diff --git a/_shared_content/operations_center/integrations/generated/903ec1b8-f206-4ba5-8563-db21da09cafd.md b/_shared_content/operations_center/integrations/generated/903ec1b8-f206-4ba5-8563-db21da09cafd.md index 9047f008a3..2a0462d0d3 100644 --- a/_shared_content/operations_center/integrations/generated/903ec1b8-f206-4ba5-8563-db21da09cafd.md +++ b/_shared_content/operations_center/integrations/generated/903ec1b8-f206-4ba5-8563-db21da09cafd.md @@ -432,13 +432,13 @@ Find below few samples of events and how they are normalized by Sekoia.io. ```json { - "message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domain\\pusername,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,15,tcp,allow,2346,1974,372,9,90,16,30,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,", + "message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domain\\pusername,userdest,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,15,tcp,allow,2346,1974,372,9,90,16,30,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,", "event": { "category": [ "network" ], "dataset": "traffic", - "duration": 30, + "duration": 16, "kind": "event", "type": [ "end" @@ -446,30 +446,32 @@ Find below few samples of events and how they are normalized by Sekoia.io. }, "@timestamp": "2023-06-16T10:41:44Z", "action": { - "name": "2346", + "name": "allow", "outcome": "success", "type": "end" }, "destination": { "address": "5.6.7.8", - "bytes": 9, + "bytes": 372, "ip": "5.6.7.8", "nat": { "ip": "0.0.0.0", - "port": 15 + "port": 0 }, - "port": 0, + "packets": 3, + "port": 5985, "user": { - "name": "windows-remote-management" + "name": "userdest" } }, "log": { "logger": "traffic" }, "network": { - "bytes": 1974, - "packets": 90, - "transport": "allow" + "application": "windows-remote-management", + "bytes": 2346, + "packets": 9, + "transport": "tcp" }, "observer": { "product": "PAN-OS", @@ -477,7 +479,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. }, "paloalto": { "Threat_ContentType": "end", - "VirtualLocation": "PDT_STD" + "VirtualLocation": "vsys1" }, "related": { "ip": [ @@ -487,7 +489,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. ], "user": [ "domain\\pusername", - "windows-remote-management" + "userdest" ] }, "rule": { @@ -495,14 +497,14 @@ Find below few samples of events and how they are normalized by Sekoia.io. }, "source": { "address": "1.2.3.4", - "bytes": 372, + "bytes": 1974, "ip": "1.2.3.4", "nat": { "ip": "0.0.0.0", "port": 0 }, - "packets": 3, - "port": 5985, + "packets": 6, + "port": 51413, "user": { "name": "domain\\pusername" } @@ -520,12 +522,13 @@ Find below few samples of events and how they are normalized by Sekoia.io. ```json { - "message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domainusername,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,0x1c,tcp,allow,2346,1974,372,9,2023/06/16 10:41:26,16,not-resolved,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,", + "message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domainusername,destuser,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,0x1c,tcp,allow,2346,1974,372,9,2023/06/16 10:41:26,16,not-resolved,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,", "event": { "category": [ "network" ], "dataset": "traffic", + "duration": 16, "kind": "event", "type": [ "end" @@ -533,28 +536,32 @@ Find below few samples of events and how they are normalized by Sekoia.io. }, "@timestamp": "2023-06-16T10:41:44Z", "action": { - "name": "2346", + "name": "allow", "outcome": "success", "type": "end" }, "destination": { "address": "5.6.7.8", - "bytes": 9, + "bytes": 372, "ip": "5.6.7.8", "nat": { - "ip": "0.0.0.0" + "ip": "0.0.0.0", + "port": 0 }, - "port": 0, + "packets": 3, + "port": 5985, "user": { - "name": "windows-remote-management" + "name": "destuser" } }, "log": { "logger": "traffic" }, "network": { - "bytes": 1974, - "transport": "allow" + "application": "windows-remote-management", + "bytes": 2346, + "packets": 9, + "transport": "tcp" }, "observer": { "product": "PAN-OS", @@ -562,7 +569,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. }, "paloalto": { "Threat_ContentType": "end", - "VirtualLocation": "PDT_STD" + "VirtualLocation": "vsys1" }, "related": { "ip": [ @@ -571,8 +578,8 @@ Find below few samples of events and how they are normalized by Sekoia.io. "5.6.7.8" ], "user": [ - "domainusername", - "windows-remote-management" + "destuser", + "domainusername" ] }, "rule": { @@ -580,14 +587,14 @@ Find below few samples of events and how they are normalized by Sekoia.io. }, "source": { "address": "1.2.3.4", - "bytes": 372, + "bytes": 1974, "ip": "1.2.3.4", "nat": { "ip": "0.0.0.0", "port": 0 }, - "packets": 3, - "port": 5985, + "packets": 6, + "port": 51413, "user": { "name": "domainusername" } @@ -934,6 +941,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. "logger": "traffic" }, "network": { + "application": "ping", "bytes": 222, "packets": 3, "transport": "icmp" @@ -1227,6 +1235,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. "logger": "traffic" }, "network": { + "application": "web-browsing", "bytes": 800, "packets": 2, "transport": "tcp" @@ -2293,6 +2302,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. "logger": "traffic" }, "network": { + "application": "incomplete", "bytes": 74, "packets": 1 }, @@ -2383,6 +2393,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. "logger": "traffic" }, "network": { + "application": "incomplete", "bytes": 74, "packets": 1 }, @@ -2885,6 +2896,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. "logger": "threat" }, "network": { + "application": "web-browsing", "transport": "tcp" }, "observer": { @@ -3330,6 +3342,7 @@ Find below few samples of events and how they are normalized by Sekoia.io. "logger": "traffic" }, "network": { + "application": "protection", "bytes": 284, "packets": 1, "transport": "udp" @@ -3623,6 +3636,9 @@ Find below few samples of events and how they are normalized by Sekoia.io. "level": "Informational", "logger": "threat" }, + "network": { + "application": "web-browsing" + }, "observer": { "egress": { "interface": {