Skip to content

SEKOIAIntelligenceCenter#

README

Get more context around domain names, IP adresses, urls and file hashes using the SEKOIA.IO Intelligence Database.

The analyzer comes in 3 flavors:

  • SEKOIAIntelligenceCenter_Indicators: Find indicators matching the observable provided.
  • SEKOIAIntelligenceCenter_Context: Get indicators and their context for the observable provided.
  • SEKOIAIntelligenceCenter_Observables: Query the Intelligence Center to retrieve known observables.

Requirements#

You need an active SEKOIA.IO Intelligence Center subscription to use the analyzer:

  • Provide your API key as a value for the api_key parameter.

To get any help don't hesitate to contact support@sekoia.io.

SEKOIAIntelligenceCenter_Indicators#

Author: SEKOIA
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- url
- hash
- ip
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://sekoia.io/

Description#

Query the Intelligence Center to retrieve indicators

Configuration#

api_key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
url Base URL (default to https://app.sekoia.io)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

SEKOIAIntelligenceCenter_Indicators long report sample

SEKOIAIntelligenceCenter_Context#

Author: SEKOIA
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- url
- hash
- ip
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://sekoia.io/

Description#

Query the Intelligence Center to retrieve the context of an observable

Configuration#

api_key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
url Base URL (default to https://app.sekoia.io)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

SEKOIAIntelligenceCenter_Context long report sample

SEKOIAIntelligenceCenter_Observables#

Author: SEKOIA
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- url
- hash
- ip
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://sekoia.io/

Description#

Query the Intelligence Center to retrieve known observables

Configuration#

api_key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
url Base URL (default to https://app.sekoia.io)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

SEKOIAIntelligenceCenter_Context long report sample