Subscribe
Our integration with Netskope
was improved with new additional DLP fields:
The playbook actions isolate hosts and deisolate hosts for Crowdstrike
were added to our Automation library.
Accelerate your incident response by isolating the compromised hosts.
AWS CloudFront is now available in General Availability.
Collect Web logs
from AWS CDN to enhance your Cloud Threat Detection, improve your Threat Hunting and gain unified visibility in Sekoia SOC platform (learn more)
alerts
from Canaries into Sekoia to detect intruders and block cyber-attacks (learn more)Integrations Fastly Next-Gen WAF Audit Logs and Veeam Backup & Replication are now available in GA.
Corp audit logs
and Site audit logs
to monitor unusual admin activity in your WAF (learn more)Application
, File
, Network
and Service
logs to monitor your critical backup and replication systems (learn more)Five new integrations entered our Intake catalog in BETA
.
alerts
and telemetry
into Sekoia to improve your visibility and monitor your endpoints closely (documentation)firewall
logs from Juniper Switches into Sekoia (documentation)access
and firewall
logs from Azure Application Gateway into Sekoia (documentation)dns
logs from EfficientIP SOLIDserver into Sekoia to leverage our CTI (documentation)logs
from Jizô NDR into Sekoia (documentation)New integrations Bitsight SPM and Mimecast Email Security have entered BETA phase.
findings
with vulnerability and asset details into Sekoia (documentation).email gateway logs
into Sekoia (documentation).We are excited to welcome 2 amazing French security products.
logs
from Daspren Parad into Sekoia (documentation)create an alert
in Nybble Hub when a new alert is raised in SEKOIA.IO (documentation)playbook template
is available to quickly setup an automation We fixed 2 issues related to the parsing of DNS values to improve CTI Detection.
On MacOS, S1 CloudFunnel could return sometimes a DNS value that was incompatible with our CTI Detection.
Before: dns.question.name
= "type: 1 example.com"
Now: dns.question.name
= "example.com"
Cisco Umbrella DNS returned a DNS value that was not matching with our CTI detection because of the dot at the end.
Before: dns.question.name
= "example.com."
Now: dns.question.name
= "example.com"
We made some improvements to Office 365
intake format:
ParticipantInfo.HasForeignTenantUsers
field was added to detect that a chat conversation was created with external usersemail
field was not extracted in some specific casesWe made several improvements to Windows
intake format to easier the analyst's investigation:
The process.parent.pid
field was added to allow analysts to read the whole process tree.
The TargetLogonId
field was added to allow analysts to get the user session ID. With this ID, analysts can easily search for all actions made by an attacker.
The MessageNumber
and MessageTotal
fields were added to allow analysts to reconstitute a Poweshell script that was splitted.
The parsing of the field registry.key
was fixed.
Before: registry.key
= PATH\VALUE
Now: registry.key
= PATH
This field is now ECS compliant and aligned with other integrations like SentinelOne. It will easier investigation or creation of universal detection rules.
Finally, the detection pattern of related detection rules was updated accordingly (see changelog of June 21th 2024).
The intake IBM iSeries is now available in [BETA] phase (formerly known as AS/400).
audit journal
, integrated file system
, message queues
, database
and history
events into Sekoia to monitor your critical systems (documentation).New integrations Azure Key Vault and Ubika Cloud Protector Traffic have entered BETA phase.
Five Endpoint integrations are now in General Availability.
audit logs
into Sekoia to monitor your organization cryptographic keys and secrets (documentation).web logs
into Sekoia to leverage our CTI and built-in detection rules (documentation).alerts
into Sekoia to improve your visibility on mobile devices (documentation).telemetry
into Sekoia to monitor your endpoints closely (documentation).alerts
and telemetry
to improve your visibility and monitor your endpoints closely (documentation).telemetry
to monitor your endpoints closely (documentation).telemetry
to monitor your endpoints closely (documentation).We have introduced a new dedicated playbook action to support the version 5 of TheHive.
If you plan to migrate to TheHive v5, please update your playbooks with this new playbook action to automate your work in TheHive platform.
Here is a recap of the integrations that joined in our catalog in April.
WAF alerts
into Sekoia for better visibility (documentation).Corp audit logs
and Site audit logs
to monitor unusual admin activity in your WAF (documentation).network logs
into Sekoia to leverage our CTI and our built-in detection rules (documentation).WAF alerts
into Sekoia for better visibility (documentation).authentication logs
from Systancia PAM (Privilege Access Management) to leverage our CTI and monitor critical resources (documentation).We're thrilled to announce new integrations available on our platform, enhancing your security operations and threat detection capabilities.
AWS CloudFront is now in BETA! Seamlessly integrate this powerful CDN service from Amazon Web Services for secure content delivery with low latency. Learn more here.
Palo Alto Cortex XDR (EDR) integration is also in BETA! Collect alerts and associated telemetry events in real time for improved threat detection and response. Dive deeper here.
Introducing Broadcom Cloud Secure Web Gateway and Broadcom Edge Secure Web Gateway both in BETA! Enhance your security posture with these cloud-native and on-prem solutions providing advanced threat protection and content filtering. Explore more here and here respectively.
Crowdstrike Falcon For Mobile is now generally available (GA)! Gain insights into alerts detected on iOS and Android mobile devices. Find out more here.
Stay tuned for more updates and integrations to fortify your security infrastructure! For detailed documentation on each integration, visit our integration docs page.
Changelog:
Remarks:
*The previous value of “event.category” was moved to “event.action”
**The previous value of “observer.type” was moved to “observer.product”
For questions or assistance, please contact our support team.
Our SOC platform has been upgraded with new intakes and improved connectors for better security insights. Here's a quick overview of the latest updates:
1. OpenVPN: Access logs and connection events detection with our CTI rules. Learn more.
2. Checkpoint Harmony Mobile: Alerts collection for mobile devices. Learn more.
3. Azure Monitor for Azure Files: Events collection and access monitoring for sensitive files. Learn more.
4. Microsoft IIS: Access logs. Learn more.
5. Darktrace: Enhanced connector supporting "IA analyst" events. Learn more.
6. Cato: SASE connector for comprehensive event collection (Firewall, IPS, Malware detection, Network connection and more). Learn more.
These updates offer advanced security monitoring and incident response tools. For questions or assistance, please contact our support team.
Get even more automation for actions on your local network with a major upgrade to our Active Directory integration!
Now, effortlessly manage tasks such as enabling/disabling user, resetting user password, and more – both in Microsoft Entra ID in the cloud and in your on-premises Active Directory, through our playbooks.
Explore the full potential of Active Directory integration by diving into our documentation. 📚
Improve your team's security alerting capabilities by integrating Sekoia with Jira. Receive timely alerts directly in your Jira environment when security detections are triggered.
Sekoia automates the creation of specific issues in Jira through playbooks, enabling your team to quickly analyze incidents, assign ownership and initiate thorough investigations.
Through Jira, your team can monitor the status of issues and optimize remediation processes, streamlining workflows for greater efficiency in addressing security concerns.
Check out our documentation to integrate with JIRA!
We're excited to announce the launch of four new integrations available for effortless connection to the Sekoia SOC Platform: AD Audit Plus, Sonicwall Secure Mobile Access, Trellix Network Security, and Trend Micro Email Security.
Please take a look at these new integrations and give us your feedback!
To see all of our available integrations, visit our integrations catalog.
We are thrilled to announce the addition of six powerful network integrations to Sekoia.io SOC platform, enhancing your threat detection capabilities and further simplifying incident management. These new integrations are Cato Networks SASE, Cisco NX-OS, OGO WAF, OPNSense, Skyhigh Secure Web Gateway, and SonicWall Firewall.
These integrations bring a host of benefits to your cybersecurity efforts:
🔍 Anomaly detection: Add an extra layer of threat detection with anomaly detection capabilities.
🌐 Threat intelligence: Leverage Sekoia.io threat intelligence to develop confirmed threat alerts.
👁️ Improved visibility: Simplify incident management and enhance your overall visibility into network security.
🔥 Firewall context for XDR: Monitor IP addresses, URLs, and domains, allowing for effective blocking at the network perimeter and alerting for triaging and correlation.
These integrations are designed to elevate your network security efforts, streamline incident response, and ultimately bolster your organization's resilience to cyber threats.
Get started today and boost your security!
To improve the way you secure your digital ecosystem, we are excited to announce four new cloud and SaaS integrations coming out of beta.
Now you can seamlessly connect to the Sekoia.io platform with AWS GuardDuty, Palo Alto Cortex Data Lake, Salesforce, and Varonis.
With these integrations, you can reduce security risks, easily manage policies, and strengthen your applications in hybrid environments. Whether you're fighting cyber threats, protecting against OWASP attacks, or extending web security, Sekoia.io has you covered.
Don't miss the opportunity to enhance your security posture with these powerful integrations. Stay tuned for more updates!
We've just rolled out of beta three new integrations, and they are set to improve the way you protect your organization's email communications.
🌟 Let's meet the new email integrations that you can now connect instantly with Sekoia.io: Vade Cloud, Cisco ESA and Microsoft 365. We're all about maximizing the efficiency of your existing tools!
Here's a deeper dive into what these integrations bring to the table:
🔒 Visualize threats: With these new integrations, you can now gain unprecedented visibility into email threats. Understand the intricate relationships between messages, senders, and potential targets.
📈 Get actionable insights: Knowledge is key in the world of cybersecurity, and these integrations provide you with real-time alerts. Stay one step ahead of cyber threats by receiving timely insights that enable you to proactively defend your organization.
🤖 Automate workflows: In the battle against phishing attacks, malware, and other email-based threats, speed is of the essence. With Sekoia.io, you can automate workflows, empowering your security teams to respond swiftly and decisively.
These integrations are available right now. Boost your email security today! 💪
We are thrilled to announce the addition of seven powerful integrations to the endpoint category of our Sekoia XDR platform. These integrations bring a new level of threat detection and response capabilities to your cybersecurity arsenal, making your organization more resilient in the face of evolving cyber threats.
The lineup of 7 new endpoint technologies now out of beta includes:
By bringing these technologies together in the Sekoia XDR platform, we make it easier than ever to protect your endpoints and respond effectively to security incidents.
If you have any questions or need assistance with these integrations, our support team is here to help. 💪🔒
We're thrilled to announce the official release of six new integrations in our Identity & Access Management (IAM) category.
These integrations are ready to elevate your security and monitoring capabilities for identity logs.
With Sekoia.io's powerful correlation engine, you can easily correlate IAM logs and also leverage its effective anomaly detection engine.
Which new IAM tools can now be seamlessly connected to the Sekoia.io platform?
Why is it crucial to monitor the logs from your IAM tools?
For those using any of these technologies, be sure to check out our Intakes page!
SEKOIA.IO releases, as general availability, two new formats: winlogbeat and Cisco Meraki MX.
Winlogbeat is an open-source log collector for Windows. Now, with this new format, you are able to ingest events from winlogbeat agent in SEKOIA.IO
See our documentation to set your Winlogbeat intake.
Supervise any activities on your network with our format Cisco Meraki MX.
Please, refer to our documentation to set up this integration.
Last year, SEKOIA.IO integrates Cybereason's Malop activities, allowing you to see changes on a Malop.
Today, SEKOIA.IO releases its new integration with Cybereason to collect Malops and telemetry.
Use our dedicated connector to collect events.
See our documentation to set your Cybereason intake.
Now, supervise authentication and accountings in your information system with our FreeRADIUS format.
And have an intelligible panorama of activities with our events page.
See our documentation to start collecting your logs.
The integration SEKOIA.IO x Netskope is out of beta.
Monitor the authentications and the activites in your Cloud applications protected with Netskope.
Use our dedicated connector to forward events.
Please, refer to our documentation to set up this integration.