Varonis website screenshot

Varonis

Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, threat detection and response. The company provides solutions for protecting enterprise data across cloud and on-premises environments including data classification, access governance, behavioral threat detection, and automated remediation.

4 APIs 8 Features
Cloud SecurityComplianceData AnalyticsData GovernanceData SecurityThreat Detection

APIs

Varonis DatAlert API

API for accessing threat detection and incident response capabilities from Varonis DatAlert. Provides endpoints for retrieving alerts, managing alert status, adding notes to ale...

Varonis Data Security Platform API

API for integrating with Varonis Data Security Platform to manage data security policies, access permissions, and threat detection.

Varonis DataPrivilege API

REST and SOAP API for integrating Varonis DataPrivilege with IAM and ITSM solutions. Enables synchronization of managed data, execution and reporting on access requests and acce...

Varonis MCP Server

Model Context Protocol server that interfaces with Varonis APIs, allowing AI clients such as ChatGPT, Claude, and GitHub Copilot to access and orchestrate the Varonis Data Secur...

Collections

Arazzo Workflows

Varonis Close Low-Severity Noise

Find the newest low-severity open alert, note it, and close it as legitimate activity.

ARAZZO

Varonis Device Malicious IP Response

Pull a device's newest alert, and if it involves a malicious IP, fetch events and investigate.

ARAZZO

Varonis High-Severity Model Coverage

List threat models, pull alerts for one model, and annotate its newest alert.

ARAZZO

Varonis Investigate and Close Alert

Pull events for a known alert, document findings as a note, then close it.

ARAZZO

Varonis Sensitive Data Alert Escalation

Pull the newest open alert and branch on whether it touches classified sensitive data.

ARAZZO

Varonis Threat Model Hunt

Resolve a threat model by name, pull its recent alerts, and load the newest alert's events.

ARAZZO

Varonis Triage Newest Alert

Pull the newest open alert, load its forensic events, and move it into investigation.

ARAZZO

Varonis User High-Severity Investigation

Find a user's high-severity alerts, pull the top alert's events, and annotate it.

ARAZZO

Pricing Plans

Varonis Plans Pricing

1 plans

PLANS

Rate Limits

Varonis Rate Limits

1 limits

RATE LIMITS

FinOps

Features

Behavioral Threat Detection

AI-powered detection of abnormal user and data access behavior using DatAlert threat models aligned to MITRE ATT&CK.

Data Classification

Automated sensitive data discovery and classification across cloud and on-premises data stores.

Access Governance

DataPrivilege workflow automation for entitlement reviews, access requests, and permission remediation.

Forensic Investigation

Detailed event-level forensics including file access, permission changes, and login activity for incident investigation.

SIEM and SOAR Integration

REST API integration with SIEM platforms (Splunk, QRadar, Sentinel) and SOAR platforms (XSOAR, Phantom) for automated response.

AI-Assisted Security (MCP)

Model Context Protocol server enabling natural language security operations with Claude, ChatGPT, and GitHub Copilot.

Compliance Reporting

Built-in reporting for GDPR, HIPAA, PCI-DSS, SOX, and other compliance frameworks.

Cloud Security Posture

Data security posture management for Microsoft 365, AWS, Azure, and Google Cloud environments.

Use Cases

Insider Threat Detection

Detect and respond to abnormal access patterns that indicate potential insider threats or compromised accounts.

Ransomware Detection

Identify ransomware activity through mass file access, renaming, and encryption patterns.

Data Breach Investigation

Investigate potential data breaches using forensic event trails to determine scope and blast radius.

Privileged Access Review

Automate periodic entitlement reviews to ensure least-privilege access to sensitive data.

Compliance Audit

Generate audit-ready reports demonstrating data access controls for regulatory frameworks.

SOAR Automation

Integrate alert triage and remediation into automated playbooks via the DatAlert REST API.

AI-Driven Security Operations

Use the Varonis MCP Server to enable AI assistants to query alerts, investigate events, and execute remediation.

Integrations

Microsoft Sentinel

Ingest Varonis alerts and events into Microsoft Sentinel for correlation and automated response.

Splunk

Stream DatAlert events to Splunk via the official Varonis App for Splunk SIEM integration.

IBM QRadar

Forward Varonis DatAlert events to QRadar using the official integration guide.

CrowdStrike Falcon

Enrich endpoint threat data with Varonis user and data access context.

ServiceNow

Create and manage security incident tickets in ServiceNow from Varonis alerts.

Palo Alto XSOAR

Automate alert triage and remediation workflows using the Varonis XSOAR integration.

Microsoft 365

Monitor and protect SharePoint, OneDrive, Exchange, and Teams data natively.

AWS

Data security posture management for S3, RDS, and other AWS data services.

Semantic Vocabularies

Varonis Datalert Context

13 classes · 43 properties

JSON-LD

API Governance Rules

Varonis API Rules

34 rules · 13 errors 20 warnings 1 info

SPECTRAL

JSON Structure

Varonis Datalert Add Note Request Structure

2 properties

JSON STRUCTURE

Varonis Datalert Alert Structure

19 properties

JSON STRUCTURE

Varonis Datalert Alerted Event Structure

11 properties

JSON STRUCTURE

Varonis Datalert Alerts Response Structure

2 properties

JSON STRUCTURE

Varonis Datalert Get Alerts Request Structure

12 properties

JSON STRUCTURE

Varonis Datalert Success Response Structure

2 properties

JSON STRUCTURE

Varonis Datalert Threat Model Structure

5 properties

JSON STRUCTURE

Example Payloads

Varonis Datalert Alert Example

19 fields

EXAMPLE

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
LinkedIn
LinkedIn
🌐
Portal
Portal
🔗
Website
Website
💬
Support
Support
📰
Blog
Blog
📜
PrivacyPolicy
PrivacyPolicy
📜
TermsOfService
TermsOfService
🟢
StatusPage
StatusPage
📄
ChangeLog
ChangeLog
🔗
Security
Security
🔗
Login
Login
📝
Signup
Signup
🔗
HelpCenter
HelpCenter
🔗
TrustCenter
TrustCenter
🎓
Training
Training
🔗
ContentLibrary
ContentLibrary
👥
GitHubOrganization
GitHubOrganization
🌐
PartnerPortal
PartnerPortal
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
JSONLD
JSONLD

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Varonis DatAlert API
  version: '1.0'
request:
  auth:
    type: apikey
    key: X-API-Key
    value: '{{X-API-Key}}'
    placement: header
items:
- info:
    name: Alerts
    type: folder
  items:
  - info:
      name: Varonis Get Alerts
      type: http
    http:
      method: POST
      url: https://{domain}/api/threatdetection/api/alert/alert/GetAlerts
      body:
        type: json
        data: '{}'
    docs: Retrieves alerts from Varonis DatAlert based on specified filter criteria. Supports filtering by threat model name,
      time range, alert status, severity, device name, and user name. Returns comprehensive alert data including severity,
      category, status, user details, device information, and asset paths.
  - info:
      name: Varonis Update Alert Status
      type: http
    http:
      method: POST
      url: https://{domain}/api/threatdetection/api/alert/alert/SetAlertStatus
      body:
        type: json
        data: '{}'
    docs: Updates the status of an existing alert in Varonis DatAlert. Allows transitioning an alert between Open and Under
      Investigation statuses. Optionally accepts a note to document the reason for the status change.
  - info:
      name: Varonis Close Alert
      type: http
    http:
      method: POST
      url: https://{domain}/api/threatdetection/api/alert/alert/CloseAlert
      body:
        type: json
        data: '{}'
    docs: Closes an alert in Varonis DatAlert with a specified close reason. The close reason helps track resolution patterns
      and improve threat model accuracy over time. Supported reasons include Resolved, Misconfiguration, Threat model disabled
      or deleted, Account misclassification, Legitimate activity, and Other.
  - info:
      name: Varonis Add Note to Alert
      type: http
    http:
      method: POST
      url: https://{domain}/api/threatdetection/api/alert/alert/AddNote
      body:
        type: json
        data: '{}'
    docs: Adds a note to an existing alert in Varonis DatAlert. Notes provide an audit trail of investigation activities and
      can be used to document findings, remediation steps, or communication between security team members during incident
      response.
- info:
    name: Events
    type: folder
  items:
  - info:
      name: Varonis Get Alerted Events
      type: http
    http:
      method: POST
      url: https://{domain}/api/threatdetection/api/alert/alert/GetAlertedEvents
      body:
        type: json
        data: '{}'
    docs: Retrieves the underlying events associated with a specific alert for forensic investigation. Returns event-level
      data including operation types, source and destination accounts, affected resources, IP addresses, and geolocation information.
      Essential for threat hunting and understanding the full scope of a security incident.
- info:
    name: Threat Models
    type: folder
  items:
  - info:
      name: Varonis Get Threat Models
      type: http
    http:
      method: GET
      url: https://{domain}/api/threatdetection/api/alert/alert/GetThreatModels
      params:
      - name: name
        value: ''
        type: query
        description: Filter threat models by name. Supports pipe-separated values and wildcard characters for pattern matching.
    docs: Retrieves the list of threat models configured in Varonis DatAlert. Threat models define the behavioral patterns
      and rules used to generate alerts. Each threat model includes a name, category, severity level, and source classification.
      Supports optional filtering by name with wildcard support.
bundled: true