Skip to content

Sekoia.io forwarder logs

Overview

  • Vendor: Sekoia
  • Plan: Defend Core & Defend Prime
  • Detection based on: Audit

  • Supported application or feature: Sekoia.io forwarder logs collect all statictics coming from Sekoia forwarder instances. It helps to monitor the forwarder health:

    • resource usage
    • queue size
    • number of messages received by the forwarder
    • number of messages sent by the forwarder

Configure

To monitor forwarder health, create a new intake Sekoia.io forwarer logs in your community. Once the intake is enabled, please follow this documentation in order to activate metrics on the forwarder side. You can find also details about the generated metrics

Detection section

The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create custom detection rules, perform hunting activities, or pivot in the events page.