Sekoia.io Documentation
Alert
Initializing search
GitHub
Getting Started
Sekoia.io XDR
Sekoia.io CTI
Sekoia.io TIP
Sekoia.io Documentation
GitHub
Getting Started
Getting Started
Overview
1. Set up account
1. Set up account
Join a community
Create your account
Set up account security
Set up account security
Two-Factor Authentication
Security tokens
2. Manage communities
2. Manage communities
Edit a community
Create a sub-community
Set up community security
Set up community security
SSO with OpenID Connect
SSO with Microsoft Entra ID (Azure AD)
SSO with Okta
3. Navigate on the platform
4. Manage users
4. Manage users
Invite users
Manage users
Deactivate inactive users
Roles and Permissions
Roles and Permissions
Roles
Permissions
5. Manage notifications
5. Manage notifications
Listing and creation
Notification examples
6. Manage API Keys
7. Sekoia regions
Sekoia.io XDR
Sekoia.io XDR
Introduction
Quick start guide
Features
Features
Collect
Collect
Overview
Ingestion methods
Ingestion methods
Sekoia.io Forwarder
Rsyslog
Logstash
syslog-ng
Graylog
HTTPS
Integrations
Integrations
Overview
Custom Format
Application
Application
Alsid / Tenable.ad
Apache HTTP Server
BIND
FreeRADIUS
HAProxy
ISC DHCP
ManageEngine ADAudit Plus
Nginx
OpenLDAP
OpenSSH
OpenVPN
RSA SecurID
SEKOIA.IO activity logs
Unbound
Cloud and SaaS
Cloud and SaaS
AWS
AWS
CloudTrail
GuardDuty
VPC Flow Logs
S3 for logs
WAF logs
Cisco Umbrella
Cisco Umbrella
Cisco Umbrella Proxy
Cisco Umbrella IP
Cisco Umbrella DNS
Cloudflare
Cloudflare
Access requests
Audit logs
DNS logs
Firewall events
Gateway DNS
Gateway HTTP
Gateway Network
HTTP requests
Cato SASE
Digital Shadows SearchLight
Cisco Duo Security
Github Audit Logs
Google Cloud
Google Cloud
Google Cloud Audit Logs
Google Kubernetes Engine
Google Cloud VPC Flow Logs
Google Workspace
Imperva WAF
Jumpcloud Directory Insights
Microsoft Azure
Microsoft Azure
Microsoft Entra ID (Azure AD)
Azure Front Door
Azure Database for MySQL
Azure Linux
Azure Network Watcher
Azure Windows
Microsoft Office 365
Microsoft Office 365
Office365
Microsoft Defender for Office 365
Microsoft 365 Defender
Message trace
Netskope Events
OGO Shield WAF
Okta system log
Salesforce
Sophos Threat Analysis Center
Ubika WAAP Gateway
Zscaler ZIA
Email
Email
Apache Spamassassin
Cisco ESA
Fortinet Fortimail
Postfix
Proofpoint
Proofpoint
Proofpoint PoD
Proofpoint TAP
Trend Micro Email Security
Retarus Email Security
Vade Cloud
Vade for M365
Endpoint
Endpoint
Beats
Beats
Auditbeat Linux
Winlogbeat
Checkpoint Harmony
CrowdStrike Falcon
CrowdStrike Falcon Telemetry
Cybereason MalOp
Cybereason MalOp activity
Darktrace Threat Visualizer
HarfangLab
IBM AIX
Linux
Microsoft Intune
Panda Security Aether
Sekoia.io Endpoint Agent
SentinelOne EDR
SentinelOne Cloud Funnel 1.0 [Deprecated]
SentinelOne Cloud Funnel 2.0
Sophos EDR
Stormshield SES
Symantec/Broadcom Endpoint Security
Tanium
TEHTRIS EDR
Trend Micro
Trend Micro
Trend Micro Apex One
Trend Micro Cloud One / Deep Security
Trellix ePO
VMware ESXi
VMware VCenter
Windows
Windows Log Insight
WithSecure Elements
Network
Network
ArubaOS Switch
Check Point Firewall
Cisco
Cisco
Cisco Secure Firewall
Cisco Secure Web Appliance
Cisco IOS
Cisco Identity Services Engine (ISE)
Cisco NX-OS
Cisco Meraki MX
Citrix Netscaler / ADC
Gatewatcher AionIQ
F5 BIG-IP
Forcepoint Secure Web Gateway
Fortinet
Fortinet
Fortinet Fortigate
Fortinet Fortiproxy
Fortinet Fortiweb
Infoblox DDI
Sophos Firewall
Mc Afee/Skyhigh Secure Web Gateway
Microsoft Always On VPN
NetFilter
OPNSense
Palo Alto Next-Generation Firewall
pfSense
Pulse / Ivanti Secure Connect
Rubycat PROVE IT
SonicWall Firewall
SonicWall SMA
Squid
Stormshield SNS
Suricata
Trellix Network Security
Varonis Data Security
Vectra Cognito Detect
Wallix
WatchGuard Firebox
Zeek
Generic
Generic
CEF
Raw events
Intakes
Entities
Assets
Detect
Detect
Rules Catalog
Built-in Rules
Sigma
Anomaly Detection
IOCs Collections
Investigate
Investigate
Alerts
Events
Cases
Events Query Language
Querying Events
Query Builder (beta)
Report
Report
Dashboards
Automate
Automate
Playbooks
Playbooks On-premises
Manage accounts
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
Atlassian JIRA
Microsoft Entra ID (Azure AD)
BinaryEdge's API
Censys
Certificate Transparency
Check Point
CrowdStrike
CrowdStrike Falcon
Cybereason
Detection Rules
Digital Shadows
Fortigate Firewalls
GLIMPS
Git
Github
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPtoASN
Imperva
Jumpcloud
MISP
MWDB
Mandrill
Mattermost
Microsoft Active Directory
Microsoft Azure
Microsoft Office365
Netskope
OKTA
OSINT
Onyphe
PagerDuty
Panda Security
Proofpoint
Public Suffix
RSS
RiskIQ
STIX
Sekoia.io
SentinelOne
ServiceNow
Shodan
Skyhigh Security
Sophos
TEHTRIS
Tehtris
The Hive
Tranco
Triage
Vade Cloud
Vade Secure
VirusTotal
Whois
WithSecure
fileutils
Debug playbooks
External integrations
External integrations
FortiSOAR
Palo Alto Cortex XSOAR
Usecases
Usecases
Synchronize Alerts with an external tool
Send notifications to a Webhook using a playbook
FAQ
FAQ
General
Alerts
Events
Events
Events QA
Facing issues with logs collection
Rules
Sekoia.io Endpoint agent
Datetime representation
Develop
Develop
Quickstart
Guides
Guides
Filtering
Automation
Automation
Overview
Create a Module
Format
Format
Overview
Create a Format
Datasources
Definition of a structured event
Definition of the taxonomy
How to write a parser
How to write smart descriptions
Best Practices
Best Practices
Overview
Authentications
REST API
REST API
Authentication and Community
Dashboard
Notification
Configuration
Parser
Alert
Assets
Assets v2 [beta]
Playbooks
Telemetry
Sekoia.io CTI
Sekoia.io CTI
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Telemetry
Outgoing Feeds
Graph Explorations
Enrichers
Export
IOCs Collections
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
Anomali ThreatStream
PaloAlto Cortex XSOAR
Develop
Develop
Overview
Guides
Guides
Filtering
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Telemetry
Dashboard
Notification
Playbooks
External Dynamic List
Sekoia.io TIP
Sekoia.io TIP
Introduction
Features
Features
Data Models
Consume
Consume
Intelligence
Observables
Outgoing Feeds
Graph Explorations
Enrichers
Export
IOCs Collections
Produce and investigate
Produce and investigate
Content Proposals
Incoming Feeds
Warning Rules
Expiration Rules
Monitor
Monitor
Dashboards
External Integrations
External Integrations
Overview
API
TAXII
Cortex Analyzer
MISP Feed
Microsoft Sentinel
OpenCTI
Splunk
PaloAlto Cortex XSOAR
Automate
Automate
Playbooks
Manage accounts
Navigate playbooks
Build playbooks
Triggers
Operators
Actions
Actions Library
Actions Library
AWS
Atlassian JIRA
Microsoft Entra ID (Azure AD)
BinaryEdge's API
Censys
Certificate Transparency
Check Point
CrowdStrike
CrowdStrike Falcon
Cybereason
Detection Rules
Digital Shadows
Fortigate Firewalls
GLIMPS
Git
Github
Google
HTTP
HarfangLab
IKnowWhatYouDownload
IPtoASN
Imperva
MISP
MWDB
Mandrill
Mattermost
Microsoft Active Directory
OSINT
Onyphe
PagerDuty
Panda Security
Proofpoint
Public Suffix
RSS
RiskIQ
STIX
Sekoia.io
SentinelOne
ServiceNow
Shodan
Skyhigh Security
TEHTRIS
The Hive
Tranco
Triage
Vade Cloud
Vade Secure
VirusTotal
Whois
WithSecure
fileutils
Develop
Develop
Overview
Guides
Guides
Filtering
Playbooks
Playbooks
Overview
Quick start
REST API
REST API
Authentication and Community
Intelligence
Enrichment
Dashboard
Notification
Playbooks
Alert
Back to top