Overview

S4E is a Continuous AI-Based Security Operations platform built with an API-first architecture. Every capability exposed through the web console is also available programmatically, giving developers full control over asset management, vulnerability scanning, remediation workflows, and reporting.

This page describes what you can build with S4E, the integration options available to you, and the high-level platform architecture.

What You Can Build

Custom Integrations

Connect S4E with your existing security stack. Common integration targets include:

  • SIEM platforms -- Forward findings, alerts, and audit events to Splunk, Elastic SIEM, Microsoft Sentinel, or any syslog-compatible collector.
  • Ticketing systems -- Automatically create and update tickets in Jira, ServiceNow, or PagerDuty when new vulnerabilities are discovered.
  • Communication tools -- Send notifications to Slack channels, Microsoft Teams, or email distribution lists based on severity thresholds.

Custom Scans

Define scan profiles tailored to your environment. You can specify target scope, scanner selection, scheduling rules, and post-scan actions. Custom scans are managed through the API and can be triggered on demand or on a recurring schedule.

Automated Workflows

Chain multiple API calls together to build end-to-end automation. Examples include:

  • Continuous scanning of newly deployed assets discovered by Opservant.
  • Automatic severity re-classification based on asset criticality tags.
  • Scheduled report generation and distribution to stakeholder mailing lists.

SIEM Connectors

S4E provides a structured event format that maps directly to common SIEM schemas (CEF, LEEF, ECS). You can consume these events via webhooks or by polling the Events API endpoint.

Custom Actions

Actions are discrete, event-driven units of work that execute when a specified trigger condition is met. You can author actions in Python using the S4E SDK, test them locally, and deploy them to run within the platform.

Playbooks

Playbooks compose multiple actions into ordered, conditional workflows. A playbook might, for example, detect a critical finding, enrich it with asset context, open a Jira ticket, notify the asset owner, and schedule a re-scan -- all without manual intervention.

Integration Options

S4E offers several surfaces for integration, each suited to different use cases.

REST API

The primary integration surface. The API follows RESTful conventions, uses JSON request and response bodies, and is served over HTTPS.

  • Cloud base URL: https://api.s4e.io
  • On-premises base URL: Your instance URL (e.g., https://s4e.internal.example.com)

The API is versioned. The current stable version is included in the URL path (e.g., /api/v1/). Refer to the API reference for the full endpoint catalog.

SDK (Python)

The S4E Python SDK wraps the REST API with typed request and response models, automatic pagination, retry logic, and authentication management. Install it from PyPI:

pip install s4e-sdk

CLI

The S4E CLI provides command-line access to platform operations. It is useful for scripting, CI/CD integration, and interactive exploration.

s4e-cli scans list --status running

Webhooks

Register webhook endpoints to receive real-time HTTP POST notifications when events occur in S4E -- new findings, scan completions, asset changes, and more. Webhook payloads are signed so you can verify their authenticity.

Agent (Opservant)

Opservant is a lightweight agent deployed inside your network perimeter. It performs local asset discovery, internal vulnerability scanning, and secure telemetry forwarding to the S4E control plane. The agent communicates outbound over HTTPS and does not require inbound firewall rules.

Architecture Overview

The S4E platform follows a microservices architecture. The major components and their relationships are described below.

Developer / Automation
        |
        v
   [ REST API ]  <-->  [ Core Service ]
        |                     |
        +----------+----------+
                   |
        +----------+----------+
        |          |          |
   [ Scanner ] [ Crawler ] [ Dispatcher ]
        |          |          |
        +----------+----------+
                   |
              [ Database ]
                   |
        +----------+----------+
        |                     |
   [ RabbitMQ ]         [ Redis Cache ]
        |
   [ Scheduler ]
  • Core Service -- Handles API routing, authorization, and business logic.
  • Scanner -- Manages scan definitions, categories, and execution.
  • Crawler -- Web crawling pipeline for asset and endpoint discovery.
  • Dispatcher -- Routes scan jobs from the queue to the appropriate executor.
  • Scheduler -- Time-based triggering of recurring scans and workflows.
  • Database -- PostgreSQL for persistent storage; MongoDB for document-oriented data.
  • RabbitMQ -- Asynchronous message broker for inter-service communication.
  • Redis -- Caching layer and ephemeral job queues.

Note

On-premises deployments run the same microservice stack behind your firewall. The Opservant agent bridges your internal network with the control plane, whether cloud-hosted or self-hosted.

Prerequisites

Before you begin developing with S4E, ensure you have the following:

Requirement Details
S4E Account An active account on the cloud platform or an on-premises instance.
API Key Generated from the S4E console under Settings > API Keys. Required for all API requests.
Workspace Role Your user must have the Developer or Admin role in at least one workspace.
Python 3.9+ Required if you plan to use the SDK or author custom actions.
Network Access HTTPS access to https://api.s4e.io (cloud) or your on-prem base URL.

Warning

API keys grant programmatic access to your workspace. Treat them as secrets -- never commit them to version control or share them in plain text. See Authentication for secure handling practices.

Next Steps

Once you have your account and API key ready, proceed to Authentication to learn how to authenticate your requests.