From 50dca1ec4f681403d3effdac2372048987047b24 Mon Sep 17 00:00:00 2001 From: Sebastien Quioc Date: Wed, 26 Jun 2024 18:42:28 +0200 Subject: [PATCH] feat(Daspren): add documentation for Daspren Parad --- .../integrations/endpoint/daspren_parad.md | 46 +++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 47 insertions(+) create mode 100644 docs/xdr/features/collect/integrations/endpoint/daspren_parad.md diff --git a/docs/xdr/features/collect/integrations/endpoint/daspren_parad.md b/docs/xdr/features/collect/integrations/endpoint/daspren_parad.md new file mode 100644 index 0000000000..f256f5d2d8 --- /dev/null +++ b/docs/xdr/features/collect/integrations/endpoint/daspren_parad.md @@ -0,0 +1,46 @@ +uuid: 23813540-b658-48dd-b030-e9b92168bbf4 +name: Daspren Parad +type: intake + +## Overview + +Daspren is the only Data Detection and Response (DDR) that integrates detection and blocking of cyber attacks. +Daspren goes deep, using our patented data-centric AI to meticulously dissect and analyze every data access. It seamlessly intercepts and scrutinizes these access requests, ensuring that only legitimate, authorized applications can access your data, keeping it secure and protected. + +!!! warning + Important note - This format is currently in beta. We highly value your feedback to improve its performance. + +Parad is the data protection solution from Daspren. It monitors data activity and use AI to prevent data breaches coming from both the inside and the outside of your organization : + +- File created, opened, deleted, moved or modified, +- Access rules breach attempts, +- Malicious processes detected. + +## Supported events + +This integration supports the following events: + +- File monitoring events +- Malicious detection events + +{!_shared_content/operations_center/detection/generated/suggested_rules_23813540-b658-48dd-b030-e9b92168bbf4_do_not_edit_manually.md!} + +{!_shared_content/operations_center/integrations/generated/23813540-b658-48dd-b030-e9b92168bbf4.md!} + +## Configure + +### Create the intake + +Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Daspren - Parad`. Copy the intake key. + +### Setup a Sink + +To set up the integration: + +1. Open the Parad CLI +2. Create a Sink from the CLI + 1. Go to `Sinks > Add Sink` + 2. Select the Sekoia Sink Variant + 3. Type a name and paste the intake key +3. Create a Reporter from the CLI with `Reporters > Add Reporter` +4. Create a Link between the previously created Sink and Reporter diff --git a/mkdocs.yml b/mkdocs.yml index e1eee70e2c..297ce65a87 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -192,6 +192,7 @@ nav: - Cybereason MalOp: xdr/features/collect/integrations/endpoint/cybereason_malop.md - Cybereason MalOp activity: xdr/features/collect/integrations/endpoint/cybereason_malop_activity.md - Darktrace Threat Visualizer: xdr/features/collect/integrations/endpoint/darktrace_threat_visualizer.md + - Daspren Parad: xdr/features/collect/integrations/endpoint/daspren_parad.md - ESET Protect: xdr/features/collect/integrations/endpoint/eset_protect.md - HarfangLab: xdr/features/collect/integrations/endpoint/harfanglab.md - IBM AIX: xdr/features/collect/integrations/endpoint/ibm_aix.md