Skip to content

Commit

Permalink
Merge pull request #1719 from SEKOIA-IO/update-intake-documentation
Browse files Browse the repository at this point in the history 
Refresh intakes documentation
  • Loading branch information
@squioc
squioc authored Apr 9, 2024
2 parents 8de5e94 + c3d27f4 commit 4a29b39
Show file tree
Hide file tree
Showing 111 changed files with 3,077 additions and 2,075 deletions.
9 changes: 1 addition & 8 deletions ...perations_center/integrations/generated/00bbde4f-cb17-4c3f-9f5e-a585fc7c8fc0.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ In details, the following table denotes the type of events produced by this inte

| Name | Values |
| ---- | ------ |
| Kind | `event` |
| Kind | `` |
| Category | `process` |
| Type | `change` |

Expand All @@ -38,7 +38,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"category": [
"process"
],
"kind": "event",
"reason": "StopContainer for \\\"4c2b21624d4488ea8305bec91bb58135e840ab50b779da3db19ddf87864a760e\\\" with timeout 30 (s)",
"type": [
"change"
Expand Down Expand Up @@ -117,7 +116,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"category": [
"process"
],
"kind": "event",
"reason": "Pulling image \"gke.gcr.io/prometheus-to-sd:v0.11.3-gke.0\"",
"type": [
"change"
Expand Down Expand Up @@ -213,7 +211,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"category": [
"process"
],
"kind": "event",
"reason": "Failed to update endpoint kube-system/kube-dns: Operation cannot be fulfilled on endpoints \"kube-dns\": the object has been modified; please apply your changes to the latest version and try again",
"type": [
"change"
Expand Down Expand Up @@ -306,7 +303,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"category": [
"process"
],
"kind": "event",
"reason": "Created container prometheus-to-sd",
"type": [
"change"
Expand Down Expand Up @@ -402,7 +398,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"category": [
"process"
],
"kind": "event",
"reason": "{\"unmanaged\": {\"net.netfilter.nf_conntrack_buckets\": \"32768\"}}",
"type": [
"change"
Expand Down Expand Up @@ -493,7 +488,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"category": [
"process"
],
"kind": "event",
"reason": "Event exporter started watching. Some events may have been lost up to this point.",
"type": [
"change"
Expand Down Expand Up @@ -540,7 +534,6 @@ The following table lists the fields that are extracted, normalized under the EC
|`cloud.project.id` | `keyword` | The cloud project id. |
|`event.action` | `keyword` | The action captured by the event. |
|`event.category` | `keyword` | Event category. The second categorization field in the hierarchy. |
|`event.kind` | `keyword` | The kind of the event. The highest categorization field in the hierarchy. |
|`event.reason` | `keyword` | Reason why this event happened, according to the source |
|`event.type` | `keyword` | Event type. The third categorization field in the hierarchy. |
|`google_kubernetes_engine.insertId` | `keyword` | |
Expand Down
11 changes: 1 addition & 10 deletions ...perations_center/integrations/generated/02a74ceb-a9b0-467c-97d1-588319e39d71.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ In details, the following table denotes the type of events produced by this inte

| Name | Values |
| ---- | ------ |
| Kind | `alert`, `event` |
| Kind | `alert` |
| Category | `network` |
| Type | `connection` |

Expand All @@ -41,7 +41,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "Message",
"dataset": "audit_aaatm",
"kind": "event",
"reason": "\"AAA JSON-PARSE: ns_aaa_json_parser_StartElementHandler: NAME_VAL state, multi valued attribute start 'ConnectionId' seen\"",
"type": [
"connection"
Expand Down Expand Up @@ -131,7 +130,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "CONN_TERMINATE",
"dataset": "audit_connection",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -179,7 +177,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "CONN_TERMINATE",
"dataset": "audit_connection",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -227,7 +224,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "CONN_DELINK",
"dataset": "audit_connection",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -346,7 +342,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "TRAP_SENT",
"dataset": "audit_snmp",
"kind": "event",
"reason": "appfwPolicyHit (appfwLogMsg = \"\"CEF:0|Citrix|NetScaler|NS13.1|APPFW|APPFW_POLI...\"\", nsPartitionName = default)\"",
"type": [
"connection"
Expand All @@ -373,7 +368,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "SSL_HANDSHAKE_SUCCESS",
"dataset": "audit_ssl",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -421,7 +415,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "Message",
"dataset": "audit_sslvpn",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -475,7 +468,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "NONHTTP_RESOURCEACCESS_DENIED",
"dataset": "audit_sslvpn",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -536,7 +528,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "Message",
"dataset": "audit_sslvpn",
"kind": "event",
"type": [
"connection"
]
Expand Down
14 changes: 1 addition & 13 deletions ...perations_center/integrations/generated/033cd098-b21b-4c9b-85c4-c8174c307e48.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ In details, the following table denotes the type of events produced by this inte

| Name | Values |
| ---- | ------ |
| Kind | `event` |
| Kind | `` |
| Category | `intrusion_detection`, `malware`, `network`, `process`, `web` |
| Type | `denied`, `info` |

Expand All @@ -42,7 +42,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"malware"
],
"dataset": "AMSI",
"kind": "event",
"type": [
"info"
]
Expand Down Expand Up @@ -113,7 +112,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"process"
],
"dataset": "applicationControl",
"kind": "event",
"type": [
"info"
]
Expand Down Expand Up @@ -226,7 +224,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"web"
],
"dataset": "browsingProtection",
"kind": "event",
"reason": "WF_Denied",
"type": [
"denied"
Expand Down Expand Up @@ -282,7 +279,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"web"
],
"dataset": "reputationBasedBrowsing",
"kind": "event",
"reason": "BP_Harmful",
"type": [
"denied"
Expand Down Expand Up @@ -341,7 +337,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"malware"
],
"dataset": "deepGuard",
"kind": "event",
"reason": "DeepGuard blocks a rare application",
"type": [
"info"
Expand Down Expand Up @@ -409,7 +404,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"intrusion_detection"
],
"dataset": "edr",
"kind": "event",
"type": [
"info"
]
Expand Down Expand Up @@ -467,7 +461,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"intrusion_detection"
],
"dataset": "edr",
"kind": "event",
"type": [
"info"
]
Expand Down Expand Up @@ -513,7 +506,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"network"
],
"dataset": "firewall",
"kind": "event",
"type": [
"denied"
]
Expand Down Expand Up @@ -587,7 +579,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"web"
],
"dataset": "reputationBasedBrowsing",
"kind": "event",
"reason": "BP_Harmful",
"type": [
"denied"
Expand Down Expand Up @@ -651,7 +642,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"malware"
],
"dataset": "manualScanning",
"kind": "event",
"type": [
"info"
]
Expand Down Expand Up @@ -724,7 +714,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"code": "4625",
"dataset": "systemEventsLog",
"kind": "event",
"provider": "Microsoft-Windows-Security-Auditing",
"reason": "An account failed to log on.",
"type": [
Expand Down Expand Up @@ -807,7 +796,6 @@ The following table lists the fields that are extracted, normalized under the EC
|`event.category` | `keyword` | Event category. The second categorization field in the hierarchy. |
|`event.code` | `keyword` | Identification code for this event. |
|`event.dataset` | `keyword` | Name of the dataset. |
|`event.kind` | `keyword` | The kind of the event. The highest categorization field in the hierarchy. |
|`event.provider` | `keyword` | Source of the event. |
|`event.reason` | `keyword` | Reason why this event happened, according to the source |
|`event.type` | `keyword` | Event type. The third categorization field in the hierarchy. |
Expand Down
18 changes: 1 addition & 17 deletions ...perations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ In details, the following table denotes the type of events produced by this inte

| Name | Values |
| ---- | ------ |
| Kind | `event` |
| Kind | `` |
| Category | `authentication`, `configuration`, `file`, `iam`, `session` |
| Type | `access`, `admin`, `connection` |

Expand All @@ -40,7 +40,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"configuration"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"info"
]
Expand Down Expand Up @@ -104,7 +103,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"configuration"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"access",
"change"
Expand Down Expand Up @@ -161,7 +159,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"configuration"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"change"
]
Expand Down Expand Up @@ -220,7 +217,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"configuration"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"change",
"creation"
Expand Down Expand Up @@ -282,7 +278,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"session"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -339,7 +334,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"session"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -393,7 +387,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"file"
],
"dataset": "audit#activity",
"kind": "event",
"type": [
"access",
"change"
Expand Down Expand Up @@ -460,7 +453,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"file"
],
"dataset": "audit#activity",
"kind": "event",
"type": [
"access",
"change"
Expand Down Expand Up @@ -523,7 +515,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"file"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"access"
]
Expand Down Expand Up @@ -589,7 +580,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"iam"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"admin"
]
Expand Down Expand Up @@ -641,7 +631,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"session"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -700,7 +689,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"session"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"connection"
]
Expand Down Expand Up @@ -755,7 +743,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"file"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"access",
"change"
Expand Down Expand Up @@ -824,7 +811,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"authentication"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"access",
"connection"
Expand Down Expand Up @@ -890,7 +876,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"authentication"
],
"dataset": "admin#reports#activity",
"kind": "event",
"type": [
"access",
"connection"
Expand Down Expand Up @@ -962,7 +947,6 @@ The following table lists the fields that are extracted, normalized under the EC
|`event.action` | `keyword` | The action captured by the event. |
|`event.category` | `keyword` | Event category. The second categorization field in the hierarchy. |
|`event.dataset` | `keyword` | Name of the dataset. |
|`event.kind` | `keyword` | The kind of the event. The highest categorization field in the hierarchy. |
|`event.type` | `keyword` | Event type. The third categorization field in the hierarchy. |
|`file.gid` | `keyword` | Primary group ID (GID) of the file. |
|`file.name` | `keyword` | Name of the file including the extension, without the directory. |
Expand Down
Loading

0 comments on commit 4a29b39

Please sign in to comment.