Quick Start Guide

This guide takes you from a blank workspace to your first triaged alert. Estimated time: under 10 minutes, assuming you have credentials for at least one supported alert source.

Prerequisites

Before you start, make sure you have:

• A Seliq account (request early access at seliq.com if you don’t have one yet)
• Admin credentials for at least one supported source (SIEM, EDR, or cloud platform)
• If you’re an MSSP: know which client workspace you’re setting up first

Step-by-step

1. Create your workspace

   After logging in for the first time, you’ll be prompted to create a workspace. Give it a name (your organisation name, or a client name if you’re an MSSP). Choose your timezone — this is used for all SLA calculations and timestamps.

2. Connect an alert source

   Navigate to Settings → Integrations and select your first source. The most common starting points:

   • Microsoft Sentinel — connect via an Azure AD service principal
   • Splunk — connect via a Splunk API token with search permissions
   • CrowdStrike — connect via an OAuth2 API client

   See Connecting Your First Integration for step-by-step instructions per source.

3. Verify the connection

   Once connected, Seliq will attempt to pull the last 100 alerts from your source. You’ll see a green status indicator in the integration panel and a count of alerts imported. If ingestion fails, check the SIEM Integrations troubleshooting section.

4. Review the AI triage queue

   Navigate to Incidents → Queue. You’ll see the imported alerts ranked by AI-assigned priority. Open any alert to see the AI summary, correlated events, and recommended actions.

5. Open and close your first incident

   Click any Critical or High-severity alert to open the incident view. Review the AI summary, add a note, and when you’re satisfied with the analysis, mark it as Closed or Escalated. Seliq records the full audit trail.

What’s next

With your first integration live and your first incident reviewed, the recommended next steps are:

• Add your team → Inviting Your Team
• Connect more sources → Integrations Overview
• Set up SLAs (MSSP users) → SLA Configuration

MSSP users

If you’re onboarding multiple clients, set up your first client workspace fully before creating others. The configuration options you choose for the first workspace become a useful template for the rest.