Sekoia Integration Enterprise
Trapster has a native integration with Sekoia. Events are forwarded via webhook directly from the dashboard - no agent, middleware or custom pipeline needed.
SEKOIA's parser normalizes Trapster events into ECS format and matches them against built-in detection rules covering lateral movement, port scanning, honeytoken misuse, breadcrumb replay and more.
1. Create an intake in Sekoia
- In Sekoia, go to Intakes and click New Intake
- Search for and select the Trapster format
- Copy the generated intake key
For more details, see the Sekoia Trapster integration guide.
2. Configure the webhook in Trapster
- In the Trapster dashboard, go to Settings > Integrations > Webhooks
- Click Add webhook
- Set the type to SEKOIA
- Give it a name (e.g.
sekoia-prod) - Paste your intake key
- Click Save
3. Test the integration
Use the three-dot menu next to the webhook and click Send test event. A test incident will appear in your Sekoia intake within a few seconds.
What gets forwarded
All Trapster event types are forwarded:
| Event | Description |
|---|---|
| Honeypot alert | Any connection to an emulated service (HTTP, SSH, FTP, RDP, etc.) |
| Port scan | Scan query detected across multiple ports |
| Breadcrumb login | Attacker used a planted credential |
| Honeytoken | Honeytoken URL accessed or JavaScript clone detected |
Detection coverage
Sekoia maps Trapster events to its built-in detection rules. Triggered rules include lateral movement patterns, dynamic DNS abuse, known RAT indicators, exfiltration attempts and TOR exit node usage - based on the source IP reputation and behavior observed across events.
