Enrich Your Graylog with SEKOIA.IO

Enrich Your Graylog with SEKOIA.IO

The Cyber Threat Intelligence (CTI) of SEKOIA.IO includes indicators that are crafted for the special needs of detecting and qualifying both generic and advanced cyber threats. This article shows a simple solution to use the CTI of SEKOIA.IO to enrich a log management...
TAXII 2.1 is out: Pagination improvements

TAXII 2.1 is out: Pagination improvements

With TAXII 2.1 release it’s time to check what this new version is bringing. TAXII, or Trusted Automated Exchange of Intelligence Information, is an intelligence exchange protocol over HTTPS. To get more information about STIX and TAXII don’t hesitate to check our...
Hunting and detecting Cobalt Strike

Hunting and detecting Cobalt Strike

In the last SEKOIA.IO Threat & Detection Lab we dealt with a Man-in-the-middle (MITM) phishing attack leveraging Evilginx2, an offensive tool allowing two-factor authentication bypass. Here, we are tackling a much bigger threat given the frequency it is abused by...
Introducing SEKOIA.IO: the Intelligence-Driven SaaS SIEM

Introducing SEKOIA.IO: the Intelligence-Driven SaaS SIEM

Organizations around the world are facing multiple and growing cybersecurity challenges: an increase in both number and sophistication of fast-evolving cyber threats; an expanding attack surface; a cybersecurity talent shortage; and a shift to Cloud technologies. When...
Augmented SOC — How to rethink your security center?

Augmented SOC — How to rethink your security center?

Facing the constant changing tactics of attackers and the endless growing number of log data, the SOC need to evolve to better anticipate the threats. In 2000, early SIEM systems, main component, of traditional Security Operational Centers were a real deliverance for...