
Threat Intelligence
Sekoia Intelligence
Structured CTI for SOC and strategic teams with contextualized threat intelligence feeds.
Sekoia Intelligence Overview
What it does
Sekoia Intelligence provides structured, contextualized cyber threat intelligence from the Threat Detection & Research (TDR) team, established in 2020 with approximately 20 analysts from backgrounds including France's Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), French Interior and Defense ministries, F-Secure, Thales, and Kaspersky, specializing in detection engineering, threat hunting, reverse engineering, geopolitical analysis, Open-Source Intelligence (OSINT), and dark web monitoring. The platform's database is continuously updated through Structured Threat Information Expression (STIX) 2.1 modeling from hundreds of qualified intelligence sources, delivering actionable intelligence for both strategic decision-making and Security Operations Center (SOC) operations with reduced false positives and team fatigue.
How it works
The platform delivers predictive capabilities with 50 percent of intelligence available before attackers use associated tools, detecting 4 million threats in 2024 with 25 percent identified automatically through Artificial Intelligence (AI) including agent-based AI that learns organizational security postures. Sekoia Intelligence features customizable dashboards with sector, threat typology, and geographical filters, integrates via Application Programming Interface (API) with Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), and eXtended Detection and Response (XDR) platforms, and provides 900+ Sigma detection rules to identify Tactics, Techniques, and Procedures (TTPs) exploited by adversaries.
Credentials and traction
Sekoia Intelligence is ISO/IEC 27001:2022 certified and holds SOC 2 Type I and PCI DSS attestations, with GDPR, NIS2, and DORA compliance. Sekoia was named a Leader in the Frost & Sullivan Frost Radar: Extended Detection and Response in 2024. It is used by SOC teams at organizations including NATO, EDF, and URSSAF, and serves more than 2,000 organizations worldwide.
Key Capabilities
mapped to solution categoriesProvides an interactive portal with contextualized dashboards, configurable alerting, search and built-in analysis.
Provides comprehensive indicators of compromise such as IPs, URLs, domains and file hashes with maliciousness ratings and enrichments like geolocation and TTPs.
Delivers tailored vulnerability and exposure intelligence highlighting actively exploited vulnerabilities with associated IoCs, TTPs and threat actors.
Supports machine-to-machine integration via JSON, APIs and STIX or TAXII, with sharing across private and public communities such as ISACs.
Auto-generates detection rules and syntax for SIEM, firewalls, IPS or IDS and EDR.
Produces finished intelligence reports at technical, operational and strategic levels.
Enriches intelligence with external telemetry such as passive DNS, sinkhole traffic and global sensor networks.
Ingests and shares intelligence via STIX/TAXII and other machine-to-machine formats and APIs.
Aggregates indicators from multiple sources into comprehensive, deduplicated coverage.
Profiles threat actors with associated TTPs and attribution context.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 28, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.