logo
SEKOIA.IO Documentation
SEKOIA.IO CTI - Develop
Initializing search
    GitHub
    • Getting Started
    • SEKOIA.IO XDR
    • SEKOIA.IO CTI
    • SEKOIA.IO TIP
    GitHub
      • Overview
        • Join a community
        • Create your account
          • Two-Factor Authentication
          • Security tokens
        • Edit a community
        • (MSSP ONLY) Create a sub-community
          • SSO with OpenID Connect
      • 3. Navigate on the platform
        • Invite users to join
        • Manage users
          • Roles
          • Permissions
        • Listing and creation
        • Notification examples
      • 6. Manage API Keys
      • Introduction
      • Quick start guide
          • Overview
            • SEKOIA.IO Docker concentrator
            • Rsyslog
            • Logstash
            • syslog-ng
            • Graylog
            • HTTPS
            • Overview
            • Custom Format
              • Alsid / Tenable.ad
              • Apache HTTP Server
              • BIND
              • FreeRADIUS
              • HAProxy
              • ISC DHCP
              • Nginx
              • OpenSSH
              • SEKOIA.IO activity logs
              • Unbound
                • CloudTrail
                • VPC Flow Logs
                • S3 for logs
                • WAF logs
                • Cisco Umbrella Proxy
                • Cisco Umbrella IP
                • Cisco Umbrella DNS
                • HTTP requests
                • DNS logs
                • Firewall events
              • Digital Shadows SearchLight
                • Google Cloud Audit Logs
                • Google Kubernetes Engine
                • Google Cloud VPC Flow Logs
              • Imperva WAF
                • Azure Active Directory
                • Azure Front Door
                • Azure Database for MySQL
                • Azure Linux
                • Azure Network Watcher
                • Azure Windows
                • Office365
                • Microsoft Defender for Office 365
                • Message trace
              • Netskope Events
              • Okta system log
              • Apache Spamassassin
              • Fortinet Fortimail
              • Postfix
                • Proofpoint PoD
                • Proofpoint TAP
              • Retarus Email Security
              • Vade for M365
                • Auditbeat Linux
                • Winlogbeat
              • CrowdStrike Falcon
              • Cybereason MalOp
              • Cybereason MalOp activity
              • HarfangLab
              • IBM AIX
              • Linux
              • Microsoft Defender for Endpoints
              • Microsoft Intune
              • Panda Security Aether
              • SEKOIA.IO Endpoint Agent
              • SentinelOne EDR
              • SentinelOne Deep Visibility
              • Sophos EDR
              • Symantec/Broadcom Endpoint Security
              • Tanium
              • TEHTRIS EDR
              • Trend Micro Cloud One / Deep Security
              • Windows
              • Windows Log Insight
              • Check Point Firewall
                • Cisco Secure Firewall
                • Cisco Secure Web Appliance
                • Cisco IOS
                • Cisco NX-OS
                • Cisco Meraki MX
              • Gatewatcher AionIQ
              • F5 BIG-IP
              • Forcepoint Secure Web Gateway
                • Fortinet Fortigate
                • Fortinet Fortiproxy
                • Fortinet Fortiweb
              • Infoblox DDI
              • Mc Afee/Skyhigh Secure Web Gateway
              • Microsoft Always On VPN
              • NetFilter
              • Palo Alto Next-Generation Firewall
              • Pulse / Ivanti Secure Connect
              • Rubycat PROVE IT
              • SonicWall Firewall
              • Sophos Firewall
              • Squid
              • Stormshield SNS
              • Suricata
              • Vectra Cognito Detect
              • Wallix
              • WatchGuard Firebox
              • Zeek
              • CEF
              • Raw events
          • Intakes
          • Entities
          • Assets
          • Rules Catalog
          • Built-in Rules
          • Sigma
          • Anomaly Detection
          • IOCs Collections
          • Alerts
          • Events
          • Cases
          • Events Query Language
          • Querying Events
          • Dashboards
          • Playbooks
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
            • AWS
            • Microsoft Azure
            • Azure Active Directory
            • BinaryEdge's API
            • Censys
            • Certificate Transparency
            • Cybereason
            • CrowdStrike Falcon
            • Detection Rules
            • Digital Shadows
            • fileutils
            • Fortigate Firewalls
            • Git
            • GLIMPS
            • Google
            • HTTP
            • HarfangLab
            • IKnowWhatYouDownload
            • IPtoASN
            • Imperva
            • MISP
            • MWDB
            • Mandrill
            • Mattermost
            • Netskope
            • OKTA
            • OSINT
            • Microsoft Office365
            • Onyphe
            • PagerDuty
            • Panda Security
            • Proofpoint
            • Public Suffix
            • RSS
            • RiskIQ
            • SEKOIA.IO
            • STIX
            • Sentinel One
            • ServiceNow
            • Shodan
            • Skyhigh Security Secure Web Gateway (SWG)
            • Sophos
            • The Hive
            • Tehtris
            • Tranco
            • Triage
            • Vade Secure
            • VirusTotal
            • Whois
          • Debug playbooks
          • FortiSOAR
        • Synchronize Alerts with an external tool
        • General
        • Alerts
        • Events
        • Rules
        • SEKOIA.IO Endpoint agent
        • Overview
          • Filtering
          • Authentication and Community
          • Dashboard
          • Notification
          • Configuration
          • Parser
          • Alert
          • Assets
          • Playbooks
          • Telemetry
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • IOCs Collections
          • Dashboards
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • Anomali ThreatStream
          • PaloAlto Cortex XSOAR
        • Overview
          • Filtering
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Telemetry
          • Dashboard
          • Notification
          • Playbooks
          • External Dynamic List
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • IOCs Collections
          • Content Proposals
          • Incoming Feeds
          • Warning Rules
          • Expiration Rules
          • Dashboards
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • PaloAlto Cortex XSOAR
          • Playbooks
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
            • AWS
            • BinaryEdge's API
            • Censys
            • Certificate Transparency
            • Detection Rules
            • Digital Shadows
            • fileutils
            • Fortigate Firewalls
            • Git
            • GLIMPS
            • Google
            • HTTP
            • HarfangLab
            • IKnowWhatYouDownload
            • IPtoASN
            • Imperva
            • MISP
            • MWDB
            • Mandrill
            • Mattermost
            • OSINT
            • Onyphe
            • PagerDuty
            • Panda Security
            • Public Suffix
            • RSS
            • RiskIQ
            • SEKOIA.IO
            • STIX
            • ServiceNow
            • Shodan
            • The Hive
            • Tranco
            • Triage
            • Vade Secure
            • VirusTotal
            • Whois
        • Overview
          • Filtering
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Dashboard
          • Notification
          • Playbooks

    SEKOIA.IO CTI – Develop

    To develop, integrate and automate your workflows, build with the SEKOIA.IO REST API.

    Quickstart

      Popular Guides

    Filtering
    The filtering method used by SEKOIA.IO REST API.

      Popular REST APIs

    • Intelligence
    • Enrichments
    • Telemetry
    • Notification
    • Community
    Previous PaloAlto Cortex XSOAR
    Next Filtering
    Copyright © 2023 - SEKOIA.IO
    Made with Material for MkDocs