Merge pull request #1417 from SEKOIA-IO/update-intake-documentation

Refresh intakes documentation
SEKOIA-IO · Nov 6, 2023 · 2c96c2a · 2c96c2a
2 parents 8a78f7d + 75e66b8
commit 2c96c2a
Show file tree

Hide file tree

Showing 4 changed files with 412 additions and 201 deletions.
diff --git a/...perations_center/integrations/generated/6b8cb346-6605-4240-ac15-3828627ba899.md b/...perations_center/integrations/generated/6b8cb346-6605-4240-ac15-3828627ba899.md
@@ -36,7 +36,16 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "message": "pam_unix(cron:session): session closed for user root",
         "event": {
             "kind": "event",
-            "provider": "cron"
+            "provider": "cron",
+            "reason": "session closed"
+        },
+        "related": {
+            "user": [
+                "root"
+            ]
+        },
+        "user": {
+            "name": "root"
         },
         "wallix": {}
     }
@@ -52,7 +61,16 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "message": "pam_unix(sudo:session): session closed for user wabuser",
         "event": {
             "kind": "event",
-            "provider": "sudo"
+            "provider": "sudo",
+            "reason": "session closed"
+        },
+        "related": {
+            "user": [
+                "wabuser"
+            ]
+        },
+        "user": {
+            "name": "wabuser"
         },
         "wallix": {}
     }
@@ -323,15 +341,16 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             "provider": "sudo"
         },
         "process": {
-            "command_line": "/opt/wab/bin/WABCleanApprovals close"
+            "command_line": "/opt/wab/bin/WABCleanApprovals close",
+            "working_directory": "/root"
         },
         "related": {
             "user": [
-                "wabuser ;"
+                "wabuser"
             ]
         },
         "user": {
-            "name": "wabuser ;"
+            "name": "wabuser"
         },
         "wallix": {}
     }
@@ -3908,6 +3927,7 @@ The following table lists the fields that are extracted, normalized under the EC
 |`event.type` | `keyword` | Event type. The third categorization field in the hierarchy. |
 |`host.ip` | `ip` | Host ip addresses. |
 |`process.command_line` | `wildcard` | Full command line that started the process. |
+|`process.working_directory` | `keyword` | The working directory of the process. |
 |`service.name` | `keyword` | Name of the service. |
 |`source.ip` | `ip` | IP address of the source. |
 |`source.port` | `long` | Port of the source. |