Skip to content

Intelligence Center external integrations

Intelligence Center data can be consumed using several third party integrations.

MISP Feed

The default feed is available as a MISP feed.

It can be added to an existing MISP instance by following MISP's documentation.

The following field values are required for the feed to work properly:

  • Input Source: Network
  • URL: https://api.sekoia.io/api/v2/inthreat/misp
  • Source Format: MISP Feed
  • Headers: Authorization: Bearer <APIKEY>
  • Enabled: True

You then need to make sure you have a scheduled task in place to regularly fetch the feed's content.

OpenCTI connector

An OpenCTI connector is available to consumme a feed. All the instruction to run it are available at the connector GitHub repository: https://github.com/OpenCTI-Platform/connectors/tree/master/sekoia.

Cortex Analyser

SEKOIA is also providing a Cortex analyzer to enrich data in TheHive ecosystem. To setup the analyzer please follow this guide.

SEKOIA.IO App for Splunk

An App for Splunk is available to detect threats in your logs based on our feed.

You can find the download links and additional information on the dedicated GitHub repository.

SEKOIA.IO App for Splunk