Skip to content

Sekoia Integration Enterprise

Trapster has a native integration with Sekoia. Events are forwarded via webhook directly from the dashboard - no agent, middleware or custom pipeline needed.

SEKOIA's parser normalizes Trapster events into ECS format and matches them against built-in detection rules covering lateral movement, port scanning, honeytoken misuse, breadcrumb replay and more.

1. Create an intake in Sekoia

  1. In Sekoia, go to Intakes and click New Intake
  2. Search for and select the Trapster format
  3. Copy the generated intake key

For more details, see the Sekoia Trapster integration guide.

2. Configure the webhook in Trapster

  1. In the Trapster dashboard, go to Settings > Integrations > Webhooks
  2. Click Add webhook
  3. Set the type to SEKOIA
  4. Give it a name (e.g. sekoia-prod)
  5. Paste your intake key
  6. Click Save

3. Test the integration

Use the three-dot menu next to the webhook and click Send test event. A test incident will appear in your Sekoia intake within a few seconds.

What gets forwarded

All Trapster event types are forwarded:

EventDescription
Honeypot alertAny connection to an emulated service (HTTP, SSH, FTP, RDP, etc.)
Port scanScan query detected across multiple ports
Breadcrumb loginAttacker used a planted credential
HoneytokenHoneytoken URL accessed or JavaScript clone detected

Detection coverage

Sekoia maps Trapster events to its built-in detection rules. Triggered rules include lateral movement patterns, dynamic DNS abuse, known RAT indicators, exfiltration attempts and TOR exit node usage - based on the source IP reputation and behavior observed across events.