Skip to content

Commit

Permalink
Merge pull request #1431 from SEKOIA-IO/update-intake-documentation
Browse files Browse the repository at this point in the history 
Refresh intakes documentation
  • Loading branch information
@otetard
otetard authored Nov 13, 2023
2 parents c94a092 + e588c43 commit f4a0959
Showing 1 changed file with 45 additions and 29 deletions.
74 changes: 45 additions & 29 deletions ...perations_center/integrations/generated/903ec1b8-f206-4ba5-8563-db21da09cafd.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,52 +432,54 @@ Find below few samples of events and how they are normalized by Sekoia.io.
```json

{
"message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domain\\pusername,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,15,tcp,allow,2346,1974,372,9,90,16,30,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,",
"message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domain\\pusername,userdest,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,15,tcp,allow,2346,1974,372,9,90,16,30,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,",
"event": {
"category": [
"network"
],
"dataset": "traffic",
"duration": 30,
"duration": 16,
"kind": "event",
"type": [
"end"
]
},
"@timestamp": "2023-06-16T10:41:44Z",
"action": {
"name": "2346",
"name": "allow",
"outcome": "success",
"type": "end"
},
"destination": {
"address": "5.6.7.8",
"bytes": 9,
"bytes": 372,
"ip": "5.6.7.8",
"nat": {
"ip": "0.0.0.0",
"port": 15
"port": 0
},
"port": 0,
"packets": 3,
"port": 5985,
"user": {
"name": "windows-remote-management"
"name": "userdest"
}
},
"log": {
"logger": "traffic"
},
"network": {
"bytes": 1974,
"packets": 90,
"transport": "allow"
"application": "windows-remote-management",
"bytes": 2346,
"packets": 9,
"transport": "tcp"
},
"observer": {
"product": "PAN-OS",
"serial_number": "001701003551"
},
"paloalto": {
"Threat_ContentType": "end",
"VirtualLocation": "PDT_STD"
"VirtualLocation": "vsys1"
},
"related": {
"ip": [
Expand All @@ -487,22 +489,22 @@ Find below few samples of events and how they are normalized by Sekoia.io.
],
"user": [
"domain\\pusername",
"windows-remote-management"
"userdest"
]
},
"rule": {
"name": "GEN_WINLOG_Users"
},
"source": {
"address": "1.2.3.4",
"bytes": 372,
"bytes": 1974,
"ip": "1.2.3.4",
"nat": {
"ip": "0.0.0.0",
"port": 0
},
"packets": 3,
"port": 5985,
"packets": 6,
"port": 51413,
"user": {
"name": "domain\\pusername"
}
Expand All @@ -520,49 +522,54 @@ Find below few samples of events and how they are normalized by Sekoia.io.
```json

{
"message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domainusername,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,0x1c,tcp,allow,2346,1974,372,9,2023/06/16 10:41:26,16,not-resolved,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,",
"message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domainusername,destuser,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,0x1c,tcp,allow,2346,1974,372,9,2023/06/16 10:41:26,16,not-resolved,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,",
"event": {
"category": [
"network"
],
"dataset": "traffic",
"duration": 16,
"kind": "event",
"type": [
"end"
]
},
"@timestamp": "2023-06-16T10:41:44Z",
"action": {
"name": "2346",
"name": "allow",
"outcome": "success",
"type": "end"
},
"destination": {
"address": "5.6.7.8",
"bytes": 9,
"bytes": 372,
"ip": "5.6.7.8",
"nat": {
"ip": "0.0.0.0"
"ip": "0.0.0.0",
"port": 0
},
"port": 0,
"packets": 3,
"port": 5985,
"user": {
"name": "windows-remote-management"
"name": "destuser"
}
},
"log": {
"logger": "traffic"
},
"network": {
"bytes": 1974,
"transport": "allow"
"application": "windows-remote-management",
"bytes": 2346,
"packets": 9,
"transport": "tcp"
},
"observer": {
"product": "PAN-OS",
"serial_number": "001701003551"
},
"paloalto": {
"Threat_ContentType": "end",
"VirtualLocation": "PDT_STD"
"VirtualLocation": "vsys1"
},
"related": {
"ip": [
Expand All @@ -571,23 +578,23 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"5.6.7.8"
],
"user": [
"domainusername",
"windows-remote-management"
"destuser",
"domainusername"
]
},
"rule": {
"name": "GEN_WINLOG_Users"
},
"source": {
"address": "1.2.3.4",
"bytes": 372,
"bytes": 1974,
"ip": "1.2.3.4",
"nat": {
"ip": "0.0.0.0",
"port": 0
},
"packets": 3,
"port": 5985,
"packets": 6,
"port": 51413,
"user": {
"name": "domainusername"
}
Expand Down Expand Up @@ -934,6 +941,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"logger": "traffic"
},
"network": {
"application": "ping",
"bytes": 222,
"packets": 3,
"transport": "icmp"
Expand Down Expand Up @@ -1227,6 +1235,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"logger": "traffic"
},
"network": {
"application": "web-browsing",
"bytes": 800,
"packets": 2,
"transport": "tcp"
Expand Down Expand Up @@ -2293,6 +2302,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"logger": "traffic"
},
"network": {
"application": "incomplete",
"bytes": 74,
"packets": 1
},
Expand Down Expand Up @@ -2383,6 +2393,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"logger": "traffic"
},
"network": {
"application": "incomplete",
"bytes": 74,
"packets": 1
},
Expand Down Expand Up @@ -2885,6 +2896,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"logger": "threat"
},
"network": {
"application": "web-browsing",
"transport": "tcp"
},
"observer": {
Expand Down Expand Up @@ -3330,6 +3342,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"logger": "traffic"
},
"network": {
"application": "protection",
"bytes": 284,
"packets": 1,
"transport": "udp"
Expand Down Expand Up @@ -3623,6 +3636,9 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"level": "Informational",
"logger": "threat"
},
"network": {
"application": "web-browsing"
},
"observer": {
"egress": {
"interface": {
Expand Down

0 comments on commit f4a0959

Please sign in to comment.