diff --git a/_shared_content/integration/detection_section.md b/_shared_content/integration/detection_section.md index 1ec88c1c6c..51450919ee 100644 --- a/_shared_content/integration/detection_section.md +++ b/_shared_content/integration/detection_section.md @@ -1,3 +1,3 @@ ## Detection section -The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create [custom detection rules](/docs/xdr/features/detect/sigma.md), perform hunting activities, or pivot in the [events page](/docs/xdr/features/investigate/events.md). \ No newline at end of file +The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create [custom detection rules](/xdr/features/detect/rules_catalog/#create-custom-rules), perform hunting activities, or pivot in the [events page](/xdr/features/investigate/events). \ No newline at end of file diff --git a/docs/integration/categories/endpoint/eset_protect.md b/docs/integration/categories/endpoint/eset_protect.md index 77a9d5a783..fba1a206b8 100644 --- a/docs/integration/categories/endpoint/eset_protect.md +++ b/docs/integration/categories/endpoint/eset_protect.md @@ -65,13 +65,13 @@ To enable Syslog server in ESET Protect on On-Prem : 1. In admin console go to `More` > `Settings`. 2. Open `Advanced Settings` tab. -![Advanced Settings](/docs/assets/instructions/eset_protect/enable_syslog_1.png) +![Advanced Settings](/assets/instructions/eset_protect/enable_syslog_1.png) 3. Click on `Syslog server` > `Use Syslog server`. 4. Then click on `Logging` > `Export logs to Syslog` and choose `JSON` format. 5. Save configuration. -![Syslog configuration](/docs/assets/instructions/eset_protect/enable_syslog_2.png) +![Syslog configuration](/assets/instructions/eset_protect/enable_syslog_2.png) To enable Syslog server in ESET Protect on Cloud: 1. In admin console go to `More` > `Admin` > `Settings`. @@ -87,7 +87,7 @@ To enable Syslog server in ESET Protect on Cloud: 11. Click `Apply settings` -![Advanced Settings](/docs/assets/instructions/eset_protect/cloud_syslog.png) +![Advanced Settings](/assets/instructions/eset_protect/cloud_syslog.png) ### Instruction on Sekoia diff --git a/docs/integration/categories/endpoint/winlogbeat.md b/docs/integration/categories/endpoint/winlogbeat.md index 7d60ebf5a5..fd8059b529 100644 --- a/docs/integration/categories/endpoint/winlogbeat.md +++ b/docs/integration/categories/endpoint/winlogbeat.md @@ -162,7 +162,7 @@ Please consult our [guide](/integration/ingestion_methods/https/logstash.md) to {!_shared_content/operations_center/integrations/generated/021e9def-5a55-4369-941e-af269b45bef1.md!} -The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create [custom detection rules](/docs/xdr/features/detect/sigma.md), perform hunting activities, or pivot in the [events page](/docs/xdr/features/investigate/events.md). +{!_shared_content/integration/detection_section.md!} {!_shared_content/operations_center/detection/generated/suggested_rules_c10307ea-5dd1-45c6-85aa-2a6a900df99b_do_not_edit_manually.md!} diff --git a/docs/integration/categories/network/dhcpd.md b/docs/integration/categories/network/dhcpd.md index 18820f5226..cf9c5b991a 100644 --- a/docs/integration/categories/network/dhcpd.md +++ b/docs/integration/categories/network/dhcpd.md @@ -76,7 +76,7 @@ This setup guide will show you how to forward your ISC DHCP logs to Sekoia.io by {!_shared_content/operations_center/integrations/generated/9044ba46-2b5d-4ebd-878a-51d62e84c8df.md!} -The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create [custom detection rules](/docs/xdr/features/detect/sigma.md), perform hunting activities, or pivot in the [events page](/docs/xdr/features/investigate/events.md). +{!_shared_content/integration/detection_section.md!} {!_shared_content/operations_center/detection/generated/suggested_rules_9044ba46-2b5d-4ebd-878a-51d62e84c8df_do_not_edit_manually.md!} diff --git a/docs/integration/categories/network/forcepoint_web_gateway.md b/docs/integration/categories/network/forcepoint_web_gateway.md index c478c6a33e..08f7bac216 100644 --- a/docs/integration/categories/network/forcepoint_web_gateway.md +++ b/docs/integration/categories/network/forcepoint_web_gateway.md @@ -85,7 +85,7 @@ In this guide, you will configure the gateway to forward events to syslog. This {!_shared_content/operations_center/integrations/generated/f0f95532-9928-4cde-a399-ddd992d48472.md!} -The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create [custom detection rules](/docs/xdr/features/detect/sigma.md), perform hunting activities, or pivot in the [events page](/docs/xdr/features/investigate/events.md). +{!_shared_content/integration/detection_section.md!} {!_shared_content/operations_center/detection/generated/suggested_rules_f0f95532-9928-4cde-a399-ddd992d48472_do_not_edit_manually.md!} diff --git a/docs/integration/categories/network/pulse.md b/docs/integration/categories/network/pulse.md index 4765a2553a..25386bc9b2 100644 --- a/docs/integration/categories/network/pulse.md +++ b/docs/integration/categories/network/pulse.md @@ -79,7 +79,7 @@ This setup guide will show you how to forward your Pulse Connect Secure logs to {!_shared_content/operations_center/integrations/generated/7a12aa3b-ec73-4ebb-8fb3-f7c543fd84a5.md!} -The following section provides information for those who wish to learn more about the detection capabilities enabled by collecting this intake. It includes details about the built-in rule catalog, event categories, and ECS fields extracted from raw events. This is essential for users aiming to create [custom detection rules](/docs/xdr/features/detect/sigma.md), perform hunting activities, or pivot in the [events page](/docs/xdr/features/investigate/events.md). +{!_shared_content/integration/detection_section.md!} {!_shared_content/operations_center/detection/generated/suggested_rules_7a12aa3b-ec73-4ebb-8fb3-f7c543fd84a5_do_not_edit_manually.md!} diff --git a/docs/xdr/usecases/playbook/whoIs.md b/docs/xdr/usecases/playbook/whoIs.md index 949788078e..62149784e2 100644 --- a/docs/xdr/usecases/playbook/whoIs.md +++ b/docs/xdr/usecases/playbook/whoIs.md @@ -20,7 +20,7 @@ This use case describes how to use Whois module in order to enrich an IP address You can find the configuration below: -![Playbook WhoIS](/docs/assets/playbooks/library/UseCases/WhoIS.png) +![Playbook WhoIS](/assets/playbooks/library/UseCases/WhoIS.png) | Module | Configuration | | --- | --- | diff --git a/mkdocs.yml b/mkdocs.yml index a319a85b07..90ae3cf710 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -782,6 +782,7 @@ plugins: xdr/features/collect/integrations/endpoint/sekoiaio/sekoiaio.md: integration/categories/endpoint/sekoiaio.md xdr/features/collect/integrations/index.md: integration/categories/index.md xdr/features/collect/integrations/endpoint/sekoiaio.md: integration/categories/endpoint/sekoiaio.md + xdr/features/collect/ingestion_methods/index.md: integration/ingestion_methods/index.md getting_started/2fa.md: getting_started/account_security.md getting_started/apikey_creation.md: getting_started/manage_api_keys.md getting_started/first_steps.md: getting_started/index.md diff --git a/scripts/update_mkdocs/templates/intake.md.jinja b/scripts/update_mkdocs/templates/intake.md.jinja index c05764f321..8cff5b79e6 100644 --- a/scripts/update_mkdocs/templates/intake.md.jinja +++ b/scripts/update_mkdocs/templates/intake.md.jinja @@ -26,7 +26,7 @@ In details, the following table denotes the type of events produced by this inte {% if tests %} ### Transformed Events Samples after Ingestion -This section demonstrates how the raw logs will be transformed by our parsers. It shows the extracted fields that will be available for use in the [built-in detection rules](/docs/xdr/features/detect/rules_catalog) and hunting activities in the [events page](/docs/xdr/features/investigate/events). Understanding these transformations is essential for analysts to create effective detection mechanisms with [custom detection rules](/docs/xdr/features/detect/sigma) and to leverage the full potential of the collected data. +This section demonstrates how the raw logs will be transformed by our parsers. It shows the extracted fields that will be available for use in the [built-in detection rules](/xdr/features/detect/rules_catalog) and hunting activities in the [events page](/xdr/features/investigate/events). Understanding these transformations is essential for analysts to create effective detection mechanisms with [custom detection rules](/xdr/features/detect/sigma) and to leverage the full potential of the collected data. {% for test in tests %} === "{{test['name']}}"