From 676f78eb0b33373cfa215b897a0180af8e8abd65 Mon Sep 17 00:00:00 2001
From: lvoloshyn-sekoia <leonid.voloshyn@sekoia.io>
Date: Mon, 4 Mar 2024 13:51:55 +0200
Subject: [PATCH 1/2] Add Fastly Audit Logs docs

---
 .../cloud_and_saas/fastly/fastly_audit.md     | 56 +++++++++++++++++++
 mkdocs.yml                                    |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md

diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md
new file mode 100644
index 0000000000..4a414bc8d3
--- /dev/null
+++ b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md
@@ -0,0 +1,56 @@
+uuid: c2faea65-1eb3-4f3f-b895-c8769a749d45
+name: Fastly Audit logs
+type: intake
+
+
+## Overview
+
+Fastly audit logs tracks activities related to your corp and your sites like user creation, rule creation, site configuration changes.
+
+!!! warning
+    Important note - This format is currently in beta. We highly value your feedback to improve its performance.
+
+{!_shared_content/operations_center/detection/generated/suggested_rules_c2faea65-1eb3-4f3f-b895-c8769a749d45_do_not_edit_manually.md!}
+
+{!_shared_content/operations_center/integrations/generated/c2faea65-1eb3-4f3f-b895-c8769a749d45.md!}
+
+## Configure
+
+### Creating API access tokens
+
+1. Go to the [Fastly WAF](https://dashboard.signalsciences.net) and log in.
+2. From the **My Profile** menu, select API access tokens.
+3. Click **Add API access token**.
+4. In the **Token name** field, enter a name to identify the access token.
+5. Click **Create API access token**.
+6. Record the token in a secure location for your use. Then, click **Continue** to finish creating the token.
+
+!!! Warning
+	This is the only time the token will be visible. Record the token and keep it secure.
+
+### Sekoia.io configuration procedure
+
+#### Create your intake
+
+1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Fastly Audit`.
+2. Copy the associated Intake key
+
+#### Pull the logs to collect them on Sekoia.io
+
+Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:
+
+1. Click **+ PLAYBOOK** button to create a new one
+2. Select **Create a playbook from scratch**
+3. Give it a name in the field **Name**
+4. Open the left panel, click **Fastly** then select the trigger `Fetch new audit logs from Fastly`
+5. Click **Create**
+
+6. Create a **Module configuration**. Name the module configuration as you wish.
+7. Create a **Trigger configuration** using: 
+7.1. Type the `Intake key` created on the previous step
+7.2 Enter `User's email`, `API token`, `Corporation name` and `Site name` (if needed) from the Fastly WAF dashboard
+
+- Click the **Save** button
+- **Activate the playbook** with the toggle button in the top right corner of the page
+
+#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)
diff --git a/mkdocs.yml b/mkdocs.yml
index bc327ef4f2..19b6e4acfa 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -122,6 +122,7 @@ nav:
           - Cisco Duo Security: xdr/features/collect/integrations/cloud_and_saas/cisco_duo_security.md
           - Claroty xDome: xdr/features/collect/integrations/cloud_and_saas/claroty_xdome.md
           - ExtraHop Reveal(x) 360: xdr/features/collect/integrations/cloud_and_saas/extrahop_revealx_360.md
+          - Fastly Audit Logs: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md
           - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md
           - Google Cloud:
             - Google Cloud Audit Logs: xdr/features/collect/integrations/cloud_and_saas/google/google_cloud_audit.md

From cfaa911b7bfd2ab10031b9b409f3e002952c6918 Mon Sep 17 00:00:00 2001
From: lvoloshyn-sekoia <leonid.voloshyn@sekoia.io>
Date: Tue, 5 Mar 2024 10:35:31 +0200
Subject: [PATCH 2/2] Fastly audit -> Fastly WAF audit

---
 .../fastly/{fastly_audit.md => fastly_audit_waf.md}         | 6 +++---
 mkdocs.yml                                                  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename docs/xdr/features/collect/integrations/cloud_and_saas/fastly/{fastly_audit.md => fastly_audit_waf.md} (90%)

diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md
similarity index 90%
rename from docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md
rename to docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md
index 4a414bc8d3..1ec7b701e1 100644
--- a/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md
+++ b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md
@@ -1,11 +1,11 @@
 uuid: c2faea65-1eb3-4f3f-b895-c8769a749d45
-name: Fastly Audit logs
+name: Fastly WAF Audit logs
 type: intake
 
 
 ## Overview
 
-Fastly audit logs tracks activities related to your corp and your sites like user creation, rule creation, site configuration changes.
+Fastly WAF audit logs tracks activities related to your corp and your sites like user creation, rule creation, site configuration changes.
 
 !!! warning
     Important note - This format is currently in beta. We highly value your feedback to improve its performance.
@@ -42,7 +42,7 @@ Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks),
 1. Click **+ PLAYBOOK** button to create a new one
 2. Select **Create a playbook from scratch**
 3. Give it a name in the field **Name**
-4. Open the left panel, click **Fastly** then select the trigger `Fetch new audit logs from Fastly`
+4. Open the left panel, click **Fastly** then select the trigger `Fetch new audit logs from Fastly WAF`
 5. Click **Create**
 
 6. Create a **Module configuration**. Name the module configuration as you wish.
diff --git a/mkdocs.yml b/mkdocs.yml
index 19b6e4acfa..abb4398b93 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -122,7 +122,7 @@ nav:
           - Cisco Duo Security: xdr/features/collect/integrations/cloud_and_saas/cisco_duo_security.md
           - Claroty xDome: xdr/features/collect/integrations/cloud_and_saas/claroty_xdome.md
           - ExtraHop Reveal(x) 360: xdr/features/collect/integrations/cloud_and_saas/extrahop_revealx_360.md
-          - Fastly Audit Logs: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit.md
+          - Fastly WAF Audit Logs: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md
           - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md
           - Google Cloud:
             - Google Cloud Audit Logs: xdr/features/collect/integrations/cloud_and_saas/google/google_cloud_audit.md