This major release brings a large set of new features and bug fixes that improve the configuration, the detection and the qualification of security alerts.
We redesigned the inboarding process to simplify its execution and reduce frictions.
A 7-day free trial period is made available at try.sekoia.io for new members. This trial can be extended up to 25days if the user validates trophies that are destributed along traditionnal user path. A contextual menu offers a precise vision of both validated and not validated trophies.
The landing page of SEKOIA.IO has been refreshed to improve the user experience and promote the new usages of the platform.
The user can define the list of the probes he/she wishes to connect to SEKOIA.IO. The intake feature automates the ingestion of events produced by connected probes. This version brings seven different supported formats of probes: Suricata, OpenSSH, HAProxy, Nginx, Netfilter, Squid.
A new detection engine is introduced with this version: the threshold engine. This major feature enables the creation fo rules to detect telemetric variations on both the number, the volume and the frequency of the events.
The data model for an alert has been expanded to explicitly link a comment to a state change of the alert. This feature has been introduced so that a user can explain and justify any modification he/she introduced on an alert.
A better description of an alert, the associated attack and its structure is offered to the user through the visualization of the estimated step in the Cyber KillChain the alert denotes.
New metrics are offered to the user to improve his understanding of its orchestration. Among these indicators, we can cite the reporting of the type of handled events.
The Alert Risk Indicator computation process has been updated to ease its comprehension. The computation is now performed on at most 10 days and only ongoing, closed and rejected alerts are considered.
The new statistics API replaces the Stats API to provide a broader set of new counters, datasets and key risk indicators.
If you have any concerns, feel free to contact us at firstname.lastname@example.org.