logo
Sekoia.io Documentation
Sekoia.io CTI - Develop
Initializing search
    GitHub
    • Getting Started
    • Sekoia.io XDR
    • Sekoia.io CTI
    • Sekoia.io TIP
    GitHub
      • Overview
        • Join a community
        • Create your account
          • Two-Factor Authentication
          • Security tokens
        • Edit a community
        • Create a sub-community
          • SSO with OpenID Connect
          • SSO with Azure AD
          • SSO with Okta
      • 3. Navigate on the platform
        • Invite users
        • Manage users
        • Deactivate inactive users
          • Roles
          • Permissions
        • Listing and creation
        • Notification examples
      • 6. Manage API Keys
      • Introduction
      • Quick start guide
          • Overview
            • Sekoia.io Forwarder
            • Rsyslog
            • Logstash
            • syslog-ng
            • Graylog
            • HTTPS
            • Overview
            • Custom Format
              • Alsid / Tenable.ad
              • Apache HTTP Server
              • BIND
              • FreeRADIUS
              • HAProxy
              • ISC DHCP
              • Nginx
              • OpenLDAP
              • OpenSSH
              • RSA SecurID
              • SEKOIA.IO activity logs
              • Unbound
                • CloudTrail
                • GuardDuty
                • VPC Flow Logs
                • S3 for logs
                • WAF logs
                • Cisco Umbrella Proxy
                • Cisco Umbrella IP
                • Cisco Umbrella DNS
                • Access requests
                • Audit logs
                • DNS logs
                • Firewall events
                • Gateway DNS
                • Gateway HTTP
                • Gateway Network
                • HTTP requests
              • Cato SASE
              • Digital Shadows SearchLight
              • Cisco Duo Security
              • Github Audit Logs
                • Google Cloud Audit Logs
                • Google Kubernetes Engine
                • Google Cloud VPC Flow Logs
                • Google Workspace
              • Imperva WAF
              • Jumpcloud Directory Insights
                • Azure Active Directory
                • Azure Front Door
                • Azure Database for MySQL
                • Azure Linux
                • Azure Network Watcher
                • Azure Windows
                • Office365
                • Microsoft Defender for Office 365
                • Microsoft 365 Defender
                • Message trace
              • Netskope Events
              • OGO Shield WAF
              • Okta system log
              • Salesforce
              • Sophos Threat Analysis Center
              • Ubika WAAP Gateway
              • Zscaler ZIA
              • Apache Spamassassin
              • Cisco ESA
              • Fortinet Fortimail
              • Postfix
                • Proofpoint PoD
                • Proofpoint TAP
              • Retarus Email Security
              • Vade Cloud
              • Vade for M365
                • Auditbeat Linux
                • Winlogbeat
              • CrowdStrike Falcon
              • CrowdStrike Telemetry
              • Cybereason MalOp
              • Cybereason MalOp activity
              • Darktrace Threat Visualizer
              • HarfangLab
              • IBM AIX
              • Linux
              • Microsoft Intune
              • Panda Security Aether
              • Sekoia.io Endpoint Agent
              • SentinelOne EDR
              • SentinelOne Cloud Funnel 1.0 [Deprecated]
              • SentinelOne Cloud Funnel 2.0
              • Sophos EDR
              • Stormshield SES
              • Symantec/Broadcom Endpoint Security
              • Tanium
              • TEHTRIS EDR
                • Trend Micro Apex One
                • Trend Micro Cloud One / Deep Security
              • Trellix ePO
              • VMware ESXi
              • VMware VCenter
              • Windows
              • Windows Log Insight
              • WithSecure Elements
              • Check Point Firewall
                • Cisco Secure Firewall
                • Cisco Secure Web Appliance
                • Cisco IOS
                • Cisco Identity Services Engine (ISE)
                • Cisco NX-OS
                • Cisco Meraki MX
              • Citrix ADC
              • Gatewatcher AionIQ
              • F5 BIG-IP
              • Forcepoint Secure Web Gateway
                • Fortinet Fortigate
                • Fortinet Fortiproxy
                • Fortinet Fortiweb
              • Infoblox DDI
              • Sophos Firewall
              • Mc Afee/Skyhigh Secure Web Gateway
              • Microsoft Always On VPN
              • NetFilter
              • OPNSense
              • Palo Alto Next-Generation Firewall
              • pfSense
              • Pulse / Ivanti Secure Connect
              • Rubycat PROVE IT
              • SonicWall Firewall
              • Squid
              • Stormshield SNS
              • Suricata
              • Varonis Data Security
              • Vectra Cognito Detect
              • Wallix
              • WatchGuard Firebox
              • Zeek
              • CEF
              • Raw events
          • Intakes
          • Entities
          • Assets
          • Rules Catalog
          • Built-in Rules
          • Sigma
          • Anomaly Detection
          • IOCs Collections
          • Alerts
          • Events
          • Cases
          • Events Query Language
          • Querying Events
          • Dashboards
          • Playbooks
          • Manage accounts
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
            • AWS
            • Azure Active Directory
            • BinaryEdge's API
            • Censys
            • Certificate Transparency
            • CrowdStrike
            • CrowdStrike Falcon
            • Cybereason
            • Cybereason
            • Detection Rules
            • Digital Shadows
            • Fortigate Firewalls
            • GLIMPS
            • Git
            • Github
            • Google
            • Google
            • Google
            • HTTP
            • HarfangLab
            • IKnowWhatYouDownload
            • IPtoASN
            • Imperva
            • Jumpcloud
            • MISP
            • MWDB
            • Mandrill
            • Mattermost
            • Microsoft Azure
            • Microsoft Office365
            • Netskope
            • OKTA
            • OSINT
            • Onyphe
            • PagerDuty
            • Panda Security
            • Proofpoint
            • Proofpoint
            • Public Suffix
            • RSS
            • RiskIQ
            • STIX
            • Sekoia.io
            • SentinelOne
            • ServiceNow
            • Shodan
            • Skyhigh Security
            • Skyhigh Security Secure Web Gateway (SWG)
            • Sophos
            • Tehtris
            • The Hive
            • Tranco
            • Triage
            • Vade Cloud
            • Vade Secure
            • VirusTotal
            • Whois
            • WithSecure
            • fileutils
          • Debug playbooks
          • FortiSOAR
          • Palo Alto Cortex XSOAR
        • Synchronize Alerts with an external tool
        • Send notifications to a Webhook using a playbook
        • General
        • Alerts
          • Events QA
          • Facing issues with logs collection
        • Rules
        • Sekoia.io Endpoint agent
        • Quickstart
          • Filtering
            • Overview
            • Create a Module
            • Overview
            • Create a Format
            • Datasources
            • Definition of a structured event
            • Definition of the taxonomy
            • How to write a parser
            • How to write smart descriptions
          • Authentication and Community
          • Dashboard
          • Notification
          • Configuration
          • Parser
          • Alert
          • Assets
          • Playbooks
          • Telemetry
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Telemetry
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • IOCs Collections
          • Dashboards
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • Anomali ThreatStream
          • PaloAlto Cortex XSOAR
        • Overview
          • Filtering
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Telemetry
          • Dashboard
          • Notification
          • Playbooks
          • External Dynamic List
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • IOCs Collections
          • Content Proposals
          • Incoming Feeds
          • Warning Rules
          • Expiration Rules
          • Dashboards
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • PaloAlto Cortex XSOAR
          • Playbooks
          • Manage accounts
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
            • AWS
            • BinaryEdge's API
            • Censys
            • Certificate Transparency
            • CrowdStrike
            • CrowdStrike Falcon
            • Cybereason
            • Detection Rules
            • Digital Shadows
            • Fortigate Firewalls
            • GLIMPS
            • Git
            • Github
            • Google
            • Google
            • Google
            • HTTP
            • HarfangLab
            • IKnowWhatYouDownload
            • IPtoASN
            • Imperva
            • MISP
            • MWDB
            • Mandrill
            • Mattermost
            • OSINT
            • Onyphe
            • PagerDuty
            • Panda Security
            • Proofpoint
            • Public Suffix
            • RSS
            • RiskIQ
            • STIX
            • Sekoia.io
            • SentinelOne
            • ServiceNow
            • Shodan
            • Skyhigh Security
            • The Hive
            • Tranco
            • Triage
            • Vade Cloud
            • Vade Secure
            • VirusTotal
            • Whois
            • WithSecure
            • fileutils
        • Overview
          • Filtering
            • Overview
            • Quick start
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Dashboard
          • Notification
          • Playbooks

    SEKOIA.IO CTI – Develop

    To develop, integrate and automate your workflows, build with the SEKOIA.IO REST API.

    Quickstart

      Popular Guides

    Filtering
    The filtering method used by SEKOIA.IO REST API.

      Popular REST APIs

    • Intelligence
    • Enrichments
    • Telemetry
    • Notification
    • Community
    Previous
    PaloAlto Cortex XSOAR
    Next
    Filtering
    Copyright © 2023 - Sekoia.io
    Made with Material for MkDocs