logo
Sekoia.io Documentation
Swimlane Turbine
Initializing search
    GitHub
    • Getting started
    • Sekoia Defend (XDR)
    • Sekoia Intelligence (CTI)
    • Integrations
    • API Documentation
    GitHub
      • Overview
      • Where to start
        • Join workspace
        • Create and manage communities
        • Create account
        • Setup account
          • Two-Factor Authentication
          • Security tokens
          • Session duration
          • Two-Factor Authentication
          • SSO with OpenID Connect
          • SSO with Microsoft Entra ID (Azure AD)
          • SSO with Okta
        • Invite users
        • Manage users
        • Deactivate inactive users
          • Built-in roles
          • Custom roles
          • Intake Restricted roles
        • Create and manage notifications
        • Notification examples
      • API Keys
      • Subscriptions
      • Usage
      • Sekoia regions
      • Roy AI Assistant
      • Best practices
      • Troubleshooting tips
      • Introduction
      • Quick start guide
          • Intakes
          • Entities
          • Assets
          • IOCs Detection
          • Rules Catalog
          • Built-in Rules
          • Sigma
          • Anomaly Detection
          • IOCs Collections
          • Alerts
          • Events
          • AI Cases
          • Cases
          • Events Query Language
          • Querying Events
          • Query Builder
          • Sekoia Operating Language (coming soon)
          • Notebooks
          • Dashboards
          • Threat Landscape
          • Playbooks
          • Playbooks On-premises
          • Manage accounts
          • Navigate playbooks
          • Build playbooks
          • Triggers
          • Operators
          • Actions
          • Debug playbooks
          • Playbooks JSON Schema
          • FortiSOAR
          • Palo Alto Cortex XSOAR
          • Swimlane Turbine
        • Implement a blocklist in Sekoia.io
        • Synchronize Alerts with an external tool
        • Synchronize Assets with an Active Directory
        • Send notifications to a Webhook using a playbook
        • Use your own CTI in Sekoia.io
        • General
        • Alerts
          • Events QA
          • Facing issues with logs collection
          • Extract my events
          • Detection
          • Questions about IoC revokation
          • Questions about detection rules
        • Assets
          • Delay with event ingestion or alert creation
        • Sekoia.io Endpoint agent
        • Datetime representation
      • Introduction
        • Data Models
          • Intelligence
          • Observables
          • Telemetry
          • Outgoing Feeds
          • Graph Explorations
          • Enrichers
          • Export
          • IOCs Collections
          • Dashboards
          • Threat Landscape
          • Overview
          • API
          • TAXII
          • Cortex Analyzer
          • MISP Feed
          • Microsoft Sentinel
          • OpenCTI
          • Splunk
          • Splunk SOAR
          • Swimlane Turbine
          • Anomali ThreatStream
          • PaloAlto Cortex XSOAR
          • ThreatQuotient
      • Introduction
        • Overview
          • Overview
          • AWS S3
          • Azure Event Hub
          • Google Pub/Sub
          • Overview
          • Formatting options
          • Compression
          • Forwarding logs using a third-party application
          • Graylog
          • Logstash
          • Overview
          • Sekoia.io Forwarder
          • Third-party syslog services
          • Rsyslog
          • Syslog NG
          • Secured forwarding
        • Overview
          • 1Password EPM
          • Apache HTTP Server
          • Azure Files
          • Azure MySQL
          • Cloudflare Audit Logs
          • Fastly WAF Audit logs
          • Github Audit Logs
          • Google Workspace / ChromeOS
          • Google Cloud Audit Logs
          • LockSelf LockPass/LockTransfer/LockFiles
          • Microsoft IIS
          • Microsoft Sentinel
          • Salesforce
          • Sekoia.io activity logs
          • Sekoia.io forwarder logs
          • Systancia Cleanroom
          • Veeam Backup
          • Wiz Audit Logs
          • Cisco Email Security Appliance
          • FortiMail
          • Mimecast Email Security
          • Office 365
          • Office 365 Message Trace
          • Postfix
          • Proofpoint On Demand
          • Proofpoint Targeted Attack Protection
          • Retarus Email Security
          • SpamAssassin
          • Trend Micro Email Security
          • Vade Cloud
          • Vade M365
          • Azure Windows
          • Bitdefender GravityZone
          • Check Point Harmony Mobile
          • CrowdStrike Falcon
          • CrowdStrike Falcon Telemetry
          • Cybereason MalOp
          • Cybereason MalOp activity
          • Eset Protect
          • Google Kubernetes Engine (GKE)
          • Harfanglab
          • IBM AIX
          • IBM iSeries (AS/400)
          • Kaspersky Endpoint Security
          • Linux AuditBeat
          • Log Insight Windows
          • Microsoft Defender XDR (Microsoft 365 Defender)
          • Microsoft Intune
          • Palo Alto Cortex XDR (EDR)
          • Panda Security Aether
          • Pradeo MTD
          • SentinelOne
          • SentinelOne Cloud Funnel 2.0
          • Sekoia.io Endpoint Agent
          • Sophos EDR
          • Stormshield SES
          • Symantec Endpoint Protection
          • TEHTRIS Endpoint Detection & Reponse
          • Tanium
          • Trellix EDR
          • Trend Micro Apex One / Vision One Endpoint
          • Trend Micro Vision One Workbench
          • Trend Micro Vision One Observed Attack Techniques
          • VMWare ESXi
          • VMWare VCenter
          • Windows
          • Winlogbeat
          • WithSecure Elements
          • CEF
          • Raw
          • OCSF
          • Tenable Identity Exposure / Alsid
          • Azure Key Vault
          • Cisco Duo Security
          • CyberArk Identity Audit Logs
          • FreeRADIUS
          • Jumpcloud Directory Insights
          • ManageEngine ADAudit Plus
          • Microsoft Entra ID (Azure AD)
          • Okta System log
          • OpenLDAP
          • RSA SecurID
          • Rubycat PROVE IT
          • SentinelOne Singularity Identity
          • Wallix
          • Amazon VPC Flow Logs
          • Azure Application Gateway
          • ArubaOS Switch
          • BeyondTrust PRA
          • BIND
          • Cato SASE
          • Cisco IOS
          • Cisco Meraki MX
          • Cisco NX-OS
          • Citrix NetScaler / ADC
          • Cloudflare Access Request
          • Cloudflare DNS Gateway
          • Cloudflare DNS logs
          • Cloudflare Gateway HTTP
          • Cloudflare Gateway Network
          • Cloudflare HTTP requests
          • EfficientIP SOLIDServer DDI
          • Ekinops OneOS
          • F5 BIG-IP
          • Forcepoint Secure Web Gateway
          • Google VPC Flow Logs
          • HAProxy
          • ISC DHCP
          • Infoblox DDI
          • Juniper Network Switches
          • Microsoft Always On VPN
          • NGINX
          • Netfilter
          • OPNSense
          • OpenSSH
          • OpenVPN
          • PfSense
          • Pulse Connect Secure
          • Squid
          • Jizo AI / Sesame Jizo NDR
          • Umbrella DNS Logs
          • Unbound
          • Akamai WAF
          • AWS CloudTrail
          • Amazon CloudFront Logs
          • Amazon GuardDuty
          • Amazon WAF
          • Azure Front Door
          • Azure Network Watcher (NSG flow logs)
          • Bitsight SPM
          • Broadcom Cloud Secure Web Gateway
          • Broadcom Edge Secure Web Gateway
          • Check Point
          • Cisco Identity Services Engine (ISE)
          • Cisco Secure Firewall
          • Cisco Web Security Appliance
          • Claroty xDome
          • Clavister Next-Gen Firewall
          • Cloudflare WAF / Firewall Events
          • Cyberwatch Detection
          • Darktrace Threat Visualizer
          • Datadome Protection
          • Daspren Parad
          • Digital Shadows SearchLight
          • ExtraHop Reveal(x) 360
          • F5 Distributed Cloud
          • Fastly Next-Gen WAF
          • Forcepoint Secure Web Gateway
          • FortiProxy
          • FortiWeb
          • Fortigate
          • Gatewatcher AionIQ
          • Google Cloud Load Balancing
          • Imperva Web Application Firewall
          • Lacework Cloud Security
          • McAfee Web Gateway / Skyhigh Secure Web Gateway - On Prem
          • McAfee Web Gateway / Skyhigh Secure Web Gateway - SaaS
          • Netskope Events
          • Netskope Transaction Events
          • OGO Shield WAF
          • Olfeo Secure Web Gateway
          • Palo Alto Next-Generation Firewall
          • Palo Alto Prisma access
          • Seckiot Citadelle
          • Security Scorecard Vunerability Assessment Scanner
          • SonicWall Firewall
          • SonicWall SMA
          • Sophos Firewall
          • Sophos Threat Analysis Center
          • Stormshield Network Security
          • Suricata
          • Thinkst Canary
          • Trellix Network Security
          • Trellix ePO
          • Trend Micro Deep Security / Workload Security
          • Ubika Cloud Protector Alerts
          • Ubika Cloud Protector Traffic
          • Ubika WAAP Gateway
          • Umbrella IP Logs
          • Umbrella Proxy Logs
          • Varonis Data Security
          • Vectra Cognito Detect
          • WatchGuard Firebox
          • Wiz Cloud configuration findings
          • Wiz Issues
          • Wiz Vulnerability Findings
          • Zscaler Internet Access
          • ElasticSearch
          • Mandrill
          • Mattermost
          • PagerDuty
          • AWS
          • Azure Monitor
          • Google
          • Atlassian JIRA
          • Git
          • Nybble
          • ServiceNow
          • The Hive
          • The Hive V5
          • Microsoft Outlook
          • CrowdStrike Falcon
          • Eset
          • HarfangLab
          • Microsoft Windows Server
          • MicrosoftDefenderXDR
          • Panda Security
          • SentinelOne
          • Sophos
          • Stormshield SES
          • WithSecure
          • HTTP
          • OpenAI
          • RSS
          • Sekoia.io
          • Utils
          • Microsoft Active Directory
          • Microsoft Entra ID
          • Fortigate Firewalls
          • Sophos
          • Zscaler
        • Overview
          • BinaryEdge's API
          • Censys
          • Certificate Transparency
          • Detection Rules
          • Digital Shadows
          • GLIMPS
          • IKnowWhatYouDownload
          • IPInfo
          • IPtoASN
          • MISP
          • MWDB
          • OSINT
          • Onyphe
          • Public Suffix
          • RiskIQ
          • Shodan
          • Tranco
          • Triage
          • Triage
          • VirusTotal
          • Whois
          • Whois
        • Overview
          • Overview
          • Action
          • Create a Module
          • Development Guidelines
          • Module
          • Trigger
          • Overview
          • Create a Format
          • Datasources
          • Definition of a structured event
          • Definition of the taxonomy
          • How to write a parser
          • How to write smart descriptions
            • Overview
            • Authentications
            • Networks
            • Endpoints
        • Overview
          • Bug VS Improvement Requests
    • API Documentation

    Swimlane Turbine

    More information about this external integration : https://turbine-marketplace.swimlane.com/en-US/apps/430705/sekoiaio-cti

    Previous
    Splunk SOAR
    Next
    Anomali ThreatStream
    Copyright © 2023 - Sekoia.io
    Made with Material for MkDocs