logo
Sekoia.io Documentation
Swimlane Turbine
Initializing search
    GitHub
    • Getting started
    • Sekoia Defend (XDR)
    • Sekoia Intelligence (CTI)
    • Sekoia.io TIP
    • Integrations
    GitHub
      • Overview
      • Where to start
        • Join workspace
        • Create and manage communities
        • Create account
        • Setup account
          • Two-Factor Authentication
          • Security tokens
          • Session duration
          • Two-Factor Authentication
          • SSO with OpenID Connect
          • SSO with Microsoft Entra ID (Azure AD)
          • SSO with Okta
        • Invite users
        • Manage users
        • Deactivate inactive users
          • Built-in roles
          • Custom roles
          • Intake Restricted roles
        • Create and manage notifications
        • Notification examples
      • API Keys
      • Sekoia regions
      • Best practices
      • Troubleshooting tips
      • Introduction
      • Quick start guide
          • Intakes
          • Entities
          • Assets
          • IOCs Detection
          • Rules Catalog
          • Built-in Rules
          • Sigma
          • Anomaly Detection
          • IOCs Collections
          • Alerts
          • Events
          • Cases
          • Events Query Language
          • Querying Events
          • Query Builder (beta)
          • Dashboards
          • Threat Landscape
          • Playbooks
          • Playbooks On-premises
          • Manage accounts
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
          • Debug playbooks
          • Playbooks JSON Schema
          • FortiSOAR
          • Palo Alto Cortex XSOAR
          • Swimlane Turbine
        • Implement a blocklist in Sekoia.io
        • Synchronize Alerts with an external tool
        • Send notifications to a Webhook using a playbook
        • Use your own CTI in Sekoia.io
        • General
        • Alerts
          • Events QA
          • Facing issues with logs collection
        • Detection
        • Assets
        • Sekoia.io Endpoint agent
        • Datetime representation
          • Quickstart
          • Authentication and Community
          • Dashboard
          • Configuration
          • Parser
          • Alert
          • Assets
          • Playbooks
          • Query Builder
          • Telemetry
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Telemetry
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • IOCs Collections
          • Dashboards
          • Threat Landscape
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • Splunk SOAR
          • Swimlane Turbine
          • Anomali ThreatStream
          • PaloAlto Cortex XSOAR
          • ThreatQuotient
          • Quickstart
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Telemetry
          • Dashboard
          • Playbooks
          • External Dynamic List
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • IOCs Collections
          • Content Proposals
          • Incoming Feeds
          • Warning Rules
          • Expiration Rules
          • Dashboards
          • Threat Landscape
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • PaloAlto Cortex XSOAR
          • Playbooks
          • Manage accounts
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
              • Mandrill
              • Mattermost
              • Microsoft Windows Server
              • PagerDuty
              • AWS
              • Google
              • Atlassian JIRA
              • Git
              • ServiceNow
              • The Hive
              • The Hive V5
              • Vade Secure
              • CrowdStrike Falcon
              • HarfangLab
              • Panda Security
              • SentinelOne
              • Sophos
              • WithSecure
              • HTTP
              • OpenAI
              • RSS
              • Sekoia.io
              • Utils
              • Microsoft Active Directory
              • Microsoft Entra ID
              • Fortigate Firewalls
              • Zscaler
            • Overview
              • BinaryEdge's API
              • Censys
              • Certificate Transparency
              • Detection Rules
              • Digital Shadows
              • GLIMPS
              • IKnowWhatYouDownload
              • IPInfo
              • IPtoASN
              • MISP
              • MWDB
              • Nybble
              • OSINT
              • Onyphe
              • Public Suffix
              • RiskIQ
              • Shodan
              • Tranco
              • Triage
              • VirusTotal
              • Whois
          • Quickstart
          • Authentication and Community
          • Intelligence
          • Enrichment
          • Dashboard
          • Playbooks
      • Introduction
        • Overview
          • Overview
          • AWS S3
          • Azure Event Hub
          • Google Pub/Sub
          • Overview
          • Formatting options
          • Forwarding logs using a third-party application
          • Graylog
          • Logstash
          • Overview
          • Sekoia.io Forwarder
          • Third-party syslog services
          • Rsyslog
          • Syslog NG
          • Secured forwarding
        • Overview
          • 1Password EPM
          • Apache HTTP Server
          • Azure Files
          • Azure MySQL
          • Cloudflare Audit Logs
          • Fastly WAF Audit logs
          • Github Audit Logs
          • Google Reports
          • Google Workspace and Google Cloud Audit Logs
          • Microsoft IIS
          • Salesforce
          • Sekoia.io activity logs
          • Sekoia.io forwarder logs
          • Systancia Cleanroom
          • Veeam Backup
          • Cisco Email Security Appliance
          • FortiMail
          • Mimecast Email Security
          • Office 365
          • Office 365 Message Trace
          • Postfix
          • Proofpoint On Demand
          • Proofpoint Targeted Attack Protection
          • Retarus Email Security
          • SpamAssassin
          • Trend Micro Email Security
          • Vade Cloud
          • Vade M365
          • Azure Windows
          • Bitdefender GravityZone
          • Check Point Harmony Mobile
          • CrowdStrike Falcon
          • CrowdStrike Falcon Telemetry
          • Cybereason MalOp
          • Cybereason MalOp activity
          • Eset Protect
          • Google Kubernetes Engine (GKE)
          • Harfanglab
          • IBM AIX
          • IBM iSeries (AS/400)
          • Kaspersky Endpoint Security
          • Linux AuditBeat
          • Log Insight Windows
          • Microsoft 365 Defender
          • Microsoft Intune
          • Palo Alto Cortex XDR (EDR)
          • Panda Security Aether
          • Pradeo MTD
          • SentinelOne
          • SentinelOne Cloud Funnel 2.0
          • Sekoia.io Endpoint Agent
          • Sophos EDR
          • Stormshield SES
          • Symantec Endpoint Protection
          • TEHTRIS Endpoint Detection & Reponse
          • Tanium
          • Trellix EDR
          • Trend Micro Apex One
          • VMWare ESXi
          • VMWare VCenter
          • Windows
          • Winlogbeat
          • WithSecure Elements
          • CEF
          • Raw
          • OCSF
          • Alsid
          • Azure Key Vault
          • Cisco Duo Security
          • FreeRADIUS
          • Jumpcloud Directory Insights
          • ManageEngine ADAudit Plus
          • Microsoft Entra ID (Azure AD)
          • Okta System log
          • OpenLDAP
          • RSA SecurID
          • Rubycat PROVE IT
          • Wallix
          • Amazon VPC Flow Logs
          • Azure Application Gateway
          • ArubaOS Switch
          • BIND
          • Cato SASE
          • Cisco IOS
          • Cisco Meraki MX
          • Cisco NX-OS
          • Citrix NetScaler / ADC
          • Cloudflare Access Request
          • Cloudflare DNS Gateway
          • Cloudflare DNS logs
          • Cloudflare Gateway HTTP
          • Cloudflare Gateway Network
          • Cloudflare HTTP requests
          • EfficientIP SOLIDServer DDI
          • Ekinops OneOS
          • F5 BIG-IP
          • Forcepoint Secure Web Gateway
          • Google VPC Flow Logs
          • HAProxy
          • ISC DHCP
          • Infoblox DDI
          • Juniper Network Switches
          • Microsoft Always On VPN
          • NGINX
          • Netfilter
          • OPNSense
          • OpenSSH
          • OpenVPN
          • Pulse Connect Secure
          • Squid
          • Sesame it Jizo NDR
          • Umbrella DNS Logs
          • Unbound
          • AWS CloudTrail
          • Amazon CloudFront Logs
          • Amazon GuardDuty
          • Amazon WAF
          • Azure Front Door
          • Azure Network Watcher (NSG flow logs)
          • Bitsight SPM
          • Broadcom Cloud Secure Web Gateway
          • Broadcom Edge Secure Web Gateway
          • Check Point
          • Cisco Identity Services Engine (ISE)
          • Cisco Secure Firewall
          • Cisco Web Security Appliance
          • Claroty xDome
          • Clavister Next-Gen Firewall
          • Cloudflare Firewall Events
          • Cyberwatch Detection
          • Darktrace Threat Visualizer
          • Datadome Protection
          • Daspren Parad
          • Digital Shadows SearchLight
          • ExtraHop Reveal(x) 360
          • Fastly Next-Gen WAF
          • Forcepoint Secure Web Gateway
          • FortiProxy
          • FortiWeb
          • Fortigate
          • Gatewatcher AionIQ
          • Google Cloud Load Balancing
          • Imperva Web Application Firewall
          • Lacework Cloud Security
          • McAfee Web Gateway / Skyhigh Secure Web Gateway
          • Netskope Events
          • Netskope Transaction Events
          • OGO Shield WAF
          • Olfeo Secure Web Gateway
          • Palo Alto Next-Generation Firewall
          • Palo Alto Prisma access
          • Security Scorecard Vunerability Assessment Scanner
          • SonicWall Firewall
          • SonicWall SMA
          • Sophos Firewall
          • Sophos Threat Analysis Center
          • Stormshield Network Security
          • Suricata
          • Thinkst Canary
          • Trellix Network Security
          • Trellix ePO
          • Trend Micro Deep Security / Workload Security
          • Ubika Cloud Protector Alerts
          • Ubika Cloud Protector Traffic
          • Ubika WAAP Gateway
          • Umbrella IP Logs
          • Umbrella Proxy Logs
          • Varonis Data Security
          • Vectra Cognito Detect
          • WatchGuard Firebox
          • Zscaler Internet Access
          • Mandrill
          • Mattermost
          • Microsoft Windows Server
          • PagerDuty
          • AWS
          • Google
          • Atlassian JIRA
          • Git
          • ServiceNow
          • The Hive
          • The Hive V5
          • Vade Secure
          • CrowdStrike Falcon
          • HarfangLab
          • Microsoft Defender
          • Panda Security
          • SentinelOne
          • Sophos
          • WithSecure
          • HTTP
          • OpenAI
          • RSS
          • Sekoia.io
          • Utils
          • Microsoft Active Directory
          • Microsoft Entra ID
          • Fortigate Firewalls
          • Zscaler
        • Overview
          • BinaryEdge's API
          • Censys
          • Certificate Transparency
          • Detection Rules
          • Digital Shadows
          • GLIMPS
          • IKnowWhatYouDownload
          • IPInfo
          • IPtoASN
          • MISP
          • MWDB
          • Nybble
          • OSINT
          • Onyphe
          • Public Suffix
          • RiskIQ
          • Shodan
          • Tranco
          • Triage
          • VirusTotal
          • Whois
        • Overview
          • Overview
          • Action
          • Create a Module
          • Development Guidelines
          • Module
          • Trigger
          • Overview
          • Create a Format
          • Datasources
          • Definition of a structured event
          • Definition of the taxonomy
          • How to write a parser
          • How to write smart descriptions
            • Overview
            • Authentications
            • Networks
            • Endpoints
        • Overview
          • Bug VS Improvement Requests

    Swimlane Turbine

    More information about this external integration : https://turbine-marketplace.swimlane.com/en-US/apps/430705/sekoiaio-cti

    Previous
    Splunk SOAR
    Next
    Anomali ThreatStream
    Copyright © 2023 - Sekoia.io
    Made with Material for MkDocs