Turn External Telemetry into Internal Security Intelligence
The web perimeter has shifted. Your XDR monitors servers, but your risk is in the browser. Bridge the visibility gap by feeding Quttera’s external threat signals directly into your SOC dashboard.
Internal Logs Don't See Client-Side Threats
Internal Logs Don't See Client-Side Threats
Traditional XDR and SIEM platforms are masters of internal telemetry—monitoring logs, endpoints, and server processes. However, modern threats—such as obfuscated script injections, DOM-based manipulation, and client-side data skimming—execute entirely within the end-user’s browser.
These threats leave no footprint on your server logs, rendering your internal defense blind to the most critical web-layer vulnerabilities. You aren't just being hacked at the server level; you are being hijacked at the perception level.
These threats leave no footprint on your server logs, rendering your internal defense blind to the most critical web-layer vulnerabilities. You aren't just being hacked at the server level; you are being hijacked at the perception level.
Structured Threat Evidence for Instant Ingestion
Structured Threat Evidence for Instant Ingestion
Every scan generates detailed, machine-readable evidence (JSON/XML) that normalizes browser-side anomalies into actionable alerts. This allows your security orchestration platform to treat Quttera's findings as high-fidelity incident data, ready for immediate ingestion into your SIEM, SOAR, or GRC workflow.
The problem — the visibility gap
Threat activates on external web asset
→
Static report generated
→
Manual analyst review
→
SIEM ticket created manually
→
Delayed response
→
Quttera API closes the gap
Traditional threat reports require manual triage before SIEM ingestion — introducing delay between detection and response. Quttera provides structured external web threat evidence that can enrich internal security platforms such as SIEM, SOAR, and XDR. Unlike traditional telemetry sources, Quttera detects threats from the browser perspective — identifying risks that do not appear in server logs or endpoint monitoring. Your SIEM or XDR can normalize this data into severity tiers, playbooks, and automated response workflows based on your internal logic.
4-tier
Severity classification (derived in SIEM/XDR)
Auto
Compliance mapping available via reports
<2s
Structured evidence ready for SIEM ingestion
The API — four integration points
Quttera provides raw threat intelligence. SIEM/XDR platforms enrich and operationalize it.
Trigger a threat scan on any domain
Submit a domain for real-time malware, script injection, and redirect analysis. Two-call pattern: POST to initiate, GET to retrieve when state = DONE. Supports batch and real-time modes.
Step 1 — Initiate scan
POST scannerapi.quttera.com/api/v3/{api-key}/url/scan/{domain}.json
{
"error": 200,
"errorstr": "success",
"status": {
"blacklisted": "no",
"scanner_result": "undef",
"state": "DOWNLOAD",
"url": "target-domain.com"
}
}Step 2 — Retrieve report when state = DONE
GET scannerapi.quttera.com/api/v3/{api-key}/url/report/{domain}.json
{
"error": 200,
"errorstr": "success",
"report": {
"url": "external-script-alpha.com",
"state": "DONE",
"scanner_result": "malicious",
"threat_summary": {
"threat_type": "obfuscated_script_injection",
"threat_status": "active",
"detection_time": "2026-04-20 18:52:05"
}
}
}Export structured threat evidence for SIEM / XDR
Every scan generates machine-readable JSON with detailed threat evidence — including detected anomalies, external domains, and blacklist status. This data can be normalized by your SIEM or XDR into alert severity, routing logic, and automated response workflows.
Native Quttera API response (OOTB)
GET scannerapi.quttera.com/api/v3/{api-key}/url/report/{domain}.json
{
"error": 200,
"errorstr": "success",
"report": {
"url": "external-script-alpha.com",
"state": "DONE",
"scanner_result": "malicious",
"blacklist": {
"blacklist_status": "NoThreat",
"providers": [
{ "name": "Google Safe Browsing", "status": "NoThreat" },
{ "name": "Yandex Safe Browsing", "status": "NoThreat" }
]
},
"threat_summary": {
"threat_type": "obfuscated_script_injection",
"threat_status": "active",
"detection_time": "2026-04-20 18:52:05"
}
}
}Example enriched alert (generated by SIEM/XDR)
The following example shows how Quttera API data can be transformed by your SIEM/SOAR into actionable alerts.
{
"alert": {
"severity": "Critical",
"playbook_id": "PB_WEB_02",
"recommended_action": "quarantine_asset",
"affected_asset": "external-script-alpha.com",
"vector": "browser-side",
"source_data": {
"scanner_result": "malicious",
"threat_type": "obfuscated_script_injection"
}
}
}Detected threats — example output
| Domain | Threat type | Severity | Vector | Status |
|---|---|---|---|---|
| external-script-alpha.com | obfuscated_script_injection | Critical | browser-side | active |
| thirdparty-redirect.net | malicious_redirect | High | redirect-chain | active_drift |
| cdn-obfuscated.io | cloaked_content | Medium | browser-response variance | under_review |
| client-site-clean.com | — | Clean | — | clear |
Push structured alerts into FortiSOAR or Cortex XSOAR
Quttera provides structured threat evidence that your SIEM or SOAR platform can ingest, normalize, and convert into internal alert schemas and automated response workflows.
Example normalized alert payload (generated by SIEM/SOAR integration layer)
{
"alert": {
"source": "Quttera Web Malware Scanner",
"severity": "Critical",
"category": "Malicious Web Content",
"asset": "external-script-alpha.com",
"description": "Obfuscated script injection detected — active",
"playbook_id": "PB_WEB_02",
"evidence_url": "scannerapi.quttera.com/.../report/external-script-alpha.com",
"timestamp": "2026-04-20T18:52:05Z"
}
}Example normalized incident payload (Cortex XSOAR integration layer)
{
"incident": {
"name": "Quttera: Script injection — external-script-alpha.com",
"type": "Malicious Web Threat",
"severity": 4, // 4 = Critical "playbookId": "PB_WEB_02",
"labels": [
{ "type": "Domain", "value": "external-script-alpha.com" },
{ "type": "ThreatType", "value": "obfuscated_script_injection" },
{ "type": "Compliance", "value": "SOC2:CC6.1" }
]
}
}Example playbook mappings (configured within your SIEM/SOAR)
Script injection
Quarantine asset, notify security team, block in WAF
→ PB_WEB_02
Malicious redirect
Block redirect chain, log vector, escalate to SOC
→ PB_REDIRECT_04
Cloaked content
Flag for manual review, reduce trust score, alert team
→ PB_REVIEW_01
Blacklist match
Immediate block, revoke access, generate audit log
→ PB_BL_02
Map detected threats to compliance frameworks
Quttera provides compliance mapping reports that align detected threats with relevant controls across frameworks such as SOC 2, PCI DSS, and ISO 27001.
Compliance evidence endpoint
GET scannerapi.quttera.com/api/v3/{api-key}/compliance/report/{domain}.json
{
"compliance_evidence": {
"scan_id": "QT-2026-04-20-001",
"domain": "external-script-alpha.com",
"generated_at": "2026-04-20T18:52:05Z",
"frameworks": [
{
"standard": "SOC2",
"controls": [
{ "id": "CC6.1", "finding": "Unauthorized script detected" },
{ "id": "CC7.2", "finding": "Anomalous system component" }
]
},
{
"standard": "PCI_DSS",
"controls": [
{ "id": "Req 6.4", "finding": "Malicious browser-side script" }
]
},
{
"standard": "ISO_27001",
"controls": [
{ "id": "A.12.2", "finding": "Malware protection failure" }
]
}
],
"export_formats": ["JSON", "PDF", "CSV"]
}
}Supported frameworks
SOC 2 PCI DSS ISO 27001 GDPR (evidence) DORA (evidence)
Findings are automatically categorized as Clean, Potentially Suspicious, Suspicious, or Malicious — and mapped to the relevant control. Export on demand for GRC and SIEM platforms.
Live SIEM Feed Simulation — External Threat Intelligence Ingestion
Example Quttera API response (simulated)
// Select a domain and run scan...
Example normalized SIEM/SOAR events (derived from Quttera data)
Where Quttera Fits in Your Security Stack
Where Quttera Fits in Your Security Stack
Quttera extends your security visibility beyond internal logs by adding an external web telemetry layer.
Web Assets (domains, scripts, redirects)
Quttera External Threat Detection
SIEM / XDR / SOAR Platforms
SOC Alerts, Playbooks, Compliance Workflows
💡 Quttera operates outside your infrastructure, analyzing web assets the same way attackers and browsers do. This external perspective complements your existing XDR, SIEM, and endpoint telemetry—closing the visibility gap at the web layer.
Common Integration Use Cases
- Detect client-side threats invisible to server logs
- Monitor external domains, landing pages, and third-party scripts
- Enrich SIEM/XDR pipelines with browser-level threat intelligence
- Automate SOC workflows based on real-time web threat detection
- Support compliance and audit reporting with mapped threat evidence
Why Traditional Telemetry Falls Short
- Internal Logs
- Server activity
- Endpoint processes
- Network events
- Missed Threats
- Script injections
- Malicious redirects
- DOM manipulation
- Client-side data skimming
- Quttera Coverage✓ Browser-side execution visibility
✓ External content inspection
✓ Real-time web asset monitoring
💡 Quttera detects what your internal tools cannot see—because the attack happens outside your infrastructure.
Built for Modern Security Teams and Platforms
-
SOC teams enriching alerts with external threat intelligence
-
MSSPs monitoring large portfolios of client web assets
-
SaaS platforms embedding security into customer environments
-
Enterprises validating external attack surface continuously
Enable Continuous Web Resilience
- Reduce false negatives caused by incomplete telemetry
- Detect threats earlier—before user impact or escalation
- Automate response workflows with structured evidence
- Strengthen compliance posture with mapped findings
- Protect brand reputation and customer trust
API-Based Integration
API-Based Integration
- Integrates into
SIEM platforms (Splunk, Sentinel, Elastic)
SOAR systems (Cortex XSOAR, FortiSOAR)
security data pipelines
- Supportsreal-time + batch scanning
structured JSON evidence
automated ingestion workflows
Close the Web Visibility Gap in Your SOC
Integrate Quttera’s external threat intelligence into your SIEM or XDR platform and gain visibility into client-side threats your current tools miss.