Integrations
In order to protect your business, you need to know what happens. The monitoring of your network and your devices is a prerequisite to their security.
SEKOIA.IO rely on your log to identify threats and malicious activities.
In this chapter, you will learn how to configure your log system to make it forward your events to SEKOIA.IO.
SEKOIA.IO is able to collect logs through various mechanisms, configuration on your side should be easy! Here is an overview on how integration could be done with SEKOIA.IO.
SEKOIA.IO supports the following log collectors:
- Syslog over TLS (
intake.sekoia.io:10514
): you can forward your events by using the Syslog protocol specified in RFC 5424. - HTTPS (
https://intake.sekoia.io
): you canPOST
your JSON events. - Cloud hosting polling: you can configure SEKOIA.IO to regularly retrieve your logs.
If these solutions do not meet your needs, we can also configure a dedicated secured network through a VPN and retrieve your logs directly (please contact us for more information).
Syslog integration
We are providing documentation and example configurations on how to configure your log system for Rsyslog, but it should be easy to configure other log collectors to forward their events to SEKOIA.IO.
HTTPS integration
To push your events through our HTTP log collector, you have to POST
your logs in the JSON or MessagePack format. To send us events, you should set Content-Type
HTTP header:
application/javascript
for JSON messages.application/msgpack
for MessagePack message.
Cloud & SaaS integration
SEKOIA.IO is also able to retrieve logs and data from cloud platforms, such as Microsoft Azure, Amazon Web Services or Google Cloud.
Log formats
Cloud and SaaS
- AWS CloudTrail
- AWS Flow Logs
- Microsoft Azure Active Directory
- Microsoft Azure MySQL
- Microsoft Azure Linux machines
- Microsoft Azure Network Watcher
- Microsoft Azure Windows machines
- Microsoft Office 365
- CISCO Umbrella Dns Logs
- CISCO Umbrella Ip Logs
- CISCO Umbrella Proxy Logs
Operating Systems
Applications
- Alsid
- Apache
- BIND
- Checkpoint
- Cisco
- F5 BigIP
- Fortigate
- HAProxy
- ISC DHCP
- NetFilter
- Nginx
- OpenSSH
- PaloAlto
- Postfix
- Sophos
- SpamAssassin
- Squid
- Suricata
- Unbound
- Zeek