Sekoia.io
Integrate your Sekoia.io SIEM alerts, threat intelligence and assets
The Sekoia.io connector allows you to integrate your SIEM data, security alerts, and threat intelligence information into OverSOC.
Overview
The Sekoia.io connector enables you to collect the following information:
- SIEM alerts and incidents
- Threat intelligence
- Monitored assets
Prerequisites
- Access to a Sekoia.io instance
- Sekoia.io API token generated
- API permissions configured
Information to provide in OverSOC
| Field | Description |
|---|---|
| API Key | Sekoia.io API key |
| API URL | Sekoia.io API URL (e.g., https://api.sekoia.io) |
Configuration
Generate a Sekoia.io API Key
- Log in to your Sekoia.io account with an administrator-level role (only admin role users can create API keys).
- Navigate to Settings > Workspace > API Keys.
- Click Create or Add to create a new API key.
- Fill in the required information:
- Name: Descriptive name (e.g., "OverSOC Connector").
- Description: At least 10 characters (e.g., "OverSOC vulnerability monitoring integration").
- Expiration Date: Set an appropriate expiration period.
- Assign permissions based on your use case:
- Read access to SIEM events and alerts
- Read access to threat intelligence
- Read access to asset inventory
- Click Generate and note the API key immediately (it will only be displayed once).
Configure the connector in OverSOC
- In OverSOC, go to Data Sources Settings > Sources.
- Select Sekoia.io and click Configure.
- Fill in the required fields:
- API Key: The generated API key.
- API URL: The Sekoia.io API endpoint (e.g., https://api.sekoia.io).
- Click Save Configuration.
Official Documentation
For additional information, refer to the Sekoia.io Manage API Keys documentation.
Required Permissions
The API key must have the following minimum permissions:
- Read access to SIEM events
- Access to security alerts
- Access to threat intelligence
- Access to asset inventory