natural language. Enables
complex workflows including alert retrieval, access remediation, and compliance reporting.
image: https://www.varonis.com/favicon.ico
humanURL: https://www.varonis.com/blog/mcp-server
baseURL: https://api.varonis.com
tags:
- AI Integration
- Automation
- MCP
- Natural Language
properties:
- type: Documentation
url: https://www.varonis.com/blog/mcp-server
- type: SDK
url: https://www.npmjs.com/package/@varonis/mcp
title: MCP Server npm Package
maintainers:
- FN: Kin Lane
email: kin@apievangelist.com
url: https://apievangelist.com
include:
- name: Varonis Support Portal
url: https://support.varonis.com
common:
- type: PostmanWorkspace
url: https://www.postman.com/kinlaneapi/varonis/overview
- type: ArazzoWorkflows
url: arazzo/
workflows:
- url: arazzo/varonis-close-low-severity-noise-workflow.yml
name: Varonis Close Low-Severity Noise
summary: Find the newest low-severity open alert, note it, and close it as legitimate activity.
- url: arazzo/varonis-device-malicious-ip-response-workflow.yml
name: Varonis Device Malicious IP Response
summary: Pull a device's newest alert, and if it involves a malicious IP, fetch events and investigate.
- url: arazzo/varonis-high-severity-model-coverage-workflow.yml
name: Varonis High-Severity Model Coverage
summary: List threat models, pull alerts for one model, and annotate its newest alert.
- url: arazzo/varonis-investigate-and-close-alert-workflow.yml
name: Varonis Investigate and Close Alert
summary: Pull events for a known alert, document findings as a note, then close it.
- url: arazzo/varonis-sensitive-data-alert-escalation-workflow.yml
name: Varonis Sensitive Data Alert Escalation
summary: Pull the newest open alert and branch on whether it touches classified sensitive data.
- url: arazzo/varonis-threat-model-hunt-workflow.yml
name: Varonis Threat Model Hunt
summary: Resolve a threat model by name, pull its recent alerts, and load the newest alert's events.
- url: arazzo/varonis-triage-alert-workflow.yml
name: Varonis Triage Newest Alert
summary: Pull the newest open alert, load its forensic events, and move it into investigation.
- url: arazzo/varonis-user-high-severity-investigation-workflow.yml
name: Varonis User High-Severity Investigation
summary: Find a user's high-severity alerts, pull the top alert's events, and annotate it.
- type: LinkedIn
url: https://www.linkedin.com/company/varonis
- type: Portal
url: https://www.varonis.com/developers
- type: Website
url: https://www.varonis.com
- type: Support
url: https://www.varonis.com/resources/support
- type: Blog
url: https://www.varonis.com/blog
- type: PrivacyPolicy
url: https://www.varonis.com/trust/privacy
- type: TermsOfService
url: https://www.varonis.com/terms
- type: StatusPage
url: https://status.varonis.com
- type: ChangeLog
url: https://www.varonis.com/platform/changelog
- type: Security
url: https://www.varonis.com/trust/security
- type: Login
url: https://my.varonis.io/
- type: SignUp
url: https://help.varonis.com/s/article/WDOC-2305
- type: HelpCenter
url: https://help.varonis.com/s/
- type: TrustCenter
url: https://www.varonis.com/trust
- type: Integrations
url: https://www.varonis.com/security-ecosystem-integrations
- type: Training
url: https://www.varonis.com/product-training
- type: ContentLibrary
url: https://www.varonis.com/resources
- type: GitHubOrganization
url: https://github.com/varonis
- type: PartnerPortal
url: https://partners.varonis.com/
- type: SpectralRules
url: rules/varonis-spectral-rules.yml
- type: Vocabulary
url: vocabulary/varonis-vocabulary.yaml
- type: JSONLD
url: json-ld/varonis-datalert-context.jsonld
- type: Features
data:
- name: Behavioral Threat Detection
description: >-
AI-powered detection of abnormal user and data access behavior using DatAlert threat models aligned to MITRE
ATT&CK.
- name: Data Classification
description: Automated sensitive data discovery and classification across cloud and on-premises data stores.
- name: Access Governance
description: DataPrivilege workflow automation for entitlement reviews, access requests, and permission remediation.
- name: Forensic Investigation
description: >-
Detailed event-level forensics including file access, permission changes, and login activity for incident
investigation.
- name: SIEM and SOAR Integration
description: >-
REST API integration with SIEM platforms (Splunk, QRadar, Sentinel) and SOAR platforms (XSOAR, Phantom) for
automated response.
- name: AI-Assisted Security (MCP)
description: >-
Model Context Protocol server enabling natural language security operations with Claude, ChatGPT, and GitHub
Copilot.
- name: Compliance Reporting
description: Built-in reporting for GDPR, HIPAA, PCI-DSS, SOX, and other compliance frameworks.
- name: Cloud Security Posture
description: Data security posture management for Microsoft 365, AWS, Azure, and Google Cloud environments.
- type: UseCases
data:
- name: Insider Threat Detection
description: >-
Detect and respond to abnormal access patterns that indicate potential insider threats or compromised
accounts.
- name: Ransomware Detection
description: Identify ransomware activity through mass file access, renaming, and encryption patterns.
- name: Data Breach Investigation
description: Investigate potential data breaches using forensic event trails to determine scope and blast radius.
- name: Privileged Access Review
description: Automate periodic entitlement reviews to ensure least-privilege access to sensitive data.
- name: Compliance Audit
description: Generate audit-ready reports demonstrating data access controls for regulatory frameworks.
- name: SOAR Automation
description: Integrate alert triage and remediation into automated playbooks via the DatAlert REST API.
- name: AI-Driven Security Operations
description: >-
Use the Varonis MCP Server to enable AI assistants to query alerts, investigate events, and execute
remediation.
- type: Integrations
data:
- name: Microsoft Sentinel
description: Ingest Varonis alerts and events into Microsoft Sentinel for correlation and automated response.
- name: Splunk
description: Stream DatAlert events to Splunk via the official Varonis App for Splunk SIEM integration.
- name: IBM QRadar
description: Forward Varonis DatAlert events to QRadar using the official integration guide.
- name: CrowdStrike Falcon
description: Enrich endpoint threat data with Varonis user and data access context.
- name: ServiceNow
description: Create and manage security incident tickets in ServiceNow from Varonis alerts.
- name: Palo Alto XSOAR
description: Automate alert triage and remediation workflows using the Varonis XSOAR integration.
- name: Microsoft 365
description: Monitor and protect SharePoint, OneDrive, Exchange, and Teams data natively.
- name: AWS
description: Data security posture management for S3, RDS, and other AWS data services.