Sekoia.io Documentation
Authentication and Community
Initializing search
GitHub
Getting Started
Sekoia.io XDR
Sekoia.io CTI
Sekoia.io TIP
Sekoia.io Documentation
GitHub
Getting Started
Getting Started
Overview
1. Set up account
1. Set up account
Join a community
Create your account
Set up account security
Set up account security
Two-Factor Authentication
Security tokens
2. Manage communities
2. Manage communities
Edit a community
Create a sub-community
Set up community security
Set up community security
SSO with OpenID Connect
SSO with Microsoft Entra ID (Azure AD)
SSO with Okta
3. Navigate on the platform
4. Manage users
4. Manage users
Invite users
Manage users
Deactivate inactive users
Roles
5. Manage notifications
5. Manage notifications
Listing and creation
Notification examples
6. Manage API Keys
7. Sekoia regions
Sekoia.io XDR
Sekoia.io XDR
Introduction
Quick start guide
Features
Features
Collect
Collect
Ingestion methods
Ingestion methods
Overview
Https
Https
Overview
Formatting options
Forwarding logs using a third-party application
Syslog
Syslog
Overview
Sekoia.io Forwarder
Third-party syslog services
Cloud & SaaS
Cloud & SaaS
Overview
AWS S3
Azure Event Hub
Google Pub/Sub
Integrations
Integrations
Overview
Custom Format
Application
Application
Tenable Identity Exposure / Alsid
Apache HTTP Server
BIND
FreeRADIUS
HAProxy
ISC DHCP
ManageEngine ADAudit Plus
Microsoft IIS
Nginx
OpenLDAP
OpenSSH
OpenVPN
RSA SecurID
SEKOIA.IO activity logs
Unbound
Veeam Backup & Replication
Cloud and SaaS
Cloud and SaaS
AWS
AWS
CloudTrail
GuardDuty
VPC Flow Logs
S3 for logs
WAF logs
CloudFront logs
Cisco Umbrella
Cisco Umbrella
Cisco Umbrella Proxy
Cisco Umbrella IP
Cisco Umbrella DNS
Cloudflare
Cloudflare
Access requests
Audit logs
DNS logs
Firewall events
Gateway DNS
Gateway HTTP
Gateway Network
HTTP requests
Broadcom Cloud Secure Web Gateway
Cato SASE
Datadome Protection
Digital Shadows SearchLight
Cisco Duo Security
Claroty xDome
ExtraHop Reveal(x) 360
Github Audit Logs
Google Cloud
Google Cloud
Google Cloud Audit Logs
Google Kubernetes Engine
Google Cloud VPC Flow Logs
Google Workspace
Imperva WAF
Jumpcloud Directory Insights
Microsoft Azure
Microsoft Azure
Microsoft Entra ID (Azure AD)
Azure Front Door
Azure Database for MySQL
Azure Linux
Azure Files
Azure Network Watcher
Azure Windows
Microsoft Office 365
Microsoft Office 365
Office365
Microsoft Defender for Office 365
Microsoft 365 Defender
Message trace
Netskope
Netskope
Netskope Events
Netskope Transaction Events
OGO Shield WAF
Okta system log
Salesforce
SecurityScorecard's Vulnerability Assessment Scanner
Sophos Threat Analysis Center
Ubika WAAP Gateway
Zscaler ZIA
Email
Email
Apache Spamassassin
Cisco ESA
Fortinet Fortimail
Postfix
Proofpoint
Proofpoint
Proofpoint PoD
Proofpoint TAP
Trend Micro Email Security
Retarus Email Security
Vade Cloud
Vade for M365
Endpoint
Endpoint
Beats
Beats
Auditbeat Linux
Winlogbeat
Check Point Harmony Mobile
CrowdStrike Falcon
CrowdStrike Falcon Telemetry
Cybereason MalOp
Cybereason MalOp activity
Darktrace Threat Visualizer
HarfangLab
IBM AIX
Linux
Microsoft Intune
Panda Security Aether
Palo Alto Cortex EDR
Sekoia.io Endpoint Agent
SentinelOne EDR
SentinelOne Cloud Funnel 1.0 [Deprecated]
SentinelOne Cloud Funnel 2.0
Sophos EDR
Stormshield SES
Symantec/Broadcom Endpoint Security
Tanium
TEHTRIS EDR
Trend Micro
Trend Micro
Trend Micro Apex One
Trend Micro Cloud One / Deep Security
Trellix ePO
Trellix EDR
VMware ESXi
VMware VCenter
Windows
Windows Log Insight
WithSecure Elements
Kaspersky Endpoint Security
Network
Network
ArubaOS Switch
Check Point Firewall
Broadcom Edge SWG
Cisco
Cisco
Cisco Secure Firewall
Cisco Secure Web Appliance
Cisco IOS
Cisco Identity Services Engine (ISE)
Cisco NX-OS
Cisco Meraki MX
Citrix Netscaler / ADC
Ekinops OneOS
Gatewatcher AionIQ
F5 BIG-IP
Forcepoint Secure Web Gateway
Fortinet
Fortinet
Fortinet Fortigate
Fortinet Fortiproxy
Fortinet Fortiweb
Infoblox DDI
Sophos Firewall
Mc Afee/Skyhigh Secure Web Gateway
Microsoft Always On VPN
NetFilter
OPNSense
Palo Alto Next-Generation Firewall
pfSense
Pulse / Ivanti Secure Connect
Rubycat PROVE IT
SonicWall Firewall
SonicWall SMA
Squid
Stormshield SNS
Suricata
Trellix Network Security
Varonis Data Security
Vectra Cognito Detect
Wallix
WatchGuard Firebox
Zeek
Generic
Generic
CEF
Raw events
Intakes
Entities
Assets
Detect
Detect
IOCs Detection
Rules Catalog
Built-in Rules
Sigma
Anomaly Detection
IOCs Collections
Investigate
Investigate
Alerts
Events
Cases
Events Query Language
Querying Events
Query Builder (beta)
Report
Report
Dashboards
Automate
Automate
Playbooks
Playbooks On-premises
Manage accounts
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
Atlassian JIRA
BinaryEdge's API
Broadcom Cloud Secure Web Gateway
Cato Networks
Censys
Certificate Transparency
Check Point
CrowdStrike
CrowdStrike Falcon
Cybereason
Darktrace
Detection Rules
Digital Shadows
Duo
ExtraHop
Fortigate Firewalls
GLIMPS
Git
Github
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPInfo
IPtoASN
Imperva
Jumpcloud Directory Insights
MISP
MWDB
Mandrill
Mattermost
Microsoft Active Directory
Microsoft Azure
Microsoft Entra ID
Microsoft Office365
Microsoft Windows Server
Netskope
OSINT
Okta
Onyphe
OpenAI
PagerDuty
Panda Security
Proofpoint
Public Suffix
RSS
RiskIQ
STIX
Salesforce
Sekoia.io
SentinelOne
ServiceNow
Shodan
Skyhigh Security
Sophos
TEHTRIS
The Hive
Tranco
Trellix
Trend Micro
Triage
Utils
Vade Cloud
Vade Secure
VirusTotal
Whois
WithSecure
Zscaler
Debug playbooks
External integrations
External integrations
FortiSOAR
Palo Alto Cortex XSOAR
Usecases
Usecases
Implement a blocklist in Sekoia.io
Synchronize Alerts with an external tool
Send notifications to a Webhook using a playbook
FAQ
FAQ
General
Alerts
Events
Events
Events QA
Facing issues with logs collection
Detection
Assets
Sekoia.io Endpoint agent
Datetime representation
Develop
Develop
Quickstart
Guides
Guides
Filtering
Automation
Automation
Overview
Create a Module
Format
Format
Overview
Create a Format
Datasources
Definition of a structured event
Definition of the taxonomy
How to write a parser
How to write smart descriptions
Best Practices
Best Practices
Overview
Authentications
REST API
REST API
Authentication and Community
Dashboard
Configuration
Parser
Alert
Assets
Assets v2 [beta]
Playbooks
Telemetry
Sekoia.io CTI
Sekoia.io CTI
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Telemetry
Outgoing Feeds
Graph Explorations
Enrichers
Export
IOCs Collections
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
Splunk SOAR
Anomali ThreatStream
PaloAlto Cortex XSOAR
ThreatQuotient
Develop
Develop
Overview
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Telemetry
Dashboard
Playbooks
External Dynamic List
Sekoia.io TIP
Sekoia.io TIP
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Outgoing Feeds
Graph Explorations
Enrichers
Export
IOCs Collections
Produce and investigate
Produce and investigate
Content Proposals
Incoming Feeds
Warning Rules
Expiration Rules
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
PaloAlto Cortex XSOAR
Automate
Automate
Playbooks
Manage accounts
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
Atlassian JIRA
BinaryEdge's API
Broadcom Cloud Secure Web Gateway
Cato Networks
Censys
Certificate Transparency
Check Point
CrowdStrike
CrowdStrike Falcon
Cybereason
Darktrace
Detection Rules
Digital Shadows
Duo
ExtraHop
Fortigate Firewalls
GLIMPS
Git
Github
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPInfo
IPtoASN
Imperva
Jumpcloud Directory Insights
MISP
MWDB
Mandrill
Mattermost
Microsoft Active Directory
Microsoft Azure
Microsoft Entra ID (Azure AD)
Microsoft Office365
Microsoft Windows Server
Netskope
OSINT
Okta
Onyphe
OpenAI
PagerDuty
Panda Security
Proofpoint
Public Suffix
RSS
RiskIQ
STIX
Salesforce
Sekoia.io
SentinelOne
ServiceNow
Shodan
Skyhigh Security
Sophos
TEHTRIS
The Hive
Tranco
Trellix
Trend Micro
Triage
Utils
Vade Cloud
Vade Secure
VirusTotal
Whois
WithSecure
Zscaler
Develop
Develop
Overview
Guides
Guides
Filtering
Playbooks
Playbooks
Overview
Quick start
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Dashboard
Playbooks
Authentication and Community
Back to top