Skip to content

Quick start: Intelligence

Sekoia Intelligence is a continuously updated cyber threat intelligence (CTI) knowledge base maintained by Sekoia analysts. In two steps, you will learn how to search the intelligence database and read threat reports that are relevant to your organization. By the end of this guide, you will be able to use Sekoia Intelligence as a daily operational resource.

Learning goal

After completing this guide, you will be able to:

  • Search the intelligence database for a threat actor, malware family, or indicator
  • Understand how intelligence objects are structured and related
  • Read and act on a FLINT threat report
  • Set up a feed and notification to stay informed about new relevant intelligence

Prerequisites

  • You have an active Sekoia Intelligence subscription.
  • You have logged in and your account is active.

The two steps

Step What you do Time estimate
Step 1 Explore the threat intelligence database 15-20 min
Step 2 Read and act on threat reports 15-20 min

How Intelligence integrates with Defend

If your organization also uses Sekoia Defend, the two products work together automatically:

  • Indicators from the Intelligence database power CTI-based detection rules in Defend, raising alerts when a known malicious indicator appears in your event stream.
  • Alerts in Defend are enriched with Intelligence context, showing you the threat actor, campaign, and related objects associated with an alert's observables.
  • FLINT reports often include indicators of compromise that you can cross-reference with your Defend alerts.

Prefer to learn with video?

Visit the Sekoia Academy) for video tutorials on using Sekoia Intelligence.