Refresh intakes documentation

SEKOIA-IO · Dec 12, 2023 · c2af26f · c2af26f
1 parent 7084f6d
commit c2af26f
Show file tree

Hide file tree

Showing 2 changed files with 412 additions and 0 deletions.
diff --git a/...perations_center/integrations/generated/70c5c3db-fae8-4825-8d8b-08d6315e1ef6.md b/...perations_center/integrations/generated/70c5c3db-fae8-4825-8d8b-08d6315e1ef6.md
@@ -0,0 +1,295 @@
+
+## Event Categories
+
+
+The following table lists the data source offered by this integration.
+
+| Data Source | Description                          |
+| ----------- | ------------------------------------ |
+| `Authentication logs` | audit events from Azure Files |
+| `File monitoring` | Azure files monitor logs |
+
+
+
+
+
+In details, the following table denotes the type of events produced by this integration.
+
+| Name | Values |
+| ---- | ------ |
+| Kind | `event` |
+| Category | `["network"]` |
+| Type | `` |
+
+
+
+
+## Event Samples
+
+Find below few samples of events and how they are normalized by Sekoia.io.
+
+
+=== "storage_delete.json"
+
+    ```json
+
+    {
+        "message": "{\"time\":\"2023-12-01T17:55:31.4699153Z\",\"resourceId\":\"/subscriptions/af8a6d76-d0d2-4f4d-9591-f917957d9675/resourceGroups/myresource/providers/Microsoft.Storage/storageAccounts/example/fileServices/default\",\"category\":\"StorageDelete\",\"operationName\":\"DeleteFile\",\"operationVersion\":\"2022-11-02\",\"schemaVersion\":\"1.0\",\"statusCode\":202,\"statusText\":\"Success\",\"durationMs\":5,\"callerIpAddress\":\"1.2.3.4:39221\",\"correlationId\":\"e3ae0a7a-5817-4fd4-91f2-f8eb1df0aaaf\",\"identity\":{\"type\":\"SAS\",\"tokenHash\":\"key1(1111111111111111111111111111111111111111111111111111111111111111),SasSignature(2222222222222222222222222222222222222222222222222222222222222222)\"},\"location\":\"westeurope\",\"properties\":{\"accountName\":\"example\",\"userAgentHeader\":\"Mozilla/5.0(X11;Linuxx86_64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/119.0.0.0Safari/537.36\",\"serviceType\":\"file\",\"objectKey\":\"/example\",\"metricResponseType\":\"Success\",\"serverLatencyMs\":5,\"requestHeaderSize\":791,\"responseHeaderSize\":246,\"tlsVersion\":\"TLS1.2\"},\"uri\":\"https://example.file.core.windows.net:443/mystorage/docs/myimage.jpg?_=1701453287208&sv=2022-11-02&ss=bqtf&srt=sco&sp=rwdlacuptfxiy&se=2023-12-02T01:54:36Z&sig=XXXXX\",\"protocol\":\"HTTPS\",\"resourceType\":\"Microsoft.Storage/storageAccounts/fileServices\"}",
+        "event": {
+            "action": "DeleteFile",
+            "category": [
+                "network"
+            ],
+            "dataset": "StorageDelete",
+            "kind": "event",
+            "provider": "Microsoft.Storage/storageAccounts/fileServices",
+            "type": [
+                "info"
+            ]
+        },
+        "@timestamp": "2023-12-01T17:55:31.469915Z",
+        "azure": {
+            "files": {
+                "status": "Success"
+            }
+        },
+        "cloud": {
+            "account": {
+                "name": "example"
+            },
+            "provider": "Azure",
+            "region": "westeurope",
+            "service": {
+                "name": "files"
+            }
+        },
+        "http": {
+            "response": {
+                "status_code": 202
+            }
+        },
+        "network": {
+            "protocol": "HTTPS"
+        },
+        "source": {
+            "address": "1.2.3.4",
+            "ip": "1.2.3.4",
+            "port": 39221
+        },
+        "url": {
+            "domain": "example.file.core.windows.net",
+            "original": "https://example.file.core.windows.net:443/mystorage/docs/myimage.jpg?_=1701453287208&sv=2022-11-02&ss=bqtf&srt=sco&sp=rwdlacuptfxiy&se=2023-12-02T01:54:36Z&sig=XXXXX",
+            "path": "/mystorage/docs/myimage.jpg",
+            "port": 443,
+            "query": "_=1701453287208&sv=2022-11-02&ss=bqtf&srt=sco&sp=rwdlacuptfxiy&se=2023-12-02T01:54:36Z&sig=XXXXX",
+            "registered_domain": "windows.net",
+            "scheme": "https",
+            "subdomain": "example.file.core",
+            "top_level_domain": "net"
+        },
+        "user_agent": {
+            "device": {
+                "name": "Other"
+            },
+            "name": "Chrome",
+            "original": "Mozilla/5.0(X11;Linuxx86_64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/119.0.0.0Safari/537.36",
+            "os": {
+                "name": "Linux"
+            },
+            "version": "119.0.0"
+        },
+        "related": {
+            "ip": [
+                "1.2.3.4"
+            ]
+        }
+    }
+    	
+	```
+
+
+=== "storage_read.json"
+
+    ```json
+
+    {
+        "message": "{\"time\":\"2023-12-01T17:55:39.9492668Z\",\"resourceId\":\"/subscriptions/af8a6d76-d0d2-4f4d-9591-f917957d9675/resourceGroups/myresource/providers/Microsoft.Storage/storageAccounts/example/fileServices/default\",\"category\":\"StorageRead\",\"operationName\":\"GetShareProperties\",\"operationVersion\":\"2018-03-28\",\"schemaVersion\":\"1.0\",\"statusCode\":200,\"statusText\":\"Success\",\"durationMs\":45,\"callerIpAddress\":\"10.0.0.10:49539\",\"correlationId\":\"e3ae0a7a-5817-4fd4-91f2-f8eb1df0aaaf\",\"identity\":{\"type\":\"AccountKey\",\"tokenHash\":\"key1(1111111111111111111111111111111111111111111111111111111111111111)\"},\"location\":\"westeurope\",\"properties\":{\"accountName\":\"example\",\"userAgentHeader\":\"Azure-Storage/9.3.2(.NETCLR4.0.30319.42000;Win32NT6.2.9200.0)\",\"clientRequestId\":\"0767b786-2c65-4637-990f-eb43c559b2ce\",\"etag\":\"\\\"0x8DBF2965D8FDE72\\\"\",\"serviceType\":\"file\",\"objectKey\":\"/example\",\"lastModifiedTime\":\"12/1/20235:53:03PM\",\"metricResponseType\":\"Success\",\"serverLatencyMs\":45,\"requestHeaderSize\":452,\"responseHeaderSize\":258,\"tlsVersion\":\"TLS1.2\"},\"uri\":\"https://example.file.core.windows.net:443/mystorage?restype=share\",\"protocol\":\"HTTPS\",\"resourceType\":\"Microsoft.Storage/storageAccounts/fileServices\"}",
+        "event": {
+            "action": "GetShareProperties",
+            "category": [
+                "network"
+            ],
+            "dataset": "StorageRead",
+            "kind": "event",
+            "provider": "Microsoft.Storage/storageAccounts/fileServices",
+            "type": [
+                "info"
+            ]
+        },
+        "@timestamp": "2023-12-01T17:55:39.949266Z",
+        "azure": {
+            "files": {
+                "status": "Success"
+            }
+        },
+        "cloud": {
+            "account": {
+                "name": "example"
+            },
+            "provider": "Azure",
+            "region": "westeurope",
+            "service": {
+                "name": "files"
+            }
+        },
+        "http": {
+            "response": {
+                "status_code": 200
+            }
+        },
+        "network": {
+            "protocol": "HTTPS"
+        },
+        "source": {
+            "address": "10.0.0.10",
+            "ip": "10.0.0.10",
+            "port": 49539
+        },
+        "url": {
+            "domain": "example.file.core.windows.net",
+            "original": "https://example.file.core.windows.net:443/mystorage?restype=share",
+            "path": "/mystorage",
+            "port": 443,
+            "query": "restype=share",
+            "registered_domain": "windows.net",
+            "scheme": "https",
+            "subdomain": "example.file.core",
+            "top_level_domain": "net"
+        },
+        "user_agent": {
+            "device": {
+                "name": "Other"
+            },
+            "name": "Other",
+            "original": "Azure-Storage/9.3.2(.NETCLR4.0.30319.42000;Win32NT6.2.9200.0)",
+            "os": {
+                "name": "Windows",
+                "version": "95"
+            }
+        },
+        "related": {
+            "ip": [
+                "10.0.0.10"
+            ]
+        }
+    }
+    	
+	```
+
+
+=== "storage_write.json"
+
+    ```json
+
+    {
+        "message": "{\"time\":\"2023-12-01T17:54:47.2719270Z\",\"resourceId\":\"/subscriptions/af8a6d76-d0d2-4f4d-9591-f917957d9675/resourceGroups/myresource/providers/Microsoft.Storage/storageAccounts/example/fileServices/default\",\"category\":\"StorageWrite\",\"operationName\":\"CreateFile\",\"operationVersion\":\"2022-11-02\",\"schemaVersion\":\"1.0\",\"statusCode\":201,\"statusText\":\"Success\",\"durationMs\":6,\"callerIpAddress\":\"1.2.3.4:39221\",\"correlationId\":\"e3ae0a7a-5817-4fd4-91f2-f8eb1df0aaaf\",\"identity\":{\"type\":\"SAS\",\"tokenHash\":\"key1(1111111111111111111111111111111111111111111111111111111111111111),SasSignature(2222222222222222222222222222222222222222222222222222222222222222)\"},\"location\":\"westeurope\",\"properties\":{\"accountName\":\"example\",\"userAgentHeader\":\"Mozilla/5.0(X11;Linuxx86_64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/119.0.0.0Safari/537.36\",\"referrerHeader\":\"https://portal.azure.com/\",\"etag\":\"\\\"0x8DBF2969B9AF0B5\\\"\",\"serviceType\":\"file\",\"objectKey\":\"/example\",\"lastModifiedTime\":\"12/1/20235:54:47PM\",\"metricResponseType\":\"Success\",\"serverLatencyMs\":6,\"requestHeaderSize\":994,\"responseHeaderSize\":859,\"tlsVersion\":\"TLS1.2\"},\"uri\":\"https://example.file.core.windows.net:443/mystorage/docs/myimage.jpg?_=1701453287208&sv=2022-11-02&ss=bqtf&srt=sco&sp=rwdlacuptfxiy&se=2023-12-02T01:54:36Z&sig=XXXXX\",\"protocol\":\"HTTPS\",\"resourceType\":\"Microsoft.Storage/storageAccounts/fileServices\"}",
+        "event": {
+            "action": "CreateFile",
+            "category": [
+                "network"
+            ],
+            "dataset": "StorageWrite",
+            "kind": "event",
+            "provider": "Microsoft.Storage/storageAccounts/fileServices",
+            "type": [
+                "info"
+            ]
+        },
+        "@timestamp": "2023-12-01T17:54:47.271927Z",
+        "azure": {
+            "files": {
+                "status": "Success"
+            }
+        },
+        "cloud": {
+            "account": {
+                "name": "example"
+            },
+            "provider": "Azure",
+            "region": "westeurope",
+            "service": {
+                "name": "files"
+            }
+        },
+        "http": {
+            "response": {
+                "status_code": 201
+            }
+        },
+        "network": {
+            "protocol": "HTTPS"
+        },
+        "source": {
+            "address": "1.2.3.4",
+            "ip": "1.2.3.4",
+            "port": 39221
+        },
+        "url": {
+            "domain": "example.file.core.windows.net",
+            "original": "https://example.file.core.windows.net:443/mystorage/docs/myimage.jpg?_=1701453287208&sv=2022-11-02&ss=bqtf&srt=sco&sp=rwdlacuptfxiy&se=2023-12-02T01:54:36Z&sig=XXXXX",
+            "path": "/mystorage/docs/myimage.jpg",
+            "port": 443,
+            "query": "_=1701453287208&sv=2022-11-02&ss=bqtf&srt=sco&sp=rwdlacuptfxiy&se=2023-12-02T01:54:36Z&sig=XXXXX",
+            "registered_domain": "windows.net",
+            "scheme": "https",
+            "subdomain": "example.file.core",
+            "top_level_domain": "net"
+        },
+        "user_agent": {
+            "device": {
+                "name": "Other"
+            },
+            "name": "Chrome",
+            "original": "Mozilla/5.0(X11;Linuxx86_64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/119.0.0.0Safari/537.36",
+            "os": {
+                "name": "Linux"
+            },
+            "version": "119.0.0"
+        },
+        "related": {
+            "ip": [
+                "1.2.3.4"
+            ]
+        }
+    }
+    	
+	```
+
+
+
+
+
+## Extracted Fields
+
+The following table lists the fields that are extracted, normalized under the ECS format, analyzed and indexed by the parser. It should be noted that infered fields are not listed.
+
+| Name | Type | Description                |
+| ---- | ---- | ---------------------------|
+|`@timestamp` | `date` | Date/time when the event originated. |
+|`azure.files.status` | `keyword` | Azure files status |
+|`cloud.account.name` | `keyword` | The cloud account name. |
+|`cloud.provider` | `keyword` | Name of the cloud provider. |
+|`cloud.region` | `keyword` | Region in which this host, resource, or service is located. |
+|`cloud.service.name` | `keyword` | The cloud service name. |
+|`event.action` | `keyword` | The action captured by the event. |
+|`event.category` | `keyword` | Event category. The second categorization field in the hierarchy. |
+|`event.dataset` | `keyword` | Name of the dataset. |
+|`event.kind` | `keyword` | The kind of the event. The highest categorization field in the hierarchy. |
+|`event.provider` | `keyword` | Source of the event. |
+|`http.response.status_code` | `long` | HTTP response status code. |
+|`network.protocol` | `keyword` | Application protocol name. |
+|`source.ip` | `ip` | IP address of the source. |
+|`source.port` | `long` | Port of the source. |
+|`url.original` | `wildcard` | Unmodified original url as seen in the event source. |
+|`user_agent.original` | `keyword` | Unparsed user_agent string. |
+