Merge pull request #1458 from SEKOIA-IO/update-intake-documentation

Refresh intakes documentation
SEKOIA-IO · Nov 28, 2023 · e056232 · e056232
2 parents 6a2daad + 3f70541
commit e056232
Show file tree

Hide file tree

Showing 7 changed files with 974 additions and 143 deletions.
diff --git a/...perations_center/integrations/generated/021e9def-5a55-4369-941e-af269b45bef1.md b/...perations_center/integrations/generated/021e9def-5a55-4369-941e-af269b45bef1.md
@@ -247,6 +247,11 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             ]
         },
         "sekoiaio": {
+            "authentication": {
+                "process": {
+                    "name": "sshd"
+                }
+            },
             "server": {
                 "name": "ext-rp",
                 "os": {
@@ -362,6 +367,11 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             ]
         },
         "sekoiaio": {
+            "authentication": {
+                "process": {
+                    "name": "sshd"
+                }
+            },
             "server": {
                 "name": "SRVFOOBAR",
                 "os": {

diff --git a/...perations_center/integrations/generated/250e4095-fa08-4101-bb02-e72f870fcbd1.md b/...perations_center/integrations/generated/250e4095-fa08-4101-bb02-e72f870fcbd1.md
@@ -341,6 +341,11 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             ]
         },
         "sekoiaio": {
+            "authentication": {
+                "process": {
+                    "name": "sshd"
+                }
+            },
             "server": {
                 "name": "foobar.net",
                 "os": {
@@ -505,6 +510,11 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             ]
         },
         "sekoiaio": {
+            "authentication": {
+                "process": {
+                    "name": "sshd"
+                }
+            },
             "server": {
                 "name": "PC-FOO",
                 "os": {

diff --git a/...perations_center/integrations/generated/2815eaab-2425-4eff-8038-3f7d5a3b8b11.md b/...perations_center/integrations/generated/2815eaab-2425-4eff-8038-3f7d5a3b8b11.md
@@ -111,6 +111,13 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "os": {
             "family": "windows",
             "platform": "windows"
+        },
+        "sekoiaio": {
+            "intake": {
+                "parsing_warnings": [
+                    "No fields extracted from original event"
+                ]
+            }
         }
     }
     	

diff --git a/...perations_center/integrations/generated/3c7057d3-4689-4fae-8033-6f1f887a70f2.md b/...perations_center/integrations/generated/3c7057d3-4689-4fae-8033-6f1f887a70f2.md
@@ -364,6 +364,11 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             ]
         },
         "sekoiaio": {
+            "authentication": {
+                "process": {
+                    "name": "C:\\Windows\\System32\\svchost.exe"
+                }
+            },
             "server": {
                 "os": {
                     "type": "windows"
@@ -1154,22 +1159,21 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "log": {
             "hostname": "sfreort"
         },
-        "process": {
-            "name": "Kerbe"
-        },
         "related": {
             "hosts": [
                 "sfreort"
             ]
         },
         "sekoiaio": {
+            "authentication": {
+                "process": {
+                    "name": "Kerbe"
+                }
+            },
             "client": {
                 "name": "sfreort",
                 "os": {
                     "type": "windows"
-                },
-                "user": {
-                    "id": "S-1-0-0"
                 }
             },
             "server": {
@@ -1183,6 +1187,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             "domain": "EXAMPLE"
         },
         "user": {
+            "id": "S-1-0-0",
             "roles": "Group1,Group2",
             "target": {
                 "domain": "example.org",
@@ -1259,6 +1264,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             "dataset": "eventlog",
             "kind": "event",
             "provider": "Microsoft-Windows-Security-Auditing",
+            "reason": "bad_password",
             "type": [
                 "info",
                 "start"
@@ -1310,22 +1316,21 @@ Find below few samples of events and how they are normalized by Sekoia.io.
         "log": {
             "hostname": "REDACTED"
         },
-        "process": {
-            "name": "NtLmSsp "
-        },
         "related": {
             "hosts": [
                 "REDACTED"
             ]
         },
         "sekoiaio": {
+            "authentication": {
+                "process": {
+                    "name": "NtLmSsp "
+                }
+            },
             "client": {
                 "name": "REDACTED",
                 "os": {
                     "type": "windows"
-                },
-                "user": {
-                    "id": "S-1-0-0"
                 }
             },
             "server": {
@@ -1339,6 +1344,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
             "domain": "WORKGROUP"
         },
         "user": {
+            "id": "S-1-0-0",
             "target": {
                 "id": "S-1-0-0",
                 "name": "ADMINISTRATOR"