Merge pull request #1994 from SEKOIA-IO/update_mimecast_with_details

Update mimecast with details

docs/integration/categories/email/mimecast_email_security.md

@@ -30,7 +30,7 @@ A secure email gateway to block spam, viruses, and malware.
     - The Mimecast administrator must be assigned a Role with the following criteria.
         - Read and Edit API Application Permissions under the Service Menu.
         - Security Permissions setting must permit the Management of Application Roles.
-    - The generated API key must be a Mimecast Administrator with at least the Security Events and Data Retrieval | Threat and Security Events (SIEM)| Read permission.
+    - The generated API key must be a Mimecast Administrator with at least the Security Events and Data Retrieval | Threat and Security Events (SIEM) and Threat and security statistics | Read permission.
 
 ### Transport Protocol/Method
 
@@ -52,21 +52,33 @@ A secure email gateway to block spam, viruses, and malware.
 #### Create API credentials
 
 1. Login to **Mimecast Administration Console**
-2. Navigate to **Services | API and Platform Integrations**
-3. Locate the following **Mimecast API 2.0** tile and click on **Generate Keys.**
-4. After reading the **Terms & Conditions**, complete the **I accept** check box to enable the **Next** button to progress onto the next step.
-5. Complete the **Application Details** section.
-6. Please provide details for a **Technical Point of Contact**.
-7. Review the Summary information for the API application and click on **Add** if you are happy to proceed with creating the application.
-8. The wizard completes and displays a pop-up window including your `Client ID` and `Client Secret` key data.
+2. Navigate to **Account** > **Roles** > **New Role**
+3. Name the role as you wish, for instance "Sekoia"
+4. Add the following roles under the section called **Security Events and Data Retrieval**:
+    - **Threat and security svents (SIEM)** with READ permission,
+    - **Threat and security statistics** with READ permission.
+5. Navigate to **Services | API and Platform Integrations**
+6. Locate the following **Mimecast API 2.0** tile and click on **Generate Keys.**
+7. After reading the **Terms & Conditions**, complete the **I accept** check box to enable the **Next** button to progress onto the next step.
+8. Complete the **Application Details** section by providing:
+    - Application Name: Select **SIEM Integration**,
+    - Description (Optional),
+    - Integration Partner (Optional),
+    - Products: Select all products,
+    - Role: Select the "Sekoia" role created above.
+9. Complete the **Notifications** section by providing:
+    - Technical Point of Contact: Write the name of the administrator to be contacted if you encounter any issue with the API,
+    - Email : Write the administrator's email.
+10. Validate the form and Click on **Add and Generate Keys**
+11. The wizard completes and displays a pop-up window including your `Client ID` and `Client Secret` key data.
 
 ### Instruction on Sekoia
-### Create your intake
+#### Create your intake
 
 1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Mimecast Email Security`.
 2. Copy the associated Intake key
 
-### Pull your logs on Sekoia.io
+#### Pull your logs on Sekoia.io
 
 Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:
 

docs/integration/categories/email/o365.md

@@ -6,7 +6,6 @@ type: intake
 - **Vendor**: Microsoft
 - **Plan**: Defend Core & Defend Prime
 - **Supported environment**: Cloud
-- **Version compatibility**:
 - **Detection based on**: Telemetry / Alert
 - **Supported application or feature**:
 

docs/integration/categories/endpoint/microsoft_365_defender.md

@@ -3,12 +3,12 @@ name: Microsoft 365 Defender
 type: intake
 
 ## Overview
-- **Vendor**:
+- **Vendor**: Microsoft
 - **Plan**: Defend Core & Defend Prime
 - **Supported environment**:
 - **Version compatibility**:
 - **Detection based on**: Alert, Telemetry
-- **Supported application or feature**:
+- **Supported application or feature**: see section below
 
 **This Intake was previously called Microsoft Defender for Endpoints.**
 
@@ -17,8 +17,6 @@ Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suit
 This setup guide describes how to forward events produced by `Microsoft 365 Defender` to Sekoia.io XDR.
 
 
-
-
 ## Microsoft 365 Defender event types supported
 Here is a list of all the Microsoft 365 Defender event types supported by this integration:
 

docs/integration/categories/iam/entra_id.md

@@ -3,7 +3,7 @@ name: Microsoft Entra ID (Azure AD)
 type: intake
 
 ## Overview
-- **Vendor**:
+- **Vendor**: Microsoft
 - **Plan**: Defend Core & Defend Prime
 - **Supported environment**: SaaS
 - **Detection based on**: Telemetry

docs/integration/categories/network_security/stormshield_network_security.md

@@ -11,25 +11,36 @@ In this documentation we will explain how to collect and send Stormshield Networ
 - **Vendor**: Stormshield
 - **Plan**: Defend Core & Defend Prime
 - **Supported environment**: On prem
-- **Version compatibility**:
+- **Version compatibility**: 4.8.2 and newer
 - **Detection based on**: Alert, Telemetry
 - **Supported application or feature**: Network device logs, Network protocol analysis, SSL/TLS inspection, Anti-virus
 
+## Step-by-Step Configuration Procedure
 
+### Instruction on Sekoia
+#### Create your intake
 
+Everything you need to do for this part of the configuration is described [here](/xdr/features/collect/intakes).
 
+1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Stormshield Network Security`.
+2. Copy the associated Intake key
 
-## Configure
+### Instructions on the 3rd Party Solution
 
 This section will guide you to forward Stormshield SNS logs to Sekoia.
 
-### Create the intake
+#### Import the intake certificate
 
-Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Stormshield Network Security.
+On a device, please download the [Sekoia.io intake certificate](https://app.sekoia.io/assets/files/SEKOIA-IO-intake.pem)
 
-### Import the intake certificate
+1. Log on the UTM administration console
+2. Click `Configuration` tab
+3. On the left panel, Click `Objects` > `Certificats and PKI`
+4. Click `+ Add`
+5. Select the intake certificate
+6. Click `Import`
 
-On a device, please download the [Sekoia.io intake certificate](https://app.sekoia.io/assets/files/SEKOIA-IO-intake.pem)
+#### Configure the log forwarding
 
 1. Log on the UTM administration console
 2. Click `Configuration` tab
@@ -44,16 +55,9 @@ On a device, please download the [Sekoia.io intake certificate](https://app.seko
 11. In the advanced configuration section, paste the intake key
 12. Click `APPLY`
 
-### Configure the log forwarding
-
-You have to go on your Sekoia.io instance to generate an "intake key".
-Everything you need to do for this part of the configuration is described [here](/xdr/features/collect/intakes).
-
-Finally, to push logs, you have to [configure](/integration/ingestion_methods/index) some filters and rewrite rules in Syslog that will add the proper “intake key” considering your logs.
 
 {!_shared_content/operations_center/integrations/generated/79029ef9-e5d3-44f3-b70f-fd3b54ba1fe4_sample.md!}
 
-
 {!_shared_content/integration/detection_section.md!}
 
 {!_shared_content/operations_center/detection/generated/suggested_rules_79029ef9-e5d3-44f3-b70f-fd3b54ba1fe4_do_not_edit_manually.md!}