ADscan findings, delivered where your security team already works.
The output of every ADscan run is structured, exportable and automatable. Whether you consume it in a report, pipe it to a SIEM or open it as a ticket, the finding format stays consistent and compliance-mapped.
ADscan integrations connect the output of an Active Directory exposure validation run to the tools and workflows your security team uses daily. Today that means structured JSON output, CSV export and CLI-driven pipeline automation. SIEM webhooks and named ticketing connectors ship with the Enterprise on-premise platform, currently in validation.
A security finding that lives only in a PDF is a finding that gets triaged once and forgotten. The teams that close paths fastest are the ones that receive the finding in the tool they already use for remediation, whether that is a SIEM alert, a Jira ticket or a structured feed to a SOC dashboard. ADscan is designed to produce findings in formats that travel, not findings that stay in a report.
- 01
Run ADscan
Every run produces a structured output alongside the human-readable report. The finding format is consistent: slug, severity, path steps, MITRE technique, DORA/NIS2/ENS control reference, and remediation guidance.
- 02
Export in your format
The CLI outputs findings as JSON or CSV. Pipe the JSON output directly to a log aggregator, a SOAR playbook or a custom ticketing script. No transformation layer required.
- 03
Automate with the CLI
ADscan is CLI-first by design. Schedule a run in a cron job, a CI/CD pipeline, or an orchestration script. The exit code and structured output are designed for automation.
- 04
Connect to SIEM via webhook (Enterprise)
The Enterprise on-premise platform sends a structured webhook for each new proven or detected finding to your SIEM endpoint. The payload includes the compliance mapping so alerts arrive pre-enriched.
- 05
Open tickets automatically (Enterprise)
The Enterprise platform can create a ticket in your ticketing system for each new finding, with severity, path detail, remediation steps and the control reference attached. Named connectors ship with Enterprise.
Structured JSON and CSV output
Every run produces machine-readable finding output alongside the PDF report. JSON output is available today on the CLI and is suitable for log aggregation, scripted ticketing and SOAR ingestion.
CLI pipeline integration
ADscan is built to run in a pipeline. Non-zero exit on new proven findings, structured stdout, and no interactive prompts in batch mode. Run it from cron, CI/CD or an orchestration layer.
SIEM webhook connectors (Enterprise)
The Enterprise on-premise platform sends structured webhooks to your SIEM on each new finding. The payload includes severity, path steps, MITRE technique and compliance mapping. Ships with Enterprise, currently in validation.
Ticketing connectors (Enterprise)
Named connectors for ticketing systems ship with the Enterprise platform. Each new finding opens a ticket with the full context attached. Ships with Enterprise, currently in validation.
Compliance-mapped finding payload
Every finding in the output carries its DORA, NIS2 and ENS control reference. SIEM alerts and tickets arrive pre-enriched with the compliance context, so the SOC does not have to look it up.
On-premise, no vendor cloud
ADscan runs entirely inside your perimeter. Structured output goes where you direct it, not to a vendor cloud. No Active Directory data transits a third-party SaaS layer.
Mapped to the control your supervisor asks about.
DORA Article 17 requires entities to have ICT-related incident management processes and to ensure findings are tracked through to closure. Structured, compliance-mapped finding output is the bridge between the detection layer and the incident management process. Every ADscan finding payload carries the DORA, NIS2 and ENS control reference, so the finding can be logged, tracked and closed as a control-level event rather than a generic security note.
JSON and CSV export are available on the open-source CLI today. The structured output is designed for piping to log aggregators and scripted workflows. Free on GitHub.
The PRO report adds the compliance-mapped PDF alongside the structured output, so the same run produces a machine-readable feed and a board-ready document. The Enterprise on-premise platform adds SIEM webhooks, ticketing connectors and the web dashboard for finding lifecycle management.
Explore the rest of the platform.
Questions, answered.
Which SIEM platforms does ADscan integrate with?
SIEM webhook connectors ship with the Enterprise on-premise platform, currently in validation. The webhook payload is structured JSON with finding metadata, severity, compliance mapping and MITRE technique, so it is compatible with any SIEM that accepts a webhook. Named connector documentation for specific platforms ships with Enterprise.
Does ADscan integrate with Jira or ServiceNow?
Named ticketing connectors for ticketing systems ship with the Enterprise platform. Today, the CLI JSON output can be consumed by a custom script to open tickets in any system that has an API. The structured finding payload includes all the context needed for a useful ticket: severity, path steps, remediation guidance and compliance reference.
Does ADscan have a REST API?
The Enterprise on-premise platform includes an API for triggering runs, retrieving findings and managing the finding lifecycle programmatically. The open-source CLI is the automation surface for the LITE tier: it is scriptable, produces structured output, and returns non-zero exit codes on new proven findings.
How does ADscan fit into a SOC workflow?
ADscan produces a finding for each proven or detected attack path, compliance-mapped and structured for ingestion. In a SOC context the Enterprise webhook sends that finding to the SIEM as an alert, the ticketing connector opens a remediation ticket, and the web dashboard shows the finding lifecycle. The SOC handles the ADscan finding the same way it handles any high-severity identity alert.
Does data leave the perimeter when using integrations?
ADscan runs entirely on-premise. Webhook payloads are sent from your infrastructure to your SIEM or ticketing endpoint, under your control. No Active Directory data is sent to a vendor cloud. The structured output goes where you configure it to go.
Find out which path to Domain Admin you have today.
Request a proof of value and we will run ADscan against your Active Directory, then deliver the compliance-mapped report.