INTEGRATION

Sekoia

Unify Nozomi and SEKOIA to correlate OT/IT threats, accelerate detection, and simplify response.

About
Sekoia

The integration between SEKOIA and Nozomi Central Management Console centralizes alerts, events, and logs from industrial and IT environments within the SEKOIA AI-SOC platform. By combining Nozomi’s OT network visibility with SEKOIA’s advanced detection capabilities, security teams gain a unified view of threats across their infrastructure. Nozomi data is automatically enriched, correlated with other security telemetry, and analyzed using SEKOIA detection rules and Cyber Threat Intelligence. This enables faster identification, prioritization, and remediation of cyber threats, improving operational efficiency and strengthening the overall security posture of converged IT/OT environments.

Features

  • Unified IT/OT Threat Visibility

    Centralize alerts, logs, and security events from industrial and enterprise environments within a single platform. This provides security teams with comprehensive visibility across converged IT and OT infrastructures, reducing operational silos and improving situational awareness.

  • Automated Correlation and Enrichment

    ozomi telemetry is automatically correlated with data from other security sources and enriched with contextual information. This helps analysts quickly understand the scope and impact of incidents, reducing investigation time and improving detection accuracy.

  • AI-Driven Detection and Faster Response

    SEKOIA’s detection rules and Cyber Threat Intelligence continuously analyze Nozomi data to identify suspicious activity and emerging threats. Automated analysis and prioritization enable faster threat detection, streamlined investigations, and more efficient incident response.

Importer Data Types

Vantage imports the following from
Sekoia Defend
:

Joint Use Cases

Integration Prerequesites

Permissions:

  • Administrator access to Nozomi Central Management Console
  • Administrator access to Sekoia Defend
  • Root access to the Linux server with the syslog forwarder

Resource:

  • Self-managed syslog forwarder

Network:

  • On Premise: Outbound traffic allowed

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.