Refresh intakes documentation

_shared_content/operations_center/integrations/generated/23813540-b658-48dd-b030-e9b92168bbf4.md

@@ -28,10 +28,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
 
     {
         "message": "{\"time\":\"2024-05-13T13:02:17.862473900Z\",\"message\":\"File opened\",\"level\":\"INFO\",\"env_id\":\"df643ab3-64ab-4347-b50f-0e07d28c46fb\",\"parad_version\":\"0.7.0\",\"os\":\"Windows 10 Pro\",\"machine_name\":\"DESKTOP-88BEQS0\",\"executable\":\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"pid\":1632,\"hash\":\"53eb83666795ebe099558a0572423cbbc5a72d3ea863cb22617ca35560751a03\",\"ppid\":0,\"signed\":true,\"executable_basename\":\"svchost.exe\",\"executable_category\":\"System\",\"created_length\":0,\"fullpath\":\"C:\\\\Users\\\\PC\\\\AppData\\\\Local\\\\Temp\",\"basename\":\"Temp\",\"fullpath_category\":\"AppData\"}",
-        "@timestamp": "2024-05-13T13:02:17.862473Z",
         "event": {
             "action": "File opened"
         },
+        "@timestamp": "2024-05-13T13:02:17.862473Z",
         "agent": {
             "id": "df643ab3-64ab-4347-b50f-0e07d28c46fb",
             "version": "0.7.0"
@@ -43,18 +43,17 @@ Find below few samples of events and how they are normalized by Sekoia.io.
                 }
             }
         },
+        "file": {
+            "name": "Temp",
+            "path": "C:\\Users\\PC\\AppData\\Local\\Temp"
+        },
         "host": {
             "hostname": "DESKTOP-88BEQS0",
             "name": "DESKTOP-88BEQS0",
             "os": {
                 "type": "Windows 10 Pro"
             }
         },
-        "related": {
-            "hosts": [
-                "DESKTOP-88BEQS0"
-            ]
-        },
         "observer": {
             "product": "Parad",
             "type": "dlp-solution",
@@ -64,16 +63,17 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             "code_signature": {
                 "exists": true
             },
-            "pid": 1632,
-            "name": "svchost.exe",
             "executable": "C:\\Windows\\System32\\svchost.exe",
+            "name": "svchost.exe",
             "parent": {
                 "pid": 0
-            }
+            },
+            "pid": 1632
         },
-        "file": {
-            "name": "Temp",
-            "path": "C:\\Users\\PC\\AppData\\Local\\Temp"
+        "related": {
+            "hosts": [
+                "DESKTOP-88BEQS0"
+            ]
         }
     }
     	
@@ -86,10 +86,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
 
     {
         "message": "{\"time\":\"2024-03-07T15:56:49Z\",\"message\":\"A process had a malicious behaviour and was killed.\",\"level\":\"INFO\",\"env_id\":\"7ba0a633-f8a3-410b-ba6f-5974705ced3a\",\"parad_version\":\"0.6.1\",\"os\":\"Windows 10 Pro\",\"machine_name\":\"bloquant\",\"executable\":\"C:\\\\Users\\\\Testeur\\\\Desktop\\\\c690148b6baec765c65fe91ea9f282d6a411ae90c08d74d600515b3e075e21b2.exe\",\"pid\":6148,\"hash\":\"e6f84e5080f3cdbf69f92f703d59f8b6e0f5e64f8a87f5b4a108cf913219b37c\",\"ppid\":0,\"signed\":false,\"executable_basename\":\"c690148b6baec765c65fe91ea9f282d6a411ae90c08d74d600515b3e075e21b2.exe\",\"executable_category\":\"User\",\"offset\":262144,\"written_length\":131072,\"fullpath\":\"C:\\\\Users\\\\Testeur\\\\Desktop\\\\mom_files\\\\armorials\\\\1T9dlo1.ddbPFTiN9\",\"basename\":\"1T9dlo1.ddbPFTiN9\",\"fullpath_category\":\"User\"}",
-        "@timestamp": "2024-03-07T15:56:49Z",
         "event": {
             "action": "A process had a malicious behaviour and was killed."
         },
+        "@timestamp": "2024-03-07T15:56:49Z",
         "agent": {
             "id": "7ba0a633-f8a3-410b-ba6f-5974705ced3a",
             "version": "0.6.1"
@@ -101,18 +101,17 @@ Find below few samples of events and how they are normalized by Sekoia.io.
                 }
             }
         },
+        "file": {
+            "name": "1T9dlo1.ddbPFTiN9",
+            "path": "C:\\Users\\Testeur\\Desktop\\mom_files\\armorials\\1T9dlo1.ddbPFTiN9"
+        },
         "host": {
             "hostname": "bloquant",
             "name": "bloquant",
             "os": {
                 "type": "Windows 10 Pro"
             }
         },
-        "related": {
-            "hosts": [
-                "bloquant"
-            ]
-        },
         "observer": {
             "product": "Parad",
             "type": "dlp-solution",
@@ -122,16 +121,17 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             "code_signature": {
                 "exists": false
             },
-            "pid": 6148,
-            "name": "c690148b6baec765c65fe91ea9f282d6a411ae90c08d74d600515b3e075e21b2.exe",
             "executable": "C:\\Users\\Testeur\\Desktop\\c690148b6baec765c65fe91ea9f282d6a411ae90c08d74d600515b3e075e21b2.exe",
+            "name": "c690148b6baec765c65fe91ea9f282d6a411ae90c08d74d600515b3e075e21b2.exe",
             "parent": {
                 "pid": 0
-            }
+            },
+            "pid": 6148
         },
-        "file": {
-            "name": "1T9dlo1.ddbPFTiN9",
-            "path": "C:\\Users\\Testeur\\Desktop\\mom_files\\armorials\\1T9dlo1.ddbPFTiN9"
+        "related": {
+            "hosts": [
+                "bloquant"
+            ]
         }
     }
     	

_shared_content/operations_center/integrations/generated/3c7057d3-4689-4fae-8033-6f1f887a70f2.md

@@ -1847,6 +1847,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "related": {
             "hosts": [
                 "sfreort"
+            ],
+            "ip": [
+                "1.2.3.4"
             ]
         },
         "sekoiaio": {
@@ -1871,6 +1874,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "server": {
             "domain": "EXAMPLE"
         },
+        "source": {
+            "address": "1.2.3.4",
+            "ip": "1.2.3.4"
+        },
         "user": {
             "id": "S-1-0-0",
             "roles": "Group1,Group2",
@@ -2002,6 +2009,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "related": {
             "hosts": [
                 "REDACTED"
+            ],
+            "ip": [
+                "166.88.151.58"
             ]
         },
         "sekoiaio": {
@@ -2026,6 +2036,10 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "server": {
             "domain": "WORKGROUP"
         },
+        "source": {
+            "address": "166.88.151.58",
+            "ip": "166.88.151.58"
+        },
         "user": {
             "id": "S-1-0-0",
             "target": {
@@ -2179,10 +2193,17 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             "hosts": [
                 "REDACTED"
             ],
+            "ip": [
+                "10.84.128.186"
+            ],
             "user": [
                 "ANONYMOUS LOGON"
             ]
         },
+        "source": {
+            "address": "10.84.128.186",
+            "ip": "10.84.128.186"
+        },
         "user": {
             "domain": "AUTORITE NT",
             "name": "ANONYMOUS LOGON"

_shared_content/operations_center/integrations/generated/40deb162-6bb1-4635-9c99-5c2de7e1d340.md

@@ -339,6 +339,132 @@ Find below few samples of events and how they are normalized by Sekoia.io.
 	```
 
 
+=== "dns_macos.json"
+
+    ```json
+
+    {
+        "message": "{\n  \"src.process.image.path\": \"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/123.0.6312.123/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper\",\n  \"src.process.subsystem\": \"SUBSYSTEM_UNKNOWN\",\n  \"src.process.parent.isStorylineRoot\": true,\n  \"event.category\": \"dns\",\n  \"src.process.parent.integrityLevel\": \"INTEGRITY_LEVEL_UNKNOWN\",\n  \"src.process.parent.image.sha1\": \"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc\",\n  \"src.process.parent.storyline.id\": \"0A62D926-DFE7-4968-AA28-F0024BAC804D\",\n  \"src.process.isRedirectCmdProcessor\": false,\n  \"src.process.parent.publisher\": \"<Type=DevID/ID=com.google.Chrome/Subject=OU:DESKTOP001>\",\n  \"src.process.parent.startTime\": 1713167784335,\n  \"endpoint.type\": \"laptop\",\n  \"endpoint.os\": \"osx\",\n  \"src.process.integrityLevel\": \"INTEGRITY_LEVEL_UNKNOWN\",\n  \"src.process.parent.displayName\": \"Google Chrome\",\n  \"src.process.name\": \"Google Chrome Helper\",\n  \"src.process.startTime\": 1713167795818,\n  \"agent.uuid\": \"75084C59-0F8A-479D-A9C4-2232C37D9D51\",\n  \"event.dns.response\": \"type:  5 edge-web-gew4.dual-gslb.spotify.com;2600:1901:1:4be::;\",\n  \"src.process.image.sha256\": \"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b\",\n  \"src.process.user\": \"jdoe\",\n  \"timestamp\": \"2024-06-26T08:44:30.000Z\",\n  \"src.process.displayName\": \"Google Chrome Helper\",\n  \"endpoint.name\": \"MXY2XC6J7VJ\",\n  \"src.process.image.sha1\": \"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc\",\n  \"event.dns.request\": \"type:  28 gew4-spclient.spotify.com\",\n  \"src.process.isStorylineRoot\": false,\n  \"src.process.parent.image.path\": \"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome\",\n  \"src.process.isNative64Bit\": false,\n  \"src.process.parent.sessionId\": 0,\n  \"src.process.uid\": \"CF37475F-BCA9-4F89-8A31-7B6C88CC6F1E\",\n  \"src.process.parent.image.md5\": \"68b329da9893e34099c7d8ad5cb9c940\",\n  \"src.process.parent.user\": \"psinha\",\n  \"src.process.pid\": 1063,\n  \"src.process.parent.name\": \"Google Chrome\",\n  \"src.process.cmdline\": \"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/123.0.6312.123/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,10310964397040083203,6939088771020272477,262144 --variations-seed-version=20240412-130119.249000 --seatbelt-client=25\",\n  \"src.process.publisher\": \"<Type=DevID/ID=com.google.Chrome.helper/Subject=OU:DESKTOP001>\",\n  \"src.process.parent.isNative64Bit\": false,\n  \"src.process.parent.isRedirectCmdProcessor\": false,\n  \"src.process.image.md5\": \"68b329da9893e34099c7d8ad5cb9c940\",\n  \"src.process.storyline.id\": \"0A62D926-DFE7-4968-AA28-F0024BAC804D\",\n  \"event.type\": \"DNS Resolved\",\n  \"agent.version\": \"24.1.2.7444\",\n  \"src.process.signedStatus\": \"signed\",\n  \"src.process.parent.image.sha256\": \"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b\",\n  \"src.process.parent.cmdline\": \"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome\",\n  \"src.process.sessionId\": 0,\n  \"src.process.parent.pid\": 790\n}\n",
+        "event": {
+            "action": "DNS Resolved",
+            "category": [
+                "network"
+            ],
+            "dataset": "cloud-funnel-2.0",
+            "type": [
+                "info"
+            ]
+        },
+        "@timestamp": "2024-06-26T08:44:30Z",
+        "agent": {
+            "version": "24.1.2.7444"
+        },
+        "deepvisibility": {
+            "agent": {
+                "uuid": "75084C59-0F8A-479D-A9C4-2232C37D9D51"
+            },
+            "event": {
+                "category": "dns",
+                "type": "DNS Resolved"
+            },
+            "process": {
+                "parent": {
+                    "storyline_id": "0A62D926-DFE7-4968-AA28-F0024BAC804D"
+                },
+                "storyline_id": "0A62D926-DFE7-4968-AA28-F0024BAC804D"
+            }
+        },
+        "dns": {
+            "answers": [
+                {
+                    "name": "edge-web-gew4.dual-gslb.spotify.com",
+                    "type": "CNAME"
+                },
+                {
+                    "name": "2600:1901:1:4be::",
+                    "type": "AAAA"
+                }
+            ],
+            "question": {
+                "name": "gew4-spclient.spotify.com",
+                "registered_domain": "spotify.com",
+                "subdomain": "gew4-spclient",
+                "top_level_domain": "com"
+            },
+            "type": "answer"
+        },
+        "host": {
+            "name": "MXY2XC6J7VJ",
+            "os": {
+                "family": "osx"
+            },
+            "type": "laptop"
+        },
+        "observer": {
+            "vendor": "SentinelOne"
+        },
+        "process": {
+            "code_signature": {
+                "exists": true,
+                "subject_name": "<Type=DevID/ID=com.google.Chrome.helper/Subject=OU:DESKTOP001>"
+            },
+            "command_line": "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/123.0.6312.123/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,10310964397040083203,6939088771020272477,262144 --variations-seed-version=20240412-130119.249000 --seatbelt-client=25",
+            "executable": "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/123.0.6312.123/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper",
+            "hash": {
+                "md5": "68b329da9893e34099c7d8ad5cb9c940",
+                "sha1": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
+                "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
+            },
+            "name": "Google Chrome Helper",
+            "parent": {
+                "code_signature": {
+                    "exists": false
+                },
+                "command_line": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
+                "executable": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
+                "hash": {
+                    "md5": "68b329da9893e34099c7d8ad5cb9c940",
+                    "sha1": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
+                    "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
+                },
+                "name": "Google Chrome",
+                "pid": 790,
+                "start": "2024-04-15T07:56:24.335000Z",
+                "title": "Google Chrome",
+                "user": {
+                    "name": "psinha"
+                },
+                "working_directory": "/Applications/Google Chrome.app/Contents/MacOS"
+            },
+            "pid": 1063,
+            "start": "2024-04-15T07:56:35.818000Z",
+            "title": "Google Chrome Helper",
+            "user": {
+                "name": "jdoe"
+            },
+            "working_directory": "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/123.0.6312.123/Helpers/Google Chrome Helper.app/Contents/MacOS"
+        },
+        "related": {
+            "hash": [
+                "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
+                "68b329da9893e34099c7d8ad5cb9c940",
+                "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc"
+            ],
+            "hosts": [
+                "gew4-spclient.spotify.com"
+            ],
+            "user": [
+                "jdoe"
+            ]
+        },
+        "user": {
+            "name": "jdoe"
+        }
+    }
+    	
+	```
+
+
 === "driver_driverload.json"
 
     ```json