Partners & Integrations
INtegration

Agentic Integration
for Upwind

Deploy AI micro-agents that reason through Upwind's runtime detections, triage cloud findings, and execute remediation with defined guardrails. Or build deterministic workflows for repeatable, rule-based automation. Blink gives you both.

Agentify Upwind
with Blink

Build micro-agents and agentic workflows that operationalize Upwind's runtime signals across your security stack. With BlinkOps, you can deploy purpose-built AI agents that triage detections, prioritize vulnerabilities, and execute remediation with defined roles and guardrails. Start from one of our agent templates or build your own from scratch.

Blink provides 29 out-of-the-box actions and a webhook trigger for Upwind. These actions serve as the building blocks for your agents and workflows, covering detections, findings, assets, policies, frameworks, and cloud account management. Upwind is a runtime-first cloud security platform spanning posture management, vulnerability prioritization, threat detection, API security, and compliance across containers, VMs, and serverless workloads. Blink turns those signals into action.

View the Docs
Agentify Upwind
with Blink

Security Micro-Agents for
Upwind

With BlinkOps' No-Code Security Micro-Agent Builder, you can deploy purpose-built AI agents that reason through Upwind findings, make context-aware decisions, and execute response actions with defined roles and guardrails. Each agent is scoped to a specific domain, uses Upwind actions as its abilities, and operates within the constraints your team defines.

Cloud Security

Cloud Misconfiguration Triage Agent

Abilities (Upwind actions used):
Get Configuration Finding
List Configuration Findings
Search Assets
List Endpoints
List Frameworks
Upwind Custom
Action

Role:

Cloud Security Analyst responsible for triaging Upwind configuration findings.

What it does:

When an Upwind webhook event fires for a configuration finding, this agent retrieves the full finding details using Get Configuration Finding, searches for impacted assets with Search Assets, evaluates severity and blast radius, and recommends a remediation path. For critical findings, it can trigger Upwind Custom Actions to apply fixes or escalate to a human reviewer.

Constraints:

Does not auto-remediate critical production assets without human approval. Only operates on findings matching the team's defined severity thresholds.

Runtime Vulnerability Prioritization Agent

Abilities (Upwind actions used):
Get Vulnerability Finding
List Vulnerability Findings
Search Assets
List Endpoints
List Policies
Update Policy

Role:

Vulnerability Analyst focused on prioritizing Upwind vulnerability findings based on runtime exploitability.

What it does:

This agent lists vulnerability findings from Upwind, cross-references impacted assets and endpoints to determine which vulnerabilities are actually reachable in production, and generates a prioritized remediation list. It filters out noise by leveraging Upwind's runtime context, focusing the team on the vulnerabilities that are actively exploitable. It can also update policies in Upwind to suppress validated false positives.

Constraints:

Does not suppress vulnerabilities with a CVSS score above 9.0 without analyst review. Summarizes findings with clear reasoning for each prioritization decision.

Cloud Account Posture Monitor Agent

Abilities (Upwind actions used):
List Frameworks
Create Framework
Update Framework
List Rules
Create Rule
List Policies
Update Policy
Create Cloud Account
Update Cloud Account

Role:

GRC Analyst responsible for continuous monitoring of cloud account security posture.

What it does:

This agent periodically lists cloud accounts, checks framework compliance status, reviews active rules and policies, and flags any drift or gaps. When it identifies compliance deviations, it creates or updates rules in Upwind and generates a summary for the GRC team. It can also create new frameworks when organizational requirements change.

Constraints:

Does not delete cloud accounts or rules without explicit human approval. Reports all changes with a clear audit trail.

SOC & Incident Response

Runtime Threat Detection Triage Agent

Abilities (Upwind actions used):
Get Detection Details
List Detections
Update Detection
List Threat Events
Search Assets
List Endpoints
Upwind Custom Action

Role:

SOC Analyst Level 1 responsible for initial triage of Upwind runtime detections.

What it does:

When an Upwind webhook fires a detection event, this agent retrieves full detection details, lists related threat events, searches for affected assets and endpoints, and builds an investigation summary. It evaluates whether the detection is a true positive based on the asset context and threat event history, then either closes it with a disposition note or escalates with a structured case for L2 review. It can also update the detection status in Upwind directly.

Constraints:

Cannot close detections classified as Critical without human review. Must provide reasoning and evidence for every triage decision. Does not take containment actions without escalation.
play video button

Automated Workflows for
Upwind

For structured, repeatable tasks that need to run the same way every time, Blink offers deterministic workflows built on the same Upwind actions. No reasoning required, just reliable execution on a defined path.

In the Blink library, we have compiled 8,000 automations that customers can download and run instantly. These automations include workflows for cloud security, compliance, identity & access management, network security, SOC & incident response, and threat hunting.

Browse Upwind Workflows

Available
Actions

Blink supports the following actions for Upwind

Detection & Findings

  • Get Detection Details
  • List Detections
  • Update Detection
  • Get Configuration Finding
  • List Configuration Findings
  • Get Vulnerability Finding
  • List Vulnerability Findings

Account Management

  • Create Cloud Account
  • Update Cloud Account
  • Delete Cloud Account
  • Upwind Custom Action

Assets & Endpoints

  • Search Assets
  • List Endpoints
  • List Threat Events

Automation & Orchestration

  • List Workflows
  • Get Workflow
  • Delete Workflow
  • Create Webhook
  • List Webhooks
  • Update Webhook
  • Delete Webhook

Policy & Compliance

  • List Policies
  • Update Policy
  • List Frameworks
  • Create Framework
  • Update Framework
  • List Rules
  • Create Rule
  • Delete Rule

Trigger

  • Upwind Webhook Event — Listen for notification changes about resources in your Upwind environment in real time

Related Partners

Wiz

Learn More

Prisma Cloud

Learn More

Orca

Learn More

Connect to anything

Blink offers thousands of pre-built integrations across leading security vendors so you can start automating instantly.

Explore Integrations
Blink integrations - logos in a grid