Ctrlk
LoginStart for Free

Sekoia.io Integration

Forward Sekoia.io alerts to ilert via the ilert integration in Sekoia playbooks to notify on-call teams and centralize security incident response.

Sekoia.io is a SaaS SOC platform that combines SIEM, SOAR, and CTI capabilities to detect, investigate, and respond to threats. Connecting Sekoia.io to ilert lets you trigger ilert alerts from Sekoia playbooks so security findings reach the right on-call team and are tracked through to resolution.

In ilert: Create a Sekoia.io alert source

  1. Go to Alert sources -> Alert sources and click Create new alert source.

  1. Search for Sekoia.io in the search field, click the Sekoia.io tile, and then Next.

  1. Give your alert source a name, optionally assign teams, and click Next.

  2. Select an escalation policy by creating a new one or assigning an existing one.

  1. Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

  1. The next page shows additional settings, such as custom alert templates or notification priority. Click Finish setup for now.

  2. On the final page, copy the generated integration key and Sekoia.io URL. You will use both in the next steps.

In Sekoia.io: Connect the ilert integration

  1. In Sekoia.io, open Integrations from the sidebar.

  1. Search for ilert and select the ilert integration from the results.

  1. Click Show accounts, then Connect an account.

  1. Fill in the Add new account form:

    • Give a name to this account: a label of your choice (e.g. ilert account).

    • Integration Key: the integration key from your ilert alert source.

    • Integration Url: https://api.ilert.com/api/v1/events/sekoia.

    Click Add account.

In Sekoia.io: Use the Trigger Alert action in a playbook

  1. Open or create a playbook in Sekoia.io.

  2. Add the Trigger Alert action from the ilert integration.

  3. In the Account tab, select the ilert account you just connected.

  4. Configure the action input and save the playbook.

Whenever the playbook runs the Trigger Alert action, a new alert is created on the corresponding Sekoia.io alert source in ilert.

FAQ

Will alerts in ilert be resolved automatically?

Yes. If a Sekoia.io event is sent with the status key set to resolved or closed, the corresponding ilert alert is resolved automatically.

Will alerts in ilert be acknowledged automatically?

Yes. If a Sekoia.io event is sent with the status key set to acknowledged, the corresponding ilert alert is acknowledged automatically.

Can I connect multiple ilert alert sources to Sekoia.io?

Yes. Add an additional connected account in the Sekoia.io ilert integration for each alert source, using that source's integration key.

PreviousSearch Guard IntegrationNextSematext Integration

Last updated

Was this helpful?