Extend Siemserva

Your data, your reports, your workflow. Pipe findings from any source into Siemserva's AI reporting engine, create custom report templates with validation rules, query the SQLite graph database from C#, Python, or PowerShell, and integrate with your SIEM, SOAR, or CI/CD pipeline.

Build on Siemserva

Query the security graph database, pipe findings to your SIEM, write connectors for third-party tools, and automate AI-enhanced reporting, all from C#, Python, or PowerShell.

Senserva Security API

Every scan builds a comprehensive security database of your Microsoft 365, Intune, and Entra ID environment. Query findings, entities, relationships, and compliance status from C#, Python, or PowerShell to build custom dashboards, CI/CD quality gates, blast radius analysis, and executive reports.

Composable Pipeline

Split scanning from reporting with --scan and --reporter. Pipe findings to your SIEM, filter with jq, merge multiple tenants, or feed any Senserva JSON source into the full AI-enhanced dashboard and report engine.

Third-Party Connectors

Already using Maester, custom scripts, or other scanners? Write a connector that outputs Senserva JSON and get all 6 AI-enhanced reports, compliance mapping, and the interactive dashboard, without writing any report code.

Three Languages

Full SDK support in C#, Python, and PowerShell. Sample scripts included. Read findings, traverse the identity graph, export to CSV/JSON, and build custom reports, all with read-only access to the scan database.

How the Pipeline Works

Siemserva splits into two composable halves. Scan in one terminal, report in another. Filter, transform, and merge in between.

siemserva --scan  produces Senserva JSON
        |
  your filter / transform / merge
        |
siemserva --reader --pipe  forwards to reporter
        |
siemserva --reporter --pipe  consumes Senserva JSON
        |
  6 AI-enhanced HTML reports
  Interactive TUI dashboard
  PowerShell remediation scripts

Any tool that outputs Senserva JSON can feed the reporter. Your custom scripts, Maester, or any scanner, all get the same AI-enhanced analysis and compliance mapping.

Senserva JSON Format

One JSON format connects everything. Any tool that outputs Senserva JSON gets full access to Siemserva's AI, reports, compliance mapping, and remediation.

Finding line

{
  "type": "finding",
  "data": {
    "tenantId": "contoso.com",
    "tenantName": "Contoso",
    "severity": 100,
    "description": "MFA not enforced",
    "systemName": "admin@contoso.com"
  }
}

One JSON object per line. Each line is a security finding with severity, description, and the affected entity.

Completion marker

{
  "type": "complete",
  "scanId": "a1b2c3d4...",
  "findingCount": 73,
  "errorCount": 0,
  "tenantIds": [
    "contoso.com"
  ]
}

One completion marker at the end of each stream. Tells the reporter that all findings have been sent.

How it works

  • 1.Your script or connector outputs one finding per line as JSON
  • 2.Send a completion marker when done so the reporter knows the stream is finished
  • 3.Pipe to siemserva --reporter for HTML reports, or --reporter --dashboard for the live TUI
  • 4.Siemserva handles everything else: AI analysis, compliance mapping, severity grouping, remediation scripts, and all six report types

Severity levels: 100 Critical, 75 High, 50 Medium, 25 Low, 10 Info. Additional fields for entity IDs, audit grouping, timestamps, and custom data are documented in the full SDK. Install Siemserva and run siemserva --sdk to get the complete field reference, data types, and working sample scripts.

Integrations

Two working connectors ship with Siemserva as samples. Use them as-is, adapt them for other tools, or write your own from scratch. All connectors output Senserva JSON and get full access to Siemserva's AI analysis, six report types, compliance mapping, and remediation scripts.

Maester Connector Sample

Converts Maester M365 security test results to Senserva JSON. Every failed Maester test appears in the Siemserva dashboard with AI analysis, remediation guidance, and compliance mapping. Use as a working sample for building your own connectors.

Zero Trust Assessment Connector Sample

Converts Microsoft Zero Trust Assessment results to Senserva JSON. View Zero Trust maturity findings alongside your Siemserva scan in one unified dashboard with AI-enhanced reporting and remediation. Another working sample for building custom connectors.

Universal Converter — ConvertTo-SiemservaNdjson.ps1

One script handles all supported input formats. Auto-detects whether the input is Maester, ScubaGear, Zero Trust Assessment, or generic JSON, converts it to Siemserva NDJSON, and pipes it into the reporting engine. PowerShell 5.1+ compatible (works on Windows, Linux, macOS).

Supported Formats

Maester
Pester-based M365 security tests. Reads Maester JSON output with test results, tags, and severity.
ScubaGear
CISA SCuBA baseline evaluator. Maps Shall/Should criticality to severity and preserves PolicyId codes.
Zero Trust Assessment
Microsoft's Invoke-ZtAssessment output. Maps TestRisk/TestImpact to severity, preserves pillar and category tags.
Generic JSON
Any JSON array with Severity/Name/Description fields. Flexible field name matching for custom tools.

Quick Start Commands

# Get the converter (included with siemserva --sdk)
siemserva --sdk

# ── Headless reports (no dashboard, single command) ──

# Convert Maester results and generate all reports
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json -Stdout | siemserva --reporter

# Convert ScubaGear consolidated results
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path ScubaResults.json -Stdout | siemserva --reporter

# Force a specific format (skip auto-detection)
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path results.json -Format Generic -Stdout | siemserva --reporter

# ── Interactive dashboard (two terminals, named pipe) ──
# The dashboard needs stdin for keyboard input, so data flows
# through a named pipe instead of stdin.

# Terminal 1: start the dashboard listening on a named pipe
siemserva --reporter --reporter-dashboard --pipe my-scan

# Terminal 2: convert and stream into the pipe
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json -Stdout | siemserva --reader --pipe my-scan

# Same pattern for Zero Trust Assessment
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path ZeroTrustAssessment.json -Stdout | siemserva --reader --pipe my-scan

# Pipe Maester output directly (no intermediate file)
Invoke-Maester -PassThru | ConvertTo-Json -Depth 10 | .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Stdout | siemserva --reader --pipe my-scan

# ── Options ──

# Override tenant info
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path results.json -TenantId contoso.com -TenantName "Contoso" -Stdout | siemserva --reporter

# Include passed tests as Info-severity findings
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json -IncludePassed -Stdout | siemserva --reporter

# Convert to a file (for later use or sharing)
.\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json

Parameters

-Path Input JSON file. Omit to read from stdin (pipe).
-OutputPath Output NDJSON file path. Default: auto-generated (e.g., Siemserva_Maester_20260406.json).
-Stdout Write NDJSON to stdout instead of a file. Required when piping to siemserva --reporter.
-Format Force input format: Auto (default), Maester, ScubaGear, ZeroTrust, Generic.
-IncludePassed Include passed/compliant tests as Info-severity findings. Off by default.
-IncludeSkipped Include skipped/not-implemented tests as Info-severity findings. Off by default.
-TenantId Override tenant ID on all findings.
-TenantName Override tenant display name on all findings.

Auto-detection: The converter examines the JSON structure to determine the format. Maester files have MaesterConfig or PesterConfig keys. ScubaGear has MetaData.ProductsAssessed. Zero Trust has TestResultSummary with pillar scores. Everything else falls back to Generic.

After converting: Open the dashboard, press R to generate reports, then A for AI-enhanced analysis, or press Enter on any finding for remediation details.

Build Your Own

Two paths to bring any data source into Siemserva:

Write New Scripts

Write scripts that output Senserva JSON directly. PowerShell, Python, C#, or any language. Your custom security checks get the same AI analysis, compliance mapping, and six report types as a native Siemserva scan.

Write an Importer

Already have scripts that output their own format? Write an importer that converts their output to Senserva JSON. The Maester and Zero Trust connectors are working examples of this pattern.

SIEM & SOAR

Pipe scan output directly to Splunk, Sentinel, Elastic, or any SIEM that ingests JSON. Filter for the severities you care about.

CI/CD Quality Gates

Query the scan database in your pipeline. Fail the build if Critical or High findings exceed your threshold. No dashboard needed, just a script and an exit code.

Named Pipe IPC

Use --pipe for real-time streaming to the dashboard. Multiple scanners and connectors can write to the same pipe simultaneously. The --reader command bridges filtered stdin into the pipe.

Claude MCP Integration

Connect Siemserva to Claude and query your security posture in plain English. Ask about findings, traverse the identity graph, and generate remediation scripts, all conversationally.

Claude Code CLI

# Install MCP server for Claude Code
siemserva --claude cli-install

# Remove when done
siemserva --claude cli-remove

Claude Desktop

# Install MCP server for Claude Desktop
siemserva --claude mcp-install

# Remove when done
siemserva --claude mcp-remove
Anthropic Claude Integration

Get the Full SDK

Download Siemserva and run siemserva --sdk to get the complete SDK documentation, API reference, sample scripts in C#, Python, and PowerShell, and the full Senserva JSON wire format specification.

Download Free View Pricing

Free for up to 100 users. Free unlimited for non-profits, MVPs, and MISA members.