Merge pull request #1346 from SEKOIA-IO/update-intake-documentation

Refresh intakes documentation

_shared_content/operations_center/integrations/generated/547234b3-82ea-4507-b28f-3ee3cd5b9a8e.md

@@ -6,7 +6,7 @@ The following table lists the data source offered by this integration.
 
 | Data Source | Description                          |
 | ----------- | ------------------------------------ |
-| `Authentication logs` | Cisco Duo Security provides audit logs about authentication sessions |
+| `Authentication logs` | Duo Security provides audit logs about authentication sessions |
 
 
 
@@ -48,7 +48,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "@timestamp": "2020-01-23T16:18:58Z",
         "observer": {
             "vendor": "Duo",
-            "product": "Cisco Duo Security"
+            "product": "Duo Security"
         }
     }
     	
@@ -75,7 +75,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "@timestamp": "2020-01-24T15:09:42Z",
         "observer": {
             "vendor": "Duo",
-            "product": "Cisco Duo Security"
+            "product": "Duo Security"
         },
         "user": {
             "name": "admin"
@@ -114,7 +114,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "@timestamp": "2020-02-13T18:56:20.351346Z",
         "observer": {
             "vendor": "Duo",
-            "product": "Cisco Duo Security"
+            "product": "Duo Security"
         },
         "user": {
             "email": "[email protected]",
@@ -173,7 +173,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "@timestamp": "2019-08-30T16:10:05Z",
         "observer": {
             "vendor": "Duo",
-            "product": "Cisco Duo Security"
+            "product": "Duo Security"
         },
         "duo": {
             "security": {
@@ -226,7 +226,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Duo",
-            "product": "Cisco Duo Security"
+            "product": "Duo Security"
         },
         "duo": {
             "security": {
@@ -260,7 +260,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Duo",
-            "product": "Cisco Duo Security"
+            "product": "Duo Security"
         },
         "duo": {
             "security": {
@@ -294,7 +294,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Duo",
-            "product": "Cisco Duo Security"
+            "product": "Duo Security"
         },
         "duo": {
             "security": {

_shared_content/operations_center/integrations/generated/8a9894f8-d7bc-4c06-b96a-8808b3c6cade.md

@@ -8,7 +8,7 @@ The following table lists the data source offered by this integration.
 | ----------- | ------------------------------------ |
 | `Authentication logs` | There's an authentification audit, control and diagnostic |
 | `Network device configuration` | Changing conf of devices usually by the admin |
-| `Web logs` | Cisco Identity Services Engine (ISE) logs provide information about the connected client and the requested resource |
+| `Web logs` | Cisco ISE logs provide information about the connected client and the requested resource |
 
 
 
@@ -47,7 +47,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         },
         "user": {
             "name": "john.doe"
@@ -86,7 +86,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         }
     }
     	
@@ -111,7 +111,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         },
         "cisco": {
             "ise": {
@@ -143,7 +143,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         }
     }
     	
@@ -167,7 +167,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         },
         "source": {
             "domain": "servername",
@@ -205,7 +205,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         },
         "source": {
             "domain": "servername",
@@ -249,7 +249,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         },
         "cisco": {
             "ise": {
@@ -293,7 +293,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         },
         "observer": {
             "vendor": "Cisco",
-            "product": "Cisco Identity Services Engine (ISE)"
+            "product": "Cisco ISE"
         },
         "user": {
             "name": "admin"

_shared_content/operations_center/integrations/generated/9281438c-f7c3-4001-9bcc-45fd108ba1be.md

@@ -324,6 +324,72 @@ Find below few samples of events and how they are normalized by Sekoia.io.
 	```
 
 
+=== "Event_5408_event_message_is_json.json"
+
+    ```json
+
+    {
+        "message": "{\"EventTime\":\"2023-09-25 15:29:18\",\"Hostname\":\"foo.net\",\"Keywords\":1152921504606846976,\"EventType\":\"VERBOSE\",\"SeverityValue\":1,\"Severity\":\"DEBUG\",\"EventID\":5408,\"SourceName\":\"Microsoft-Windows-FailoverClustering\",\"ProviderGuid\":\"{BAF908EA-3421-4CA9-9B84-6689B8C6F85F}\",\"Version\":0,\"Task\":0,\"OpcodeValue\":0,\"RecordNumber\":764816422,\"ActivityID\":\"{D938DD9B-F8EF-4227-A505-1169A1E3873E}\",\"ProcessID\":5440,\"ThreadID\":8428,\"Channel\":\"Microsoft-Windows-FailoverClustering/DiagnosticVerbose\",\"Domain\":\"NT AUTHORITY\",\"AccountName\":\"SYSTEM\",\"UserID\":\"S-1-5-18\",\"AccountType\":\"User\",\"Message\":\"{\\\"EventTime\\\":\\\"2023-09-25 15:29:18\\\",\\\"Hostname\\\":\\\"foo.net\\\",\\\"Keywords\\\":1152921504606846976,\\\"EventType\\\":\\\"VERBOSE\\\",\\\"SeverityValue\\\":1,\\\"Severity\\\":\\\"DEBUG\\\",\\\"EventID\\\":5408,\\\"SourceName\\\":\\\"Microsoft-Windows-FailoverClustering\\\",\\\"ProviderGuid\\\":\\\"{BAF908EA-3421-4CA9-9B84-6689B8C6F85F}\\\",\\\"Version\\\":0,\\\"Task\\\":0,\\\"OpcodeValue\\\":0,\\\"RecordNumber\\\":764816422,\\\"ActivityID\\\":\\\"{D938DD9B-F8EF-4227-A505-1169A1E3873E}\\\",\\\"ProcessID\\\":5440,\\\"ThreadID\\\":8428,\\\"Channel\\\":\\\"Microsoft-Windows-FailoverClustering/DiagnosticVerbose\\\",\\\"Domain\\\":\\\"NT AUTHORITY\\\",\\\"AccountName\\\":\\\"SYSTEM\\\",\\\"UserID\\\":\\\"S-1-5-18\\\",\\\"AccountType\\\":\\\"User\\\",\\\"Message\\\":\\\"[RCM] Sending Control Code GET_PRIVATE_PROPERTIES Id 25237136 \\\\r\\\\n\\\",\\\"Opcode\\\":\\\"Info\\\",\\\"LogString\\\":\\\"[RCM] Sending Control Code GET_PRIVATE_PROPERTIES Id 25237136 \\\\r\\\\n\\\",\\\"EventReceivedTime\\\":\\\"2023-09-25 15:29:18\\\",\\\"SourceModuleName\\\":\\\"eventlog\\\",\\\"SourceModuleType\\\":\\\"im_msvistalog\\\"}\",\"Opcode\":\"Info\",\"LogString\":\"[RCM] Sending Control Code GET_PRIVATE_PROPERTIES Id 25237136 \\r\\n\",\"EventReceivedTime\":\"2023-09-25 15:29:18\",\"SourceModuleName\":\"eventlog\",\"SourceModuleType\":\"im_msvistalog\"}\n",
+        "event": {
+            "code": "5408",
+            "provider": "Microsoft-Windows-FailoverClustering"
+        },
+        "action": {
+            "record_id": 764816422,
+            "type": "Microsoft-Windows-FailoverClustering/DiagnosticVerbose",
+            "id": 5408,
+            "properties": [
+                {
+                    "AccountName": "SYSTEM",
+                    "AccountType": "User",
+                    "Domain": "NT AUTHORITY",
+                    "EventType": "VERBOSE",
+                    "OpcodeValue": 0,
+                    "ProviderGuid": "{BAF908EA-3421-4CA9-9B84-6689B8C6F85F}",
+                    "Severity": "DEBUG",
+                    "Task": 0,
+                    "SourceName": "Microsoft-Windows-FailoverClustering",
+                    "Keywords": "1152921504606846976"
+                }
+            ]
+        },
+        "log": {
+            "hostname": "foo.net",
+            "level": "debug"
+        },
+        "host": {
+            "hostname": "foo.net",
+            "name": "foo.net"
+        },
+        "os": {
+            "family": "windows",
+            "platform": "windows"
+        },
+        "process": {
+            "thread": {
+                "id": 8428
+            },
+            "pid": 5440,
+            "id": 5440
+        },
+        "user": {
+            "id": "S-1-5-18",
+            "name": "SYSTEM",
+            "domain": "NT AUTHORITY"
+        },
+        "related": {
+            "hosts": [
+                "foo.net"
+            ],
+            "user": [
+                "SYSTEM"
+            ]
+        }
+    }
+    	
+	```
+
+
 === "Event_56.json"
 
     ```json