-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1587 from SEKOIA-IO/update-intake-documentation
Refresh intakes documentation
- Loading branch information
Showing
1 changed file
with
1 addition
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -33,7 +33,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. | |
| ```json | ||
|
|
||
| { | ||
| "message": " {\n \"count\": 1000,\n \"application-name\": \"App1\",\n \"c-ip-subnet\": \"192.168.1.0/24\",\n \"cs(referer)\": \"http://example.com\",\n \"cs(user-agent)\": \"Mozilla/5.0\",\n \"cs(x-requested-with)\": \"XMLHttpRequest\",\n \"cs-auth-group\": \"Group1\",\n \"cs-auth-groups\": [\"Group1\", \"Group2\"],\n \"cs-bytes\": 1024,\n \"cs-categories\": [\"Category1\", \"Category2\"],\n \"cs-host\": \"example.com\",\n \"cs-icap-error-details\": \"ErrorDetails\",\n \"cs-icap-service\": \"ICAPService1\",\n \"cs-icap-status\": \"ICAPStatus1\",\n \"c-ip\": \"192.168.1.1\",\n \"cs-method\": \"GET\",\n \"cs-threat-risk\": \"High\",\n \"cs-uri-extension\": \".html\",\n \"cs-uri-path\": \"/path/to/resource\",\n \"cs-uri-port\": 80,\n \"cs-uri-query\": \"param=value\",\n \"cs-uri-scheme\": \"http\",\n \"cs-userdn\": \"[email protected]\",\n \"cs-version\": \"HTTP/1.1\",\n \"cs(X-Forwarded-For)\": \"192.168.0.1\",\n \"date\": \"2024-01-17\",\n \"ear-cas-file-reputation-score\": 95,\n \"ear-cs-referer\": \"http://referrer.com\",\n \"ear-upload-source\": \"Internal\",\n \"isolation-url\": \"http://isolation.example.com\",\n \"ma-detonated\": true,\n \"page-views\": 10,\n \"r-ip\": \"10.0.0.1\",\n \"r-supplier-country\": \"US\",\n \"risk-groups\": [\"GroupA\", \"GroupB\"],\n \"rs(content-type)\": \"text/html\",\n \"rs-icap-error-details\": \"RSICAPErrorDetails\",\n \"rs-icap-service\": \"RSICAPService1\",\n \"rs-icap-status\": \"RSICAPStatus1\",\n \"rs-version\": \"HTTP/1.1\",\n \"s-action\": \"Allow\",\n \"s-ip\": \"192.168.2.1\",\n \"s-source-ip\": \"192.168.2.2\",\n \"s-supplier-country\": \"CA\",\n \"s-supplier-failures\": 2,\n \"s-supplier-ip\": \"192.168.2.3\",\n \"sc-bytes\": 2048,\n \"sc-filter-result\": \"Allowed\",\n \"sc-status\": 200,\n \"search-terms\": \"keyword1 keyword2\",\n \"time\": \"12:34:56\",\n \"time-taken\": 500,\n \"upload-source\": \"External\",\n \"verdict\": \"Clean\",\n \"x-bluecoat-access-type\": \"Direct\",\n \"x-bluecoat-appliance-name\": \"Appliance1\",\n \"x-bluecoat-application-name\": \"App2\",\n \"x-bluecoat-application-operation\": \"Operation1\",\n \"x-bluecoat-location-id\": \"Location1\",\n \"x-bluecoat-location-name\": \"LocationName1\",\n \"x-bluecoat-reference-id\": \"ReferenceID1\",\n \"x-bluecoat-request-tenant-id\": \"TenantID1\",\n \"x-bluecoat-placeholder\": \"Placeholder1\",\n \"x-bluecoat-transaction-uuid\": \"TransactionUUID1\",\n \"x-client-agent-sw\": \"AgentSoftware1\",\n \"x-client-agent-type\": \"AgentType1\",\n \"x-client-device-id\": \"DeviceID1\",\n \"x-client-device-name\": \"DeviceName1\",\n \"x-client-device-type\": \"DeviceType1\",\n \"x-client-os\": \"OS1\",\n \"x-cloud-rs\": \"CloudRS1\",\n \"x-client-security-posture-details\": \"SecurityDetails1\",\n \"x-client-security-posture-risk-score\": 75,\n \"s-computername\": \"Computer1\",\n \"x-cs(referer)-uri-categories\": [\"CategoryA\", \"CategoryB\"],\n \"x-cs-certificate-subject\": \"CertificateSubject1\",\n \"x-cs-client-ip-country\": \"DE\",\n \"x-cs-connection-negotiated-cipher\": \"Cipher1\",\n \"x-cs-connection-negotiated-cipher-size\": 128,\n \"x-cs-connection-negotiated-ssl-version\": \"TLSv1.2\",\n \"x-cs-ocsp-error\": \"OCSPError1\",\n \"x-data-leak-detected\": false,\n \"x-dns-cs-address\": \"DNSAddress1\",\n \"x-dns-cs-category\": \"DNSCategory1\",\n \"x-dns-cs-dns\": \"DNSName1\",\n \"x-dns-cs-opcode\": \"DNSOpcode1\",\n \"x-dns-cs-qclass\": \"DNSQClass1\",\n \"x-dns-cs-qtype\": \"DNSQType1\",\n \"x-dns-cs-threat-risk-level\": \"High\",\n \"x-dns-cs-transport\": \"DNSTransport1\",\n \"x-dns-lookup-time\": 50,\n \"x-dns-rs-a-records\": \"1.2.3.4,5.6.7.8\",\n \"x-dns-rs-cname-records\": \"cname1.example.com,cname2.example.com\",\n \"x-dns-rs-ptr-records\": \"ptr1.example.com,ptr2.example.com\",\n \"x-dns-rs-rcode\": \"NoError,NoError1\",\n \"x-exception-id\": \"ExceptionID1\",\n \"x-http-connect-host\": \"ConnectHost1\",\n \"x-http-connect-port\": 8080,\n \"x-icap-reqmod-header(x-icap-metadata)\": \"ReqmodHeader1\",\n \"x-icap-respmod-header(x-icap-metadata)\": \"RespmodHeader1\",\n \"x-random-ipv6\": \"2001:db8::1\",\n \"x-request-origin\": \"Origin1\",\n \"x-rs-certificate-hostname\": \"RSHostname1\",\n \"x-rs-certificate-hostname-categories\": [\"RSCategory1\", \"RSCategory2\"],\n \"x-rs-certificate-hostname-category\": \"RSHostnameCategory1\",\n \"x-rs-certificate-hostname-threat-risk\": \"Low\",\n \"x-rs-certificate-observed-errors\": 3,\n \"x-rs-certificate-validate-status\": \"Valid\",\n \"x-rs-connection-negotiated-cipher\": \"RSConnectionCipher1\",\n \"x-rs-connection-negotiated-cipher-size\": 256,\n \"x-rs-connection-negotiated-cipher-strength\": \"High\",\n \"x-rs-connection-negotiated-ssl-version\": \"TLSv1.3\",\n \"x-rs-ocsp-error\": \"RSOCSPError1\",\n \"x-sc-connection-issuer-keyring\": \"IssuerKeyring1\",\n \"x-sc-connection-issuer-keyring-alias\": \"IssuerAlias1\",\n \"x-sr-vpop-country\": \"SRVPopCountry1\",\n \"x-sr-vpop-country-code\": \"SRVPopCountryCode1\",\n \"x-sr-vpop-ip\": \"SRVPopIP1\",\n \"x-symc-dei-app\": \"DEIApp1\",\n \"x-symc-dei-via\": \"DEIVia1\",\n \"x-timestamp-unix\": 1642419296,\n \"x-virus-id\": \"VirusID1\"\n }", | ||
| "message": " {\n \"count\": 1000,\n \"application-name\": \"App1\",\n \"c-ip-subnet\": \"192.168.1.0/24\",\n \"cs(referer)\": \"http://example.com\",\n \"cs(User-Agent)\": \"Mozilla/5.0\",\n \"cs(x-requested-with)\": \"XMLHttpRequest\",\n \"cs-auth-group\": \"Group1\",\n \"cs-auth-groups\": [\"Group1\", \"Group2\"],\n \"cs-bytes\": 1024,\n \"cs-categories\": [\"Category1\", \"Category2\"],\n \"cs-host\": \"example.com\",\n \"cs-icap-error-details\": \"ErrorDetails\",\n \"cs-icap-service\": \"ICAPService1\",\n \"cs-icap-status\": \"ICAPStatus1\",\n \"c-ip\": \"192.168.1.1\",\n \"cs-method\": \"GET\",\n \"cs-threat-risk\": \"High\",\n \"cs-uri-extension\": \".html\",\n \"cs-uri-path\": \"/path/to/resource\",\n \"cs-uri-port\": 80,\n \"cs-uri-query\": \"param=value\",\n \"cs-uri-scheme\": \"http\",\n \"cs-userdn\": \"[email protected]\",\n \"cs-version\": \"HTTP/1.1\",\n \"cs(X-Forwarded-For)\": \"192.168.0.1\",\n \"date\": \"2024-01-17\",\n \"ear-cas-file-reputation-score\": 95,\n \"ear-cs-referer\": \"http://referrer.com\",\n \"ear-upload-source\": \"Internal\",\n \"isolation-url\": \"http://isolation.example.com\",\n \"ma-detonated\": true,\n \"page-views\": 10,\n \"r-ip\": \"10.0.0.1\",\n \"r-supplier-country\": \"US\",\n \"risk-groups\": [\"GroupA\", \"GroupB\"],\n \"rs(content-type)\": \"text/html\",\n \"rs-icap-error-details\": \"RSICAPErrorDetails\",\n \"rs-icap-service\": \"RSICAPService1\",\n \"rs-icap-status\": \"RSICAPStatus1\",\n \"rs-version\": \"HTTP/1.1\",\n \"s-action\": \"Allow\",\n \"s-ip\": \"192.168.2.1\",\n \"s-source-ip\": \"192.168.2.2\",\n \"s-supplier-country\": \"CA\",\n \"s-supplier-failures\": 2,\n \"s-supplier-ip\": \"192.168.2.3\",\n \"sc-bytes\": 2048,\n \"sc-filter-result\": \"Allowed\",\n \"sc-status\": 200,\n \"search-terms\": \"keyword1 keyword2\",\n \"time\": \"12:34:56\",\n \"time-taken\": 500,\n \"upload-source\": \"External\",\n \"verdict\": \"Clean\",\n \"x-bluecoat-access-type\": \"Direct\",\n \"x-bluecoat-appliance-name\": \"Appliance1\",\n \"x-bluecoat-application-name\": \"App2\",\n \"x-bluecoat-application-operation\": \"Operation1\",\n \"x-bluecoat-location-id\": \"Location1\",\n \"x-bluecoat-location-name\": \"LocationName1\",\n \"x-bluecoat-reference-id\": \"ReferenceID1\",\n \"x-bluecoat-request-tenant-id\": \"TenantID1\",\n \"x-bluecoat-placeholder\": \"Placeholder1\",\n \"x-bluecoat-transaction-uuid\": \"TransactionUUID1\",\n \"x-client-agent-sw\": \"AgentSoftware1\",\n \"x-client-agent-type\": \"AgentType1\",\n \"x-client-device-id\": \"DeviceID1\",\n \"x-client-device-name\": \"DeviceName1\",\n \"x-client-device-type\": \"DeviceType1\",\n \"x-client-os\": \"OS1\",\n \"x-cloud-rs\": \"CloudRS1\",\n \"x-client-security-posture-details\": \"SecurityDetails1\",\n \"x-client-security-posture-risk-score\": 75,\n \"s-computername\": \"Computer1\",\n \"x-cs(referer)-uri-categories\": [\"CategoryA\", \"CategoryB\"],\n \"x-cs-certificate-subject\": \"CertificateSubject1\",\n \"x-cs-client-ip-country\": \"DE\",\n \"x-cs-connection-negotiated-cipher\": \"Cipher1\",\n \"x-cs-connection-negotiated-cipher-size\": 128,\n \"x-cs-connection-negotiated-ssl-version\": \"TLSv1.2\",\n \"x-cs-ocsp-error\": \"OCSPError1\",\n \"x-data-leak-detected\": false,\n \"x-dns-cs-address\": \"DNSAddress1\",\n \"x-dns-cs-category\": \"DNSCategory1\",\n \"x-dns-cs-dns\": \"DNSName1\",\n \"x-dns-cs-opcode\": \"DNSOpcode1\",\n \"x-dns-cs-qclass\": \"DNSQClass1\",\n \"x-dns-cs-qtype\": \"DNSQType1\",\n \"x-dns-cs-threat-risk-level\": \"High\",\n \"x-dns-cs-transport\": \"DNSTransport1\",\n \"x-dns-lookup-time\": 50,\n \"x-dns-rs-a-records\": \"1.2.3.4,5.6.7.8\",\n \"x-dns-rs-cname-records\": \"cname1.example.com,cname2.example.com\",\n \"x-dns-rs-ptr-records\": \"ptr1.example.com,ptr2.example.com\",\n \"x-dns-rs-rcode\": \"NoError,NoError1\",\n \"x-exception-id\": \"ExceptionID1\",\n \"x-http-connect-host\": \"ConnectHost1\",\n \"x-http-connect-port\": 8080,\n \"x-icap-reqmod-header(x-icap-metadata)\": \"ReqmodHeader1\",\n \"x-icap-respmod-header(x-icap-metadata)\": \"RespmodHeader1\",\n \"x-random-ipv6\": \"2001:db8::1\",\n \"x-request-origin\": \"Origin1\",\n \"x-rs-certificate-hostname\": \"RSHostname1\",\n \"x-rs-certificate-hostname-categories\": [\"RSCategory1\", \"RSCategory2\"],\n \"x-rs-certificate-hostname-category\": \"RSHostnameCategory1\",\n \"x-rs-certificate-hostname-threat-risk\": \"Low\",\n \"x-rs-certificate-observed-errors\": 3,\n \"x-rs-certificate-validate-status\": \"Valid\",\n \"x-rs-connection-negotiated-cipher\": \"RSConnectionCipher1\",\n \"x-rs-connection-negotiated-cipher-size\": 256,\n \"x-rs-connection-negotiated-cipher-strength\": \"High\",\n \"x-rs-connection-negotiated-ssl-version\": \"TLSv1.3\",\n \"x-rs-ocsp-error\": \"RSOCSPError1\",\n \"x-sc-connection-issuer-keyring\": \"IssuerKeyring1\",\n \"x-sc-connection-issuer-keyring-alias\": \"IssuerAlias1\",\n \"x-sr-vpop-country\": \"SRVPopCountry1\",\n \"x-sr-vpop-country-code\": \"SRVPopCountryCode1\",\n \"x-sr-vpop-ip\": \"SRVPopIP1\",\n \"x-symc-dei-app\": \"DEIApp1\",\n \"x-symc-dei-via\": \"DEIVia1\",\n \"x-timestamp-unix\": 1642419296,\n \"x-virus-id\": \"VirusID1\"\n }", | ||
| "event": { | ||
| "action": "Allow", | ||
| "category": [ | ||
|
|
||