Integrations

In order to protect your business, you need to know what happens. The monitoring of your network and your devices is a prerequisite to their security.

SEKOIA.IO rely on your log to identify threats and malicious activities.

In this chapter, you will learn how to configure your log system to make it forward your events to SEKOIA.IO.

SEKOIA.IO is able to collect logs through various mechanisms, configuration on your side should be easy! Here is an overview on how integration could be done with SEKOIA.IO.

SEKOIA.IO Operation Center integration overview

SEKOIA.IO supports the following log collectors:

  • Syslog over TLS (intake.sekoia.io:10515): you can forward your events by using the Syslog protocol specified in RFC 5424.
  • HTTPS (https://intake.sekoia.io): you can POST your JSON events.
  • Cloud hosting polling: you can configure SEKOIA.IO to regularly retrieve your logs.

If these solutions do not meet your needs, we can also configure a dedicated secured network through a VPN and retrieve your logs directly (please contact us for more information).

Syslog integration

We are providing documentation and example configurations on how to configure your log system for a few log aggregators such as Rsyslog, Syslog-NG or Fluentd.

Rsyslog, Syslog-ng, NXlog, Fluentd, Logstash

HTTPS integration

To push your events through our HTTP log collector, you have to POST your logs in the JSON or MessagePack format. To send us events, you should set Content-Type HTTP header:

  • application/javascript for JSON messages.
  • application/msgpack for MessagePack message.

Cloud & SaaS integration

SEKOIA.IO is also able to retrieve logs and data from cloud platforms, such as Microsoft Azure, Amazon Web Services or Google Cloud.

Log formats

Cloud and SaaS

Operating Systems

Applications

Generic