In order to protect your business, you need to know what happens. The monitoring of your network and your devices is a prerequisite to their security.
SEKOIA.IO rely on your log to identify threats and malicious activities.
In this chapter, you will learn how to configure your log system to make it forward your events to SEKOIA.IO.
SEKOIA.IO is able to collect logs through various mechanisms, configuration on your side should be easy! Here is an overview on how integration could be done with SEKOIA.IO.
SEKOIA.IO supports the following log collectors:
- Syslog over TLS (
intake.sekoia.io:10515): you can forward your events by using the Syslog protocol specified in RFC 5424.
- HTTPS (
https://intake.sekoia.io): you can
POSTyour JSON events.
- Cloud hosting polling: you can configure SEKOIA.IO to regularly retrieve your logs.
If these solutions do not meet your needs, we can also configure a dedicated secured network through a VPN and retrieve your logs directly (please contact us for more information).
We are providing documentation and example configurations on how to configure your log system for a few log aggregators such as Rsyslog, Syslog-NG or Fluentd.
To push your events through our HTTP log collector, you have to
POST your logs in the JSON or MessagePack format. To send us events, you should set
Content-Type HTTP header:
application/msgpackfor MessagePack message.
Cloud & SaaS integration
SEKOIA.IO is also able to retrieve logs and data from cloud platforms, such as Microsoft Azure, Amazon Web Services or Google Cloud.
Cloud and SaaS
- Microsoft Azure Active Directory
- Microsoft Azure MySQL
- Microsoft Azure Linux machines
- Microsoft Azure Windows machines
- Microsoft Office 365
- F5 BigIP
- ISC DHCP