logo
Sekoia.io Documentation
Swimlane turbine
GitHub
  • Getting started
  • Sekoia Defend (XDR)
  • Sekoia Intelligence (CTI)
  • Integrations
  • API Documentation
GitHub
    • Overview
    • Where to start
      • Join workspace
      • Create and manage communities
      • Create account
      • Setup account
        • Two-Factor Authentication
        • Security tokens
        • Password Management Policy
        • Session duration
        • Two-Factor Authentication
        • SSO with OpenID Connect
        • SSO with Microsoft Entra ID (Azure AD)
        • SSO with Okta
      • Invite users
      • Manage users
      • Deactivate inactive users
        • Built-in roles
        • Custom roles
        • Intake Restricted roles
      • Create and manage notifications
      • Notification examples
    • API Keys
    • Subscriptions
    • Usage
    • Sekoia regions
    • Roy AI Assistant
    • Best practices
    • Troubleshooting tips
    • Introduction
    • Quick start guide
        • Integrations
        • Intakes
        • Entities
        • Assets
        • IOCs Detection
        • Rules Catalog
        • Built-in Rules
        • Sigma
        • Anomaly Detection
        • IOCs Collections
        • Alerts
        • Events
        • AI Cases
        • Cases
        • Asset Context Panel (coming soon)
        • Events Query Language
        • Querying Events
        • Query Builder
        • Sekoia Operating Language
        • Notebooks
        • Dashboards
        • Threat Landscape
        • Playbooks
        • Playbooks On-premises
        • Manage accounts
        • Navigate playbooks
        • Build playbooks
        • Triggers
        • Operators
        • Actions
        • Debug playbooks
        • Playbooks JSON Schema
        • FortiSOAR
        • Palo Alto Cortex XSOAR
        • Swimlane Turbine
      • Implement a blocklist in Sekoia.io
      • Synchronize Alerts with an external tool
      • Synchronize Assets with an Active Directory
      • Send notifications to a Webhook using a playbook
      • Use your own CTI in Sekoia.io
      • General
      • Alerts
        • Events QA
        • Facing issues with logs collection
        • Extract my events
        • Detection
        • Questions about IoC revokation
        • Questions about detection rules
      • Assets
        • Delay with event ingestion or alert creation
      • Sekoia.io Endpoint agent
      • Datetime representation
    • Introduction
      • Data Models
        • Intelligence
        • Observables
        • Telemetry
        • Outgoing Feeds
        • Graph Explorations
        • Enrichers
        • Export
        • IOCs Collections
        • Dashboards
        • Threat Landscape
        • Overview
        • API
        • TAXII
        • Cortex Analyzer
        • MISP Feed
        • Microsoft Sentinel
        • OpenCTI Import Connector
        • OpenCTI Stream Connector
        • Splunk
        • Splunk SOAR
        • Swimlane Turbine
        • Anomali ThreatStream
        • PaloAlto Cortex XSOAR
        • PaloAlto Cortex XSIAM
        • ThreatQuotient
    • Introduction
      • Overview
        • Overview
        • AWS S3
        • Azure Event Hub
        • Google Pub/Sub
        • Overview
        • Formatting options
        • Compression
        • Forwarding logs using a third-party application
        • Graylog
        • Logstash
        • Overview
        • Sekoia.io Forwarder
        • Third-party syslog services
        • Rsyslog
        • Syslog NG
        • Secured forwarding
      • Overview
        • 1Password EPM
        • Apache HTTP Server
        • Azure Activity Logs
        • Azure Files
        • Azure MySQL
        • Cloudflare Audit Logs
        • Fastly WAF Audit logs
        • Github Audit Logs
        • Google Workspace / ChromeOS
        • Google Cloud Audit Logs
        • LockSelf LockPass/LockTransfer/LockFiles
        • Microsoft IIS
        • Microsoft Sentinel
        • New Relic Alerts
        • Salesforce
        • Sekoia.io activity logs
        • Sekoia.io forwarder logs
        • Systancia Cleanroom
        • Veeam Backup
        • Wiz Audit Logs
        • Cisco Email Security Appliance
        • FortiMail
        • Hornetsecurity 365 Total Protection
        • Mimecast Email Security
        • Office 365
        • Office 365 Message Trace
        • Postfix
        • Proofpoint On Demand
        • Proofpoint Targeted Attack Protection
        • Retarus Email Security
        • SpamAssassin
        • Trend Micro Email Security
        • Vade Cloud
        • Vade M365
        • Azure Windows
        • Bitdefender GravityZone
        • Check Point Harmony Mobile
        • CrowdStrike Falcon
        • CrowdStrike Falcon Telemetry
        • Cybereason MalOp
        • Cybereason MalOp activity
        • Eset Protect
        • Google Kubernetes Engine (GKE)
        • Harfanglab
        • IBM AIX
        • IBM iSeries (AS/400)
        • Kaspersky Endpoint Security
        • Kubernetes Audit Logs
        • Linux AuditBeat
        • Log Insight Windows
        • Lookout Mobile Endpoint Security
        • Microsoft Defender XDR (Microsoft 365 Defender)
        • Microsoft Intune
        • Nozomi CMC
        • Nucleon EDR
        • Palo Alto Cortex XDR (EDR)
        • Panda Security Aether
        • Pradeo MTD
        • SentinelOne
        • SentinelOne Cloud Funnel 2.0
        • Sekoia.io Endpoint Agent
        • Sophos EDR
        • Stormshield SES
        • Symantec Endpoint Protection
        • TEHTRIS Endpoint Detection & Reponse
        • Tanium
        • Trellix ATD
        • Trellix EDR
        • Trend Micro Apex One / Vision One Endpoint
        • Trend Micro Vision One Workbench
        • Trend Micro Vision One Observed Attack Techniques
        • WatchGuard EPDR
        • VMWare ESXi
        • VMWare VCenter
        • Windows
        • Winlogbeat
        • WithSecure Elements
        • CEF
        • Raw
        • OCSF
        • Tenable Identity Exposure / Alsid
        • Azure Key Vault
        • Cisco Duo Security
        • Cyberark Digital Vault
        • CyberArk Identity Audit Logs
        • FreeRADIUS
        • Jumpcloud Directory Insights
        • Keycloak Events
        • ManageEngine ADAudit Plus
        • Microsoft Entra ID (Azure AD)
        • Microsoft Entra ID (via Graph API)
        • Okta System log
        • OpenLDAP
        • PingFederate
        • RSA SecurID
        • Rubycat PROVE IT
        • SentinelOne Singularity Identity
        • Wallix
        • Amazon VPC Flow Logs
        • Azure Application Gateway
        • ArubaOS Switch
        • BeyondTrust PRA Sessions
        • BIND
        • Cato SASE
        • Cisco IOS
        • Cisco Meraki MX
        • Cisco NX-OS
        • Citrix NetScaler / ADC
        • Cloudflare Access Request
        • Cloudflare DNS Gateway
        • Cloudflare DNS logs
        • Cloudflare Gateway HTTP
        • Cloudflare Gateway Network
        • Cloudflare HTTP requests
        • EfficientIP SOLIDServer DDI
        • Ekinops OneOS
        • F5 BIG-IP
        • Google VPC Flow Logs
        • HAProxy
        • ISC DHCP
        • Infoblox DDI
        • Juniper Network Switches
        • Microsoft Always On VPN
        • NGINX
        • Netfilter
        • OPNSense
        • OpenSSH
        • OpenVPN
        • PfSense
        • Pulse Connect Secure
        • Squid
        • Jizo AI / Sesame Jizo NDR
        • Umbrella DNS Logs
        • Unbound
        • Akamai WAF
        • AWS CloudTrail
        • Amazon CloudFront Logs
        • Amazon GuardDuty
        • Amazon WAF
        • Azure Front Door
        • Azure Network Watcher (NSG flow logs; deprecated)
        • Azure Network Watcher (Virtual Network Flow Logs)
        • Barracuda CloudGen Firewall
        • Bitsight SPM
        • Broadcom Cloud Secure Web Gateway
        • Broadcom Edge Secure Web Gateway
        • Broadcom Siteminder
        • Check Point
        • Cisco Identity Services Engine (ISE)
        • Cisco Secure Firewall
        • Cisco Web Security Appliance
        • Claroty xDome
        • Clavister Next-Gen Firewall
        • Cloudflare WAF / Firewall Events
        • Cyberwatch Detection
        • Darktrace Threat Visualizer
        • Datadome Protection
        • Daspren Parad
        • Digital Shadows SearchLight
        • ExtraHop Reveal(x) 360
        • F5 Distributed Cloud
        • Fastly Next-Gen WAF
        • Forcepoint Secure Web Gateway
        • Forcepoint Management Server
        • Forcepoint NGFW
        • FortiProxy
        • FortiWeb
        • Fortigate
        • Gatewatcher AionIQ (<=v102)
        • Gatewatcher AionIQ (>=v103)
        • Google Cloud Load Balancing
        • Imperva Web Application Firewall
        • Juniper Next Gen Firewall
        • Lacework Cloud Security
        • McAfee Web Gateway / Skyhigh Secure Web Gateway - On Prem
        • McAfee Web Gateway / Skyhigh Secure Web Gateway - SaaS
        • NeroSwarm Honeypot
        • Netskope Events
        • Netskope Log Streaming (Transaction Events)
        • Netskope Transaction Events
        • Nozomi Vantage
        • OGO Shield WAF
        • Olfeo SAAS
        • Olfeo Secure Web Gateway
        • Palo Alto Next-Generation Firewall
        • Palo Alto Prisma access
        • Seckiot Citadelle
        • Security Scorecard Vunerability Assessment Scanner
        • SonicWall Firewall
        • SonicWall SMA
        • Sophos Firewall
        • Sophos Threat Analysis Center
        • Stormshield Network Security
        • Suricata
        • Thinkst Canary
        • Trellix Network Security
        • Trellix ePO
        • Trellix ePO - On Prem
        • Trend Micro Deep Security / Workload Security
        • Ubika Cloud Protector Alerts
        • Ubika Cloud Protector Next Generation
        • Ubika Cloud Protector Traffic
        • Ubika WAAP Gateway
        • Umbrella IP Logs
        • Umbrella Proxy Logs
        • Varonis Data Security
        • Vectra Cognito Detect
        • Vectra Respond UX - Entity Scoring
        • WatchGuard Firebox
        • Wiz Cloud configuration findings
        • Wiz Issues
        • Wiz Vulnerability Findings
        • Zscaler Internet Access
      • Overview
        • ElasticSearch
        • Mandrill
        • Mattermost
        • New Relic
        • PagerDuty
        • AWS
        • Azure Monitor
        • Google Cloud
        • Atlassian JIRA
        • Atlassian JIRA
        • Git
        • Nybble
        • ServiceNow
        • The Hive
        • The Hive V5
        • The Hive V5
        • Microsoft Outlook
        • Bitdefender GravityZone
        • CrowdStrike Falcon
        • Eset
        • HarfangLab
        • Microsoft Windows Server
        • MicrosoftDefenderXDR
        • Palo Alto Cortex XDR (EDR)
        • Palo Alto Cortex XSIAM
        • Panda Security
        • SentinelOne
        • Sophos
        • Stormshield SES
        • TrendMicro VisionOne
        • WithSecure
        • HTTP
        • OpenAI
        • RSS
        • Sekoia.io
        • Sekoia.io
        • Utils
        • Microsoft Active Directory
        • Microsoft Entra ID
        • Fortigate Firewalls
        • Sophos
        • Zscaler
        • BinaryEdge's API
        • Censys
        • Certificate Transparency
        • Detection Rules
        • Digital Shadows
        • GLIMPS
        • IKnowWhatYouDownload
        • IPInfo
        • IPtoASN
        • MISP
        • MWDB
        • OSINT
        • Onyphe
        • Public Suffix
        • RiskIQ
        • Shodan
        • Tranco
        • Triage
        • VirusTotal
        • Whois
      • Overview
        • Tenable.io
        • AWS EC2
        • Crowdstrike Falcon
        • Harfanglab EDR
        • Okta
        • SentinelOne EDR
        • AWS IAM
        • Microsoft Entra ID
        • Okta
      • Overview
        • Overview
        • Action
        • Create a Module
        • Development Guidelines
        • Module
        • Trigger
        • Overview
        • Create a Format
        • Datasources
        • Definition of a structured event
        • Definition of the taxonomy
        • How to write a parser
        • How to write smart descriptions
          • Overview
          • Authentications
          • Networks
          • Endpoints
      • Overview
        • Bug VS Improvement Requests
  • API Documentation

Swimlane turbine

More information about this external integration : https://turbine-marketplace.swimlane.com/en-US/apps/430566/sekoiaio-xdr

Previous
Palo Alto Cortex XSOAR
Next
Implement a blocklist in Sekoia.io
Copyright © 2025 - Sekoia.io
Made with Zensical