# Sekoia.io Integration [Sekoia.io](https://www.sekoia.io/) is a SaaS SOC platform that combines SIEM, SOAR, and CTI capabilities to detect, investigate, and respond to threats. Connecting Sekoia.io to ilert lets you trigger ilert alerts from Sekoia playbooks so security findings reach the right on-call team and are tracked through to resolution. ## In ilert: Create a Sekoia.io alert source 1. Go to **Alert sources** -> **Alert sources** and click **Create new alert source**.

2. Search for **Sekoia.io** in the search field, click the Sekoia.io tile, and then **Next**.

3. Give your alert source a name, optionally assign teams, and click **Next**. 4. Select an **escalation policy** by creating a new one or assigning an existing one.

5. Select your [Alert grouping](/alerting/configure-alerting/alert-sources.md#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

6. The next page shows additional settings, such as custom alert templates or notification priority. Click **Finish setup** for now. 7. On the final page, copy the generated **integration key** and **Sekoia.io URL**. You will use both in the next steps.

## In Sekoia.io: Connect the ilert integration 1. In Sekoia.io, open **Integrations** from the sidebar.

2. Search for **ilert** and select the ilert integration from the results.

3. Click **Show accounts**, then **Connect an account**.

4. Fill in the **Add new account** form: * **Give a name to this account**: a label of your choice (e.g. `ilert account`). * **Integration Key**: the integration key from your ilert alert source. * **Integration Url**: `https://api.ilert.com/api/v1/events/sekoia`. Click **Add account**.

## In Sekoia.io: Use the Trigger Alert action in a playbook 1. Open or create a playbook in Sekoia.io. 2. Add the **Trigger Alert** action from the ilert integration. 3. In the **Account** tab, select the ilert account you just connected. 4. Configure the action input and save the playbook.

Whenever the playbook runs the **Trigger Alert** action, a new alert is created on the corresponding Sekoia.io alert source in ilert. ## FAQ #### **Will alerts in ilert be resolved automatically?** Yes. If a Sekoia.io event is sent with the `status` key set to `resolved` or `closed`, the corresponding ilert alert is resolved automatically. #### **Will alerts in ilert be acknowledged automatically?** Yes. If a Sekoia.io event is sent with the `status` key set to `acknowledged`, the corresponding ilert alert is acknowledged automatically. #### **Can I connect multiple ilert alert sources to Sekoia.io?** Yes. Add an additional connected account in the Sekoia.io ilert integration for each alert source, using that source's integration key. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ilert.com/integrations/inbound-integrations/sekoia.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.