Merge branch 'main' into fix-homepage

_shared_content/automate/library/bitsight.md

@@ -0,0 +1,32 @@
+# Bitsight
+
+![Bitsight](/assets/playbooks/library/bitsight.png){ align=right width=150 }
+
+Bitsight connector for audit logs
+
+## Configuration
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `company_uuids` | `array` | The list of company uuids |
+| `api_token` | `string` | The API Token to authenticate calls to the Bitsight API |
+
+## Triggers
+
+### [BETA] Fetch new findings from Bitsight
+
+Get findings from a Bitsight
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `frequency` | `integer` | Batch frequency in seconds |
+| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
+| `intake_key` | `string` | Intake key to use when sending events |
+| `batch_limit` | `integer` | Maximum number of events to send in a single batch |
+
+
+## Extra
+
+Module **`Bitsight` v1.0.0**

_shared_content/automate/library/mimecast.md

@@ -0,0 +1,32 @@
+# Mimecast
+
+![Mimecast](/assets/playbooks/library/mimecast.png){ align=right width=150 }
+
+Mimecast offers cloud-based email security, archiving, and continuity solutions to protect against cyber threats and ensure compliance.
+
+## Configuration
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `client_id` | `string` | Client ID |
+| `client_secret` | `string` | Client Secret |
+
+## Triggers
+
+### [BETA] Fetch new email events from Mimecast
+
+Mimecast - Email Security
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `frequency` | `integer` | Batch frequency in seconds |
+| `chunk_size` | `integer` | The size of chunks for the batch processing |
+| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
+| `intake_key` | `string` | Intake key to use when sending events |
+
+
+## Extra
+
+Module **`Mimecast` v0.1.1**

_shared_content/automate/library/nybble.md

@@ -0,0 +1,40 @@
+# Nybble
+
+![Nybble](/assets/playbooks/library/nybble.png){ align=right width=150 }
+
+[Nybble Hub](https://nybble-security.io) is the worldwide first blue team community which handles your alerts at a glance.
+
+## Configuration
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `nhub_url` | `string` | Nybble Hub Connector Base URL |
+| `nhub_username` | `string` | Nybble Hub Connector username |
+| `nhub_key` | `string` | Nybble Hub Connector Key to authenticate the requests |
+
+## Actions
+
+### Create Alert
+
+Create an Alert into Nybble Hub
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `alert_data` | `object` | Received alert, from Sekoia 'Get Alert' action |
+| `rule` | `object` | Alert Rule from Rule Catalog, from Sekoia 'Get Rule' action |
+| `events` | `array` | Related Events, from Sekoia 'Get The Alert Events' action |
+
+
+**Outputs**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `status` | `boolean` |  |
+| `details` | `string` |  |
+
+
+## Extra
+
+Module **`Nybble` v1.0.2**

_shared_content/intelligence_center/consume/intelligence.md

@@ -4,16 +4,14 @@
 
 Looking for a Threat actor? A specific Malware? A report on a topic of interest? Or a URL that looks suspicious? The Intelligence page possesses a search engine with complex filtering capabilities to navigate through millions of data. This threat knowledge base is updated on a daily basis by Sekoia.io analysts to make sure all kinds of threats are covered. 
 
-
-
 ## How to search
 
 ### Search bars
 
 The two ways to find what you need in the knowledge base is to: 
 
-1. Use the search bar embedded in the header. It’s accessible from any page of the Intelligence Center and enables a quick search in the database. 
-2. Click `Intelligence` from the Intelligence Center menu and use the main search bar to browse the knowledge you need.
+1. Use the search bar embedded in the menu. It’s accessible from any page of the app and enables a quick search in the database. 
+2. Click `Intelligence` from the app menu and use the main search bar to browse the knowledge you need.
 
 ![Intelligence-search](/assets/intelligence_center/intelligence%20search.png){: style="max-width:100%"}
 
@@ -170,16 +168,17 @@ By default, these columns are:
 | Sources | Where this object came from |
 | Last edited | Date of last edition |
 | Created | Date of creation |
+| Labels | Custom labels added from Sekoia |
 
-To show or hide these columns, click on `Filters`, then `Select columns to show` and choose the ones needed.
+To show or hide these columns, click on the icon on the top right of the table and select the ones needed.
 
 ### Pagination
 
-Depending on your screen size, you can change the pagination of this data table. It is set to 10 results per page by default, but you can increase this number to 15, 25, 50 or 100. 
+Depending on your screen size, you can change the pagination of this data table. It is set to 25 results per page by default, but you can increase or decrease this number to 10, 15, 50 or 100. 
 
 ### Revoked objects
 
-When a name is red in the table, it means that the object has been revoked.
+When an object name is red in the table, it means that the object has been revoked.
 
 ### Filters for objects
 
@@ -235,6 +234,6 @@ To differentiate between the two, a tab with `Known` and `Unknown` helps underst
 
 ### Bulk actions
 
-When you have a list of observables in your search results, you can select two or more of them by ticking the checkbox on the left of the value. Once selected, you can copy their values using the `copy` button that appears next to the filters. 
+When you have a list of observables in your search results, you can select two or more of them by ticking the checkbox on the left of the value. Once selected, you can copy their values using the `copy` button that appears on top of the table. 
 
 

_shared_content/intelligence_center/integrations/api.md

@@ -169,7 +169,7 @@ For relationships, use the `GET v2/inthreat/relationships/{relationship_id}` end
 
 ## Looking for an IOC
 
-It is possible to look for a specific indicator of compromise in the Intelligence Center and get its context with the `GET v2/inthreat/indicators/context` endpoint (see [documentation](../../develop/rest_api/intelligence/#tag/Indicators/operation/get_indicator_context_resource)).
+It is possible to look for a specific indicator of compromise in the Intelligence Center and get its context with the `GET v2/inthreat/indicators/context` endpoint (see [documentation](/cti/develop/rest_api/intelligence/#tag/Indicators/operation/get_indicator_context_resource)).
 
 
 ```python

_shared_content/intelligence_center/integrations/misp.md

@@ -4,7 +4,7 @@ The default feed is available as a MISP feed.
 
 It can be added to an existing MISP instance by following [MISP's documentation](https://www.circl.lu/doc/misp/managing-feeds/).
 
-To fetch Sekoia.io’s MISP feed, you’ll have to generate an API key with the `INTHREAT_READ_OBJECTS` permission. Please read the “[Generate API keys](../../../../getting_started/manage_api_keys)“ and “[Permissions](../../../../getting_started/Permissions)” page to understand how to create a new API key with the proper permissions.
+To fetch Sekoia.io’s MISP feed, you’ll have to generate an API key with the `INTHREAT_READ_OBJECTS` permission. Please read the “[Generate API keys](../../../../getting_started/manage_api_keys)“ page to understand how to create a new API key with the proper permissions.
 
 The following field values are required for the feed to work properly:
 

_shared_content/intelligence_center/integrations/opencti.md

@@ -1,124 +1,7 @@
 # External integration: OpenCTI
 
-## Objective
+The existing Sekoia connector for OpenCTI has been released in 2021 and is freely available on the OpenCTI Github repository. This connector is regularly updated and maintained by Filigran.
 
-Collect Sekoia.io CTI feed in an existing self-managed OpenCTI instance for any operational purpose (such as CTI aggregation, dissemination, hunting...). 
-
-## Prerequisites
-
-- An operational OpenCTI instance with administrator privileges
-- An active Sekoia.io licence with access to the CTI
-- An access to Sekoia.io User Center with the permissions to create an API key with  [**all CTI permissions**](https://docs.sekoia.io/getting_started/Permissions/#cti-permissions)
-
-## Configuration
-
-1. Add the following code **to the end** of **docker-compose.yml** file in the OpenCTI docker repository
-
-    ```YAML
-    connector-sekoia:
-        image: opencti/connector-sekoia:latest
-        environment:
-          - OPENCTI_URL=http://opencti:8080
-          - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
-          - CONNECTOR_ID=<Replace_by_email>
-          - CONNECTOR_TYPE=EXTERNAL_IMPORT
-          - CONNECTOR_NAME=SEKOIA.IO
-          - CONNECTOR_SCOPE=identity,attack-pattern,course-of-action,intrusion-set,malware,tool,report,location,vulnerability,indicator,campaign,infrastructure,relationship
-          - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
-          - CONNECTOR_UPDATE_EXISTING_DATA=false
-          - CONNECTOR_LOG_LEVEL=info
-          - SEKOIA_API_KEY=<Replace_by_Sekoia_API_key>
-          - SEKOIA_COLLECTION=d6092c37-d8d7-45c3-8aff-c4dc26030608
-          - SEKOIA_START_DATE=2022-01-01    # Optional, the date to start consuming data from. Maybe in the formats YYYY-MM-DD or YYYY-MM-DDT00:00:00
-          - SEKOIA_CREATE_OBSERVABLES=true  # Create observables from indicators
-        restart: always
-        depends_on:
-          - opencti
-
-    volumes:
-      esdata:
-      s3data:
-      redisdata:
-      amqpdata:
-    ```
-
-2. Replace the following parameters:
-    - `CONNECTOR_ID`= Replace_by_email or an UUID4
-    - `CONNECTOR_SCOPE` = identity,attack-pattern,course-of-action,intrusion-set,malware,tool,report,location,vulnerability,indicator,campaign,infrastructure,relationship => Sekoia Intelligence elements set to be exported in OpenCTI that can be chosen from this list
-    - `SEKOIA_API_KEY`= Sekoia API key with CTI_Permissions
-    - `SEKOIA_START_DATE`= <start_date_to_retrieve_feed> e.g. 2023-05-01
-
-3. Build and launch Sekoia connector
-    - Build    `docker-compose pull connector-sekoia`
-    - Run      `docker-compose up -d connector-sekoia`
-
-    !!!note
-        Sekoia connector should be named **connector-sekoia** as described in the previous section. 
-        To check all connectors available and set in the server, type `docker-compose ps`. 
-
-4. Check if Sekoia connector is running
-    ```
-    docker-compose ps connector-sekoia
-    ```
-
-## Connect to OpenCTI
-
-1. In a Web browser, type the following URL and replace `server_IP` and `port` by their values: http://server_ip:port/dashboard
-    ![OpenCTI_login](/assets/intelligence_center/opencti_1.png){: style="width: 40%; max-width: 40%"}
-
-2. Enter your login and password set in the **.env** file
-
-## Sekoia Intelligence in OpenCTI
-
-1. First of all, check if the connector is running and up to date. Go to Sekoia connector **Data > Connectors > Sekoia.io**
-    ![OpenCTI_Sekoia_connector1](/assets/intelligence_center/opencti_2.png){: style="width: 60%; max-width: 60%"}
-
-    On this page, you can find the following information: 
-
-    - `Update date`:  Last update date of the connector in OpenCTI
-    - `Status`:   Status of the connector in OpenCTI
-    - `Perimeter`:    Sekoia Intelligence feed set for import in `docker-compose.yml` file under **CONNECTOR_SCOPE**
-    - `Last cursor`:  **SEKOIA_START_DATE** set in `docker-compose.yml` file in base64 format
-
-    ![OpenCTI_Sekoia_connector2](/assets/intelligence_center/opencti_3.png){: style="width: 80%; max-width: 80%"}
-
-2. Navigate the Sekoia Intelligence Feed
-
-    Here are the elements of the Sekoia feed that can be found on OpenCTI after export:
-
-    |OpenCTI|Sekoia.io|
-    |--|--|
-    |Analysis|Threat-reports|
-    |Observations|Sightings|
-    |Arsenal|Malwares|
-    |Techniques|Intrusion-sets|
-    |Data|Indicators|
-
-3. Find a Sekoia.io Indicator
-
-    Here is an example with an indicator:
-
-    - In **Sekoia.io**, search for the indicator `blog.google` in the Intelligence Page
-            ![OpenCTI_search1](/assets/intelligence_center/opencti_indicator_search1.png){: style="width: 100%; max-width: 100%"}
-
-    - In **OpenCTI**, look for this indicator in the Data page
-        ![OpenCTI_search2](/assets/intelligence_center/opencti_indicator_search2.png){: style="width: 100%; max-width: 100%"}
-
-    - The content of the indicator will look like the one below
-        ![OpenCTI_Sekoia_search2](/assets/intelligence_center/sekoia_indicator.png){: style="width: 100%; max-width: 100%"}
-
-## Troubleshoot
-
-|Issue|Action|Linux command|
-|--|--|--|
-|Space disk full|check the logs|docker logs <container-id>|
-|Conflict with containers|list containers on server|docker-compose ps|
-
-## Other resources
-
-[OpenCTI official documentation](https://github.com/OpenCTI-Platform/opencti)
-
-[OpenCTI - Using Docker](https://docs.opencti.io/5.7.X/deployment/installation/#using-docker) 
-
-[OpenCTI - Connector Configuration](https://docs.opencti.io/5.8.X/deployment/connectors/#connector-configuration) 
+## Sekoia Connector Details
 
+The OpenCTI Github repository: [https://github.com/OpenCTI-Platform/connectors/tree/master/external-import/sekoia](https://github.com/OpenCTI-Platform/connectors/tree/master/external-import/sekoia) 

_shared_content/intelligence_center/integrations/thehive.md

@@ -38,7 +38,8 @@ Collect Sekoia.io CTI feed in an existing Cortex instance self-managed, for any
    3. Edit and Add your Sekoia API key and Base url
 ![Orga_setup_3](/assets/intelligence_center/orga_setup_3.png){: style="width: 60%; max-width: 60%"}
 
-
+!!!Note
+    If your Sekoia community is hosted on FRA1 region, leave the "Base url" field empty.
 
 ### 2. Enable and Setup the Analyzer