SEKOIA.IO Documentation

Authentication and Community

Initializing search

GitHub

Getting Started
SEKOIA.IO XDR
SEKOIA.IO CTI
SEKOIA.IO TIP

SEKOIA.IO Documentation

GitHub

Getting Started
Getting Started
- Overview
- 1. Set up account
  1. Set up account
  - Join a community
  - Create your account
  - Set up account security
    Set up account security
    
    Two-Factor Authentication
    
    Security tokens
- 2. Manage communities
  2. Manage communities
  - Edit a community
  - (MSSP ONLY) Create a sub-community
  - Set up community security
    Set up community security
    
    SSO with OpenID Connect
    
    SSO with Azure AD
    
    SSO with Okta
- 3. Navigate on the platform
- 4. Manage users
  4. Manage users
  - Invite users
  - Manage users
  - Deactivate inactive users
  - Roles and Permissions
    Roles and Permissions
    
    Roles
    
    Permissions
- 5. Manage notifications
  5. Manage notifications
  - Listing and creation
  - Notification examples
- 6. Manage API Keys
SEKOIA.IO XDR
SEKOIA.IO XDR
- Introduction
- Quick start guide
- Features
  Features
  - Collect
    Collect
    
    Overview
    
    Ingestion methods
    Ingestion methods
    
    Sekoia.io Forwarder
    
    Rsyslog
    
    Logstash
    
    syslog-ng
    
    Graylog
    
    HTTPS
    
    Integrations
    Integrations
    
    Overview
    
    Custom Format
    
    Application
    Application
    
    Alsid / Tenable.ad
    
    Apache HTTP Server
    
    BIND
    
    FreeRADIUS
    
    HAProxy
    
    ISC DHCP
    
    Nginx
    
    OpenSSH
    
    RSA SecurID
    
    SEKOIA.IO activity logs
    
    Unbound
    
    Cloud and SaaS
    Cloud and SaaS
    
    AWS
    AWS
    
    CloudTrail
    
    GuardDuty
    
    VPC Flow Logs
    
    S3 for logs
    
    WAF logs
    
    Cisco Umbrella
    Cisco Umbrella
    
    Cisco Umbrella Proxy
    
    Cisco Umbrella IP
    
    Cisco Umbrella DNS
    
    Cloudflare
    Cloudflare
    
    Access requests
    
    Audit logs
    
    DNS logs
    
    Firewall events
    
    Gateway DNS
    
    Gateway HTTP
    
    Gateway Network
    
    HTTP requests
    
    Digital Shadows SearchLight
    
    Google Cloud
    Google Cloud
    
    Google Workspace and Google Cloud Audit Logs
    
    Google Kubernetes Engine
    
    Google Cloud VPC Flow Logs
    
    Imperva WAF
    
    Microsoft Azure
    Microsoft Azure
    
    Azure Active Directory
    
    Azure Front Door
    
    Azure Database for MySQL
    
    Azure Linux
    
    Azure Network Watcher
    
    Azure Windows
    
    Microsoft Office 365
    Microsoft Office 365
    
    Office365
    
    Microsoft Defender for Office 365
    
    Message trace
    
    Netskope Events
    
    Okta system log
    
    Email
    Email
    
    Apache Spamassassin
    
    Cisco ESA
    
    Fortinet Fortimail
    
    Postfix
    
    Proofpoint
    Proofpoint
    
    Proofpoint PoD
    
    Proofpoint TAP
    
    Retarus Email Security
    
    Vade for M365
    
    Endpoint
    Endpoint
    
    Beats
    Beats
    
    Auditbeat Linux
    
    Winlogbeat
    
    CrowdStrike Falcon
    
    Cybereason MalOp
    
    Cybereason MalOp activity
    
    HarfangLab
    
    IBM AIX
    
    Linux
    
    Microsoft Defender for Endpoints
    
    Microsoft Intune
    
    Panda Security Aether
    
    SEKOIA.IO Endpoint Agent
    
    SentinelOne EDR
    
    SentinelOne Cloud Funnel 1.0 [Deprecated]
    
    SentinelOne Cloud Funnel 2.0
    
    Sophos EDR
    
    Symantec/Broadcom Endpoint Security
    
    Tanium
    
    TEHTRIS EDR
    
    Trend Micro Cloud One / Deep Security
    
    VMware ESXi
    
    Windows
    
    Windows Log Insight
    
    WithSecure Elements
    
    Network
    Network
    
    Check Point Firewall
    
    Cisco
    Cisco
    
    Cisco Secure Firewall
    
    Cisco Secure Web Appliance
    
    Cisco IOS
    
    Cisco NX-OS
    
    Cisco Meraki MX
    
    Gatewatcher AionIQ
    
    F5 BIG-IP
    
    Forcepoint Secure Web Gateway
    
    Fortinet
    Fortinet
    
    Fortinet Fortigate
    
    Fortinet Fortiproxy
    
    Fortinet Fortiweb
    
    Infoblox DDI
    
    Mc Afee/Skyhigh Secure Web Gateway
    
    Microsoft Always On VPN
    
    NetFilter
    
    OPNSense
    
    Palo Alto Next-Generation Firewall
    
    pfSense
    
    Pulse / Ivanti Secure Connect
    
    Rubycat PROVE IT
    
    SonicWall Firewall
    
    Sophos Firewall
    
    Squid
    
    Stormshield SNS
    
    Suricata
    
    Vectra Cognito Detect
    
    Wallix
    
    WatchGuard Firebox
    
    Zeek
    
    Generic
    Generic
    
    CEF
    
    Raw events
    
    Intakes
    
    Entities
    
    Assets
  - Detect
    Detect
    
    Rules Catalog
    
    Built-in Rules
    
    Sigma
    
    Anomaly Detection
    
    IOCs Collections
  - Investigate
    Investigate
    
    Alerts
    
    Events
    
    Cases
    
    Events Query Language
    
    Querying Events
  - Report
    Report
    
    Dashboards
  - Automate
    Automate
    
    Playbooks
    
    Navigate playbooks
    
    Build playbooks
    
    Triggers
    
    Operators
    
    Actions
    
    Actions Library
    Actions Library
    
    AWS
    
    Azure Active Directory
    
    BinaryEdge's API
    
    Censys
    
    Certificate Transparency
    
    CrowdStrike Falcon
    
    Cybereason
    
    Detection Rules
    
    Digital Shadows
    
    Fortigate Firewalls
    
    GLIMPS
    
    Git
    
    Google
    
    Google
    
    HTTP
    
    HarfangLab
    
    IKnowWhatYouDownload
    
    IPtoASN
    
    Imperva
    
    MISP
    
    MWDB
    
    Mandrill
    
    Mattermost
    
    Microsoft Azure
    
    Microsoft Office365
    
    Netskope
    
    OKTA
    
    OSINT
    
    Onyphe
    
    PagerDuty
    
    Panda Security
    
    Proofpoint
    
    Proofpoint
    
    Public Suffix
    
    RSS
    
    RiskIQ
    
    SEKOIA.IO
    
    STIX
    
    Sentinel One
    
    ServiceNow
    
    Shodan
    
    Skyhigh Security
    
    Skyhigh Security Secure Web Gateway (SWG)
    
    Sophos
    
    Tehtris
    
    The Hive
    
    Tranco
    
    Triage
    
    Vade Secure
    
    VirusTotal
    
    Whois
    
    WithSecure
    
    fileutils
    
    Debug playbooks
  - External integrations
    External integrations
    
    FortiSOAR
- Usecases
  Usecases
  - Synchronize Alerts with an external tool
- FAQ
  FAQ
- Develop
  Develop
  - Quickstart
  - Guides
    Guides
    
    Filtering
  - REST API
    REST API
    
    Authentication and Community
    
    Dashboard
    
    Notification
    
    Configuration
    
    Parser
    
    Alert
    
    Assets
    
    Playbooks
    
    Telemetry
SEKOIA.IO CTI
SEKOIA.IO CTI
- Introduction
- Features
  Features
  - Data Models
  - Consume
    Consume
    
    Intelligence
    
    Observables
    
    Outgoing Feeds
    
    Graph Explorations
    
    Enrichers
    
    Export
    
    IOCs Collections
  - Monitor
    Monitor
    
    Dashboards
  - External Integrations
    External Integrations
    
    Overview
    
    API
    
    TAXII
    
    Cortex Analyzer
    
    MISP Feed
    
    Microsoft Sentinel
    
    OpenCTI
    
    Splunk
    
    Anomali ThreatStream
    
    PaloAlto Cortex XSOAR
- Develop
  Develop
  - Overview
  - Guides
    Guides
    
    Filtering
  - REST API
    REST API
    
    Authentication and Community
    
    Intelligence
    
    Enrichment
    
    Telemetry
    
    Dashboard
    
    Notification
    
    Playbooks
    
    External Dynamic List
SEKOIA.IO TIP
SEKOIA.IO TIP
- Introduction
- Features
  Features
  - Data Models
  - Consume
    Consume
    
    Intelligence
    
    Observables
    
    Outgoing Feeds
    
    Graph Explorations
    
    Enrichers
    
    Export
    
    IOCs Collections
  - Produce and investigate
    Produce and investigate
    
    Content Proposals
    
    Incoming Feeds
    
    Warning Rules
    
    Expiration Rules
  - Monitor
    Monitor
    
    Dashboards
  - External Integrations
    External Integrations
    
    Overview
    
    API
    
    TAXII
    
    Cortex Analyzer
    
    MISP Feed
    
    Microsoft Sentinel
    
    OpenCTI
    
    Splunk
    
    PaloAlto Cortex XSOAR
  - Automate
    Automate
    
    Playbooks
    
    Navigate playbooks
    
    Build playbooks
    
    Triggers
    
    Operators
    
    Actions
    
    Actions Library
    Actions Library
    
    AWS
    
    BinaryEdge's API
    
    Censys
    
    Certificate Transparency
    
    CrowdStrike Falcon
    
    Detection Rules
    
    Digital Shadows
    
    Fortigate Firewalls
    
    GLIMPS
    
    Git
    
    Google
    
    Google
    
    HTTP
    
    HarfangLab
    
    IKnowWhatYouDownload
    
    IPtoASN
    
    Imperva
    
    MISP
    
    MWDB
    
    Mandrill
    
    Mattermost
    
    OSINT
    
    Onyphe
    
    PagerDuty
    
    Panda Security
    
    Proofpoint
    
    Public Suffix
    
    RSS
    
    RiskIQ
    
    SEKOIA.IO
    
    STIX
    
    ServiceNow
    
    Shodan
    
    Skyhigh Security
    
    The Hive
    
    Tranco
    
    Triage
    
    Vade Secure
    
    VirusTotal
    
    Whois
    
    WithSecure
    
    fileutils
- Develop
  Develop
  - Overview
  - Guides
    Guides
    
    Filtering
  - REST API
    REST API
    
    Authentication and Community
    
    Intelligence
    
    Enrichment
    
    Dashboard
    
    Notification
    
    Playbooks

Authentication and Community

Previous Filtering

Next Dashboard

Made with Material for MkDocs