SEKOIA.IO Documentation
Alert
Initializing search
GitHub
Getting Started
SEKOIA.IO XDR
SEKOIA.IO CTI
SEKOIA.IO TIP
SEKOIA.IO Documentation
GitHub
Getting Started
Getting Started
Overview
Join a community
Create your account
Set up account security
Create a community
Invite users to join
Manage users
Roles and permissions
Roles and permissions
Roles
Permissions
Navigation on the platform
Turn on notifications
Generate API Keys
SEKOIA.IO XDR
SEKOIA.IO XDR
Introduction
Quick start guide
Features
Features
Collect
Collect
Overview
Ingestion methods
Ingestion methods
Rsyslog
Logstash
syslog-ng
Graylog
HTTPS
Integrations
Integrations
Overview
Custom Format
Application
Application
Alsid / Tenable.ad
Apache HTTP Server
BIND
HAProxy
ISC DHCP
Nginx
OpenSSH
SEKOIA.IO activity logs
Unbound
The Hive
Cloud and SaaS
Cloud and SaaS
AWS
AWS
CloudTrail
VPC Flow Logs
S3 for logs
WAF logs
Cisco Umbrella
Cisco Umbrella
Cisco Umbrella Proxy
Cisco Umbrella IP
Cisco Umbrella DNS
Cloudflare
Cloudflare
HTTP requests
DNS logs
Firewall events
Digital Shadows SearchLight
Google Cloud
Google Cloud
Google Cloud Audit Logs
Google Kubernetes Engine
Google Cloud VPC Flow Logs
Imperva WAF
Microsoft Azure
Microsoft Azure
Azure Active Directory
Azure Front Door
Azure Database for MySQL
Azure Linux
Azure Network Watcher
Azure Windows
Microsoft Office 365
Microsoft Office 365
Office365
Microsoft Defender for Office 365
Message trace
Netskope Events
Okta system log
Email
Email
Apache Spamassassin
Fortinet Fortimail
Postfix
Proofpoint
Proofpoint
Proofpoint PoD
Proofpoint TAP
Retarus Email Security
Vade for M365
Endpoint
Endpoint
Auditbeat Linux
CrowdStrike Falcon
Cybereason MalOp
Cybereason MalOp activity
HarfangLab
IBM AIX
Linux
Microsoft Defender for Endpoints
Microsoft Intune
Panda Security Aether
SEKOIA.IO Endpoint Agent
SentinelOne EDR
SentinelOne Deep Visibility
Sophos EDR
Symantec/Broadcom Endpoint Security
Tanium
TEHTRIS EDR
Trend Micro Cloud One / Deep Security
Windows
Windows Log Insight
Network
Network
Check Point Firewall
Cisco
Cisco
Cisco Secure Firewall
Cisco Secure Web Appliance
Cisco NX-OS
Gatewatcher AionIQ
F5 BIG-IP
Forcepoint Secure Web Gateway
Fortinet
Fortinet
Fortinet Fortigate
Fortinet Fortiproxy
Fortinet Fortiweb
Infoblox DDI
Mc Afee/Skyhigh Secure Web Gateway
Microsoft Always On VPN
NetFilter
Palo Alto Next-Generation Firewall
Pulse / Ivanti Secure Connect
Rubycat PROVE IT
Sophos Firewall
Squid
Stormshield SNS
Suricata
Vectra Cognito Detect
Wallix
WatchGuard Firebox
Zeek
Generic
Generic
CEF
Raw events
Intakes
Entities
Assets
Detect
Detect
Rules Catalog
Built-in Rules
Sigma
Anomaly Detection
Investigate
Investigate
Alerts
Events
Cases
Events Query Language
Querying Events
Report
Report
Dashboards
Automate
Automate
Playbooks
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
Microsoft Azure
Azure Active Directory
BinaryEdge's API
Censys
Certificate Transparency
Cybereason
CrowdStrike Falcon
Detection Rules
Digital Shadows
fileutils
Fortigate Firewalls
Git
GLIMPS
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPtoASN
Imperva
MISP
MWDB
Mandrill
Mattermost
Netskope
OKTA
OSINT
Microsoft Office365
Onyphe
PagerDuty
Panda Security
Proofpoint
Public Suffix
RSS
RiskIQ
SEKOIA.IO
STIX
Sentinel One
ServiceNow
Shodan
Skyhigh Security Secure Web Gateway (SWG)
Sophos
The Hive
Tehtris
Tranco
Triage
Vade Secure
VirusTotal
Whois
Debug playbooks
Usecases
Usecases
Synchronize Alerts with an external tool
FAQ
FAQ
General
Alerts
Events
Rules
SEKOIA.IO Endpoint agent
Develop
Develop
Overview
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Dashboard
Notification
Configuration
Parser
Alert
Assets
Playbooks
Telemetry
SEKOIA.IO CTI
SEKOIA.IO CTI
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Outgoing Feeds
Graph Explorations
Enrichers
Export
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
Anomali ThreatStream
PaloAlto Cortex XSOAR
Develop
Develop
Overview
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Telemetry
Dashboard
Notification
Playbooks
External Dynamic List
SEKOIA.IO TIP
SEKOIA.IO TIP
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Outgoing Feeds
Graph Explorations
Enrichers
Export
Produce and investigate
Produce and investigate
Content Proposals
Incoming Feeds
Warning Rules
Expiration Rules
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
PaloAlto Cortex XSOAR
Automate
Automate
Playbooks
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
BinaryEdge's API
Censys
Certificate Transparency
Detection Rules
Digital Shadows
fileutils
Fortigate Firewalls
Git
GLIMPS
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPtoASN
Imperva
MISP
MWDB
Mandrill
Mattermost
OSINT
Onyphe
PagerDuty
Panda Security
Public Suffix
RSS
RiskIQ
SEKOIA.IO
STIX
ServiceNow
Shodan
The Hive
Tranco
Triage
Vade Secure
VirusTotal
Whois
Develop
Develop
Overview
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Dashboard
Notification
Playbooks
Back to top