In order to protect your business, you need to know what happens. The monitoring of your network and your devices is a prerequisite to their security.
SEKOIA.IO rely on your log to identify threats and malicious activities.
In this chapter, you will learn how to configure your log system to make it forward your events to SEKOIA.IO.
SEKOIA.IO is able to collect logs through various mechanisms, configuration on your side should be easy! Here is an overview on how integration could be done with SEKOIA.IO.
SEKOIA.IO supports the following log collectors:
- Syslog over TLS (
intake.sekoia.io:10514): you can forward your events by using the Syslog protocol specified in RFC 5424.
- HTTPS (
https://intake.sekoia.io): you can
POSTyour JSON events.
- Cloud hosting polling: you can configure SEKOIA.IO to regularly retrieve your logs.
If these solutions do not meet your needs, we can also configure a dedicated secured network through a VPN and retrieve your logs directly (please contact us for more information).
We are providing documentation and example configurations on how to configure your log system for Rsyslog, but it should be easy to configure other log collectors to forward their events to SEKOIA.IO.
To push your events through our HTTP log collector, you have to
POST your logs in the JSON or MessagePack format. To send us events, you should set
Content-Type HTTP header:
application/msgpackfor MessagePack message.
Cloud & SaaS integration
SEKOIA.IO is also able to retrieve logs and data from cloud platforms, such as Microsoft Azure, Amazon Web Services or Google Cloud.
Cloud and SaaS
- AWS CloudTrail
- AWS Flow Logs
- Microsoft Azure Active Directory
- Microsoft Azure MySQL
- Microsoft Azure Linux machines
- Microsoft Azure Network Watcher
- Microsoft Azure Windows machines
- Microsoft Office 365
- CISCO Umbrella Dns Logs
- CISCO Umbrella Ip Logs
- CISCO Umbrella Proxy Logs
- F5 BigIP
- ISC DHCP