Skip to content

Commit

Permalink
Refresh intakes documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@sekoia-io-cross-repo-comm-app
sekoia-io-cross-repo-comm-app[bot] authored Sep 19, 2023
1 parent 894d0af commit 268d6c9
Show file tree
Hide file tree
Showing 7 changed files with 6,441 additions and 680 deletions.
58 changes: 50 additions & 8 deletions ...perations_center/integrations/generated/466aeca2-e112-4ccc-a109-c6d85b91bbcf.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "IP options: \"Router Alert\""
},
"observer": {
"vendor": "Cisco",
Expand Down Expand Up @@ -385,7 +386,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "no connection"
},
"observer": {
"vendor": "Cisco",
Expand Down Expand Up @@ -430,7 +432,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "ACME_group"
},
"observer": {
"vendor": "Cisco",
Expand Down Expand Up @@ -475,7 +478,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "ACME_INFRA"
},
"observer": {
"vendor": "Cisco",
Expand Down Expand Up @@ -1024,7 +1028,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "icmp"
},
"observer": {
"vendor": "Cisco",
Expand Down Expand Up @@ -1181,6 +1186,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1223,6 +1231,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1265,6 +1276,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1307,6 +1321,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1349,6 +1366,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1391,6 +1411,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1433,6 +1456,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1475,6 +1501,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1517,6 +1546,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1559,6 +1591,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1601,6 +1636,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
],
"reason": "Transport closing",
"type": [
"connection"
]
},
"observer": {
Expand Down Expand Up @@ -1751,7 +1790,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "terminated"
},
"observer": {
"vendor": "Cisco",
Expand Down Expand Up @@ -2154,7 +2194,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "DPD failure"
},
"observer": {
"vendor": "Cisco"
Expand Down Expand Up @@ -2193,7 +2234,8 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"kind": "event",
"category": [
"network"
]
],
"reason": "Idle Timeout"
},
"observer": {
"vendor": "Cisco"
Expand Down
60 changes: 37 additions & 23 deletions ...perations_center/integrations/generated/469bd3ae-61c9-4c39-9703-7452882e70da.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"address": "61.177.173.13"
},
"cato": {
"threat_type": "Reputation",
"risk_level": "Medium",
"event_type": "Security",
"event_sub_type": "IPS"
"sase": {
"threat_type": "Reputation",
"risk_level": "Medium",
"event_type": "Security",
"event_sub_type": "IPS"
}
},
"host": {
"os": {
Expand Down Expand Up @@ -119,8 +121,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"address": "185.69.144.176"
},
"cato": {
"event_type": "Connectivity",
"event_sub_type": "Cato Management Application"
"sase": {
"event_type": "Connectivity",
"event_sub_type": "Cato Management Application"
}
},
"related": {
"ip": [
Expand Down Expand Up @@ -168,8 +172,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"address": "10.41.6.171"
},
"cato": {
"event_type": "Connectivity",
"event_sub_type": "Connected"
"sase": {
"event_type": "Connectivity",
"event_sub_type": "Connected"
}
},
"host": {
"name": "Peter\u2019s MacBook Pro",
Expand Down Expand Up @@ -234,8 +240,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"address": "10.41.169.183"
},
"cato": {
"event_type": "Security",
"event_sub_type": "Internet Firewall"
"sase": {
"event_type": "Security",
"event_sub_type": "Internet Firewall"
}
},
"host": {
"os": {
Expand Down Expand Up @@ -292,10 +300,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"address": "61.177.173.13"
},
"cato": {
"threat_type": "Reputation",
"risk_level": "Medium",
"event_type": "Security",
"event_sub_type": "IPS"
"sase": {
"threat_type": "Reputation",
"risk_level": "Medium",
"event_type": "Security",
"event_sub_type": "IPS"
}
},
"host": {
"os": {
Expand Down Expand Up @@ -365,8 +375,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"address": "10.41.173.156"
},
"cato": {
"event_type": "Security",
"event_sub_type": "NG Anti Malware"
"sase": {
"event_type": "Security",
"event_sub_type": "NG Anti Malware"
}
},
"host": {
"os": {
Expand Down Expand Up @@ -424,8 +436,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"address": "61.177.173.13"
},
"cato": {
"event_type": "Security",
"event_sub_type": "RPF"
"sase": {
"event_type": "Security",
"event_sub_type": "RPF"
}
},
"host": {
"os": {
Expand Down Expand Up @@ -454,11 +468,11 @@ The following table lists the fields that are extracted, normalized under the EC
| ---- | ---- | ---------------------------|
|`@timestamp` | `date` | Date/time when the event originated. |
|`agent.version` | `keyword` | Version of the agent. |
|`cato.custom_category` | `keyword` | Cato SASE custom category |
|`cato.event_sub_type` | `keyword` | Cato SASE event sub type |
|`cato.event_type` | `keyword` | Cato SASE event type |
|`cato.risk_level` | `keyword` | Cato SASE risk level |
|`cato.threat_type` | `keyword` | Cato SASE threat type |
|`cato.sase.custom_category` | `keyword` | Cato SASE custom category |
|`cato.sase.event_sub_type` | `keyword` | Cato SASE event sub type |
|`cato.sase.event_type` | `keyword` | Cato SASE event type |
|`cato.sase.risk_level` | `keyword` | Cato SASE risk level |
|`cato.sase.threat_type` | `keyword` | Cato SASE threat type |
|`destination.geo.country_name` | `keyword` | Country name. |
|`destination.ip` | `ip` | IP address of the destination. |
|`destination.port` | `long` | Port of the destination. |
Expand Down
Loading

0 comments on commit 268d6c9

Please sign in to comment.