logo
SEKOIA.IO Documentation
Notification
Initializing search
    GitHub
    • Getting Started
    • SEKOIA.IO XDR
    • SEKOIA.IO CTI
    • SEKOIA.IO TIP
    GitHub
      • Overview
      • Join a community
      • Create your account
      • Set up account security
      • Create a community
      • Invite users to join
      • Manage users
        • Roles
        • Permissions
      • Navigation on the platform
      • Turn on notifications
      • Generate API Keys
      • Introduction
      • Quick start guide
          • Overview
            • Rsyslog
            • Logstash
            • syslog-ng
            • Graylog
            • HTTPS
            • Overview
            • Custom Format
              • Alsid / Tenable.ad
              • Apache HTTP Server
              • BIND
              • HAProxy
              • ISC DHCP
              • Nginx
              • OpenSSH
              • SEKOIA.IO activity logs
              • Unbound
              • The Hive
                • CloudTrail
                • VPC Flow Logs
                • S3 for logs
                • WAF logs
                • Cisco Umbrella Proxy
                • Cisco Umbrella IP
                • Cisco Umbrella DNS
                • HTTP requests
                • DNS logs
                • Firewall events
              • Digital Shadows SearchLight
                • Google Cloud Audit Logs
                • Google Kubernetes Engine
                • Google Cloud VPC Flow Logs
              • Imperva WAF
                • Azure Active Directory
                • Azure Front Door
                • Azure Database for MySQL
                • Azure Linux
                • Azure Network Watcher
                • Azure Windows
                • Office365
                • Microsoft Defender for Office 365
                • Message trace
              • Netskope Events
              • Okta system log
              • Apache Spamassassin
              • Fortinet Fortimail
              • Postfix
                • Proofpoint PoD
                • Proofpoint TAP
              • Retarus Email Security
              • Vade for M365
              • Auditbeat Linux
              • CrowdStrike Falcon
              • Cybereason MalOp
              • Cybereason MalOp activity
              • HarfangLab
              • IBM AIX
              • Linux
              • Microsoft Defender for Endpoints
              • Microsoft Intune
              • Panda Security Aether
              • SEKOIA.IO Endpoint Agent
              • SentinelOne EDR
              • SentinelOne Deep Visibility
              • Sophos EDR
              • Symantec/Broadcom Endpoint Security
              • Tanium
              • TEHTRIS EDR
              • Trend Micro Cloud One / Deep Security
              • Windows
              • Windows Log Insight
              • Check Point Firewall
                • Cisco Secure Firewall
                • Cisco Secure Web Appliance
                • Cisco NX-OS
              • Gatewatcher AionIQ
              • F5 BIG-IP
              • Forcepoint Secure Web Gateway
                • Fortinet Fortigate
                • Fortinet Fortiproxy
                • Fortinet Fortiweb
              • Infoblox DDI
              • Mc Afee/Skyhigh Secure Web Gateway
              • Microsoft Always On VPN
              • NetFilter
              • Palo Alto Next-Generation Firewall
              • Pulse / Ivanti Secure Connect
              • Rubycat PROVE IT
              • Sophos Firewall
              • Squid
              • Stormshield SNS
              • Suricata
              • Vectra Cognito Detect
              • Wallix
              • WatchGuard Firebox
              • Zeek
              • CEF
              • Raw events
          • Intakes
          • Entities
          • Assets
          • Rules Catalog
          • Built-in Rules
          • Sigma
          • Anomaly Detection
          • Alerts
          • Events
          • Cases
          • Events Query Language
          • Querying Events
          • Dashboards
          • Playbooks
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
            • AWS
            • Microsoft Azure
            • Azure Active Directory
            • BinaryEdge's API
            • Censys
            • Certificate Transparency
            • Cybereason
            • CrowdStrike Falcon
            • Detection Rules
            • Digital Shadows
            • fileutils
            • Fortigate Firewalls
            • Git
            • GLIMPS
            • Google
            • HTTP
            • HarfangLab
            • IKnowWhatYouDownload
            • IPtoASN
            • Imperva
            • MISP
            • MWDB
            • Mandrill
            • Mattermost
            • Netskope
            • OKTA
            • OSINT
            • Microsoft Office365
            • Onyphe
            • PagerDuty
            • Panda Security
            • Proofpoint
            • Public Suffix
            • RSS
            • RiskIQ
            • SEKOIA.IO
            • STIX
            • Sentinel One
            • ServiceNow
            • Shodan
            • Skyhigh Security Secure Web Gateway (SWG)
            • Sophos
            • The Hive
            • Tehtris
            • Tranco
            • Triage
            • Vade Secure
            • VirusTotal
            • Whois
          • Debug playbooks
        • Synchronize Alerts with an external tool
        • General
        • Alerts
        • Events
        • Rules
        • SEKOIA.IO Endpoint agent
        • Overview
          • Filtering
          • Authentication and Community
          • Dashboard
          • Notification
          • Configuration
          • Parser
          • Alert
          • Assets
          • Playbooks
          • Telemetry
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • Dashboards
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • Anomali ThreatStream
          • PaloAlto Cortex XSOAR
        • Overview
          • Filtering
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Telemetry
          • Dashboard
          • Notification
          • Playbooks
          • External Dynamic List
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • Content Proposals
          • Incoming Feeds
          • Warning Rules
          • Expiration Rules
          • Dashboards
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • PaloAlto Cortex XSOAR
          • Playbooks
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
            • AWS
            • BinaryEdge's API
            • Censys
            • Certificate Transparency
            • Detection Rules
            • Digital Shadows
            • fileutils
            • Fortigate Firewalls
            • Git
            • GLIMPS
            • Google
            • HTTP
            • HarfangLab
            • IKnowWhatYouDownload
            • IPtoASN
            • Imperva
            • MISP
            • MWDB
            • Mandrill
            • Mattermost
            • OSINT
            • Onyphe
            • PagerDuty
            • Panda Security
            • Public Suffix
            • RSS
            • RiskIQ
            • SEKOIA.IO
            • STIX
            • ServiceNow
            • Shodan
            • The Hive
            • Tranco
            • Triage
            • Vade Secure
            • VirusTotal
            • Whois
        • Overview
          • Filtering
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Dashboard
          • Notification
          • Playbooks
    Back to top
    Previous Dashboard
    Next Configuration
    Copyright © 2023 - SEKOIA.IO
    Made with Material for MkDocs