Sekoia Cyber Threat Intelligence

Sekoia.io operates a SOC platform that combines threat intelligence, detection capabilities, and Extended Detection and Response (XDR) functionality. The company's Threat Detection & Research (TDR) team, established in 2020, produces threat intelligence including contextualized Indicators of Compromise (IOCs) and threat reports, while developing detection materials through Sigma, Sigma Correlation, and Anomaly rules.

The platform focuses on tracking and detecting both state-sponsored and cybercrime threats, providing analysis from strategic to technical levels. The TDR team includes threat intelligence analysts, researchers, and detection engineers who examine adversary tactics, techniques, and procedures (TTPs). Their work encompasses strategic geopolitical analysis, threat tracking, detection engineering, reverse engineering, and malware analysis.

Sekoia.io's detection engineers develop rules to identify common TTPs while minimizing false positives. The team employs methodologies including Kill Chain, ATT&CK framework, and STIX modelization for contextualization. They maintain GitHub repositories and share research through blogs and presentations at conferences like BotConf and Virus Bulletin.

The team members have backgrounds from organizations including F-Secure, Thales, Kaspersky, Intrinsec, BNP Paribas, ANSSI (French cybersecurity agency), and French government ministries. Their expertise spans threat intelligence, threat hunting, detection engineering, geopolitical analysis, OSINT, dark web research, DevOps, and red teaming.