SEKOIA.IO Documentation
Intelligence
Initializing search
GitHub
Getting Started
SEKOIA.IO XDR
SEKOIA.IO CTI
SEKOIA.IO TIP
SEKOIA.IO Documentation
GitHub
Getting Started
Getting Started
Overview
1. Set up account
1. Set up account
Join a community
Create your account
Set up account security
Set up account security
Two-Factor Authentication
Security tokens
2. Manage communities
2. Manage communities
Edit a community
(MSSP ONLY) Create a sub-community
Set up community security
Set up community security
SSO with OpenID Connect
SSO with Azure AD
SSO with Okta
3. Navigate on the platform
4. Manage users
4. Manage users
Invite users
Manage users
Deactivate inactive users
Roles and Permissions
Roles and Permissions
Roles
Permissions
5. Manage notifications
5. Manage notifications
Listing and creation
Notification examples
6. Manage API Keys
SEKOIA.IO XDR
SEKOIA.IO XDR
Introduction
Quick start guide
Features
Features
Collect
Collect
Overview
Ingestion methods
Ingestion methods
Sekoia.io Forwarder
Rsyslog
Logstash
syslog-ng
Graylog
HTTPS
Integrations
Integrations
Overview
Custom Format
Application
Application
Alsid / Tenable.ad
Apache HTTP Server
BIND
FreeRADIUS
HAProxy
ISC DHCP
Nginx
OpenSSH
RSA SecurID
SEKOIA.IO activity logs
Unbound
Cloud and SaaS
Cloud and SaaS
AWS
AWS
CloudTrail
GuardDuty
VPC Flow Logs
S3 for logs
WAF logs
Cisco Umbrella
Cisco Umbrella
Cisco Umbrella Proxy
Cisco Umbrella IP
Cisco Umbrella DNS
Cloudflare
Cloudflare
Access requests
Audit logs
DNS logs
Firewall events
Gateway DNS
Gateway HTTP
Gateway Network
HTTP requests
Digital Shadows SearchLight
Google Cloud
Google Cloud
Google Workspace and Google Cloud Audit Logs
Google Kubernetes Engine
Google Cloud VPC Flow Logs
Imperva WAF
Microsoft Azure
Microsoft Azure
Azure Active Directory
Azure Front Door
Azure Database for MySQL
Azure Linux
Azure Network Watcher
Azure Windows
Microsoft Office 365
Microsoft Office 365
Office365
Microsoft Defender for Office 365
Message trace
Netskope Events
Okta system log
Email
Email
Apache Spamassassin
Cisco ESA
Fortinet Fortimail
Postfix
Proofpoint
Proofpoint
Proofpoint PoD
Proofpoint TAP
Retarus Email Security
Vade for M365
Endpoint
Endpoint
Beats
Beats
Auditbeat Linux
Winlogbeat
CrowdStrike Falcon
Cybereason MalOp
Cybereason MalOp activity
HarfangLab
IBM AIX
Linux
Microsoft Defender for Endpoints
Microsoft Intune
Panda Security Aether
SEKOIA.IO Endpoint Agent
SentinelOne EDR
SentinelOne Cloud Funnel 1.0 [Deprecated]
SentinelOne Cloud Funnel 2.0
Sophos EDR
Symantec/Broadcom Endpoint Security
Tanium
TEHTRIS EDR
Trend Micro Cloud One / Deep Security
VMware ESXi
Windows
Windows Log Insight
WithSecure Elements
Network
Network
Check Point Firewall
Cisco
Cisco
Cisco Secure Firewall
Cisco Secure Web Appliance
Cisco IOS
Cisco NX-OS
Cisco Meraki MX
Gatewatcher AionIQ
F5 BIG-IP
Forcepoint Secure Web Gateway
Fortinet
Fortinet
Fortinet Fortigate
Fortinet Fortiproxy
Fortinet Fortiweb
Infoblox DDI
Mc Afee/Skyhigh Secure Web Gateway
Microsoft Always On VPN
NetFilter
OPNSense
Palo Alto Next-Generation Firewall
pfSense
Pulse / Ivanti Secure Connect
Rubycat PROVE IT
SonicWall Firewall
Sophos Firewall
Squid
Stormshield SNS
Suricata
Vectra Cognito Detect
Wallix
WatchGuard Firebox
Zeek
Generic
Generic
CEF
Raw events
Intakes
Entities
Assets
Detect
Detect
Rules Catalog
Built-in Rules
Sigma
Anomaly Detection
IOCs Collections
Investigate
Investigate
Alerts
Events
Cases
Events Query Language
Querying Events
Report
Report
Dashboards
Automate
Automate
Playbooks
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
Azure Active Directory
BinaryEdge's API
Censys
Certificate Transparency
CrowdStrike Falcon
Cybereason
Detection Rules
Digital Shadows
Fortigate Firewalls
GLIMPS
Git
Google
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPtoASN
Imperva
MISP
MWDB
Mandrill
Mattermost
Microsoft Azure
Microsoft Office365
Netskope
OKTA
OSINT
Onyphe
PagerDuty
Panda Security
Proofpoint
Proofpoint
Public Suffix
RSS
RiskIQ
SEKOIA.IO
STIX
Sentinel One
ServiceNow
Shodan
Skyhigh Security
Skyhigh Security Secure Web Gateway (SWG)
Sophos
Tehtris
The Hive
Tranco
Triage
Vade Secure
VirusTotal
Whois
WithSecure
fileutils
Debug playbooks
External integrations
External integrations
FortiSOAR
Usecases
Usecases
Synchronize Alerts with an external tool
FAQ
FAQ
General
Alerts
Events
Rules
SEKOIA.IO Endpoint agent
Develop
Develop
Quickstart
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Dashboard
Notification
Configuration
Parser
Alert
Assets
Playbooks
Telemetry
SEKOIA.IO CTI
SEKOIA.IO CTI
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Outgoing Feeds
Graph Explorations
Enrichers
Export
IOCs Collections
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
Anomali ThreatStream
PaloAlto Cortex XSOAR
Develop
Develop
Overview
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Telemetry
Dashboard
Notification
Playbooks
External Dynamic List
SEKOIA.IO TIP
SEKOIA.IO TIP
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Outgoing Feeds
Graph Explorations
Enrichers
Export
IOCs Collections
Produce and investigate
Produce and investigate
Content Proposals
Incoming Feeds
Warning Rules
Expiration Rules
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
PaloAlto Cortex XSOAR
Automate
Automate
Playbooks
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
BinaryEdge's API
Censys
Certificate Transparency
CrowdStrike Falcon
Detection Rules
Digital Shadows
Fortigate Firewalls
GLIMPS
Git
Google
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPtoASN
Imperva
MISP
MWDB
Mandrill
Mattermost
OSINT
Onyphe
PagerDuty
Panda Security
Proofpoint
Public Suffix
RSS
RiskIQ
SEKOIA.IO
STIX
ServiceNow
Shodan
Skyhigh Security
The Hive
Tranco
Triage
Vade Secure
VirusTotal
Whois
WithSecure
fileutils
Develop
Develop
Overview
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Dashboard
Notification
Playbooks
Intelligence
Back to top