Skip to content

Commit

Permalink
Merge pull request #2118 from SEKOIA-IO/update/doc-playbook2connector
Browse files Browse the repository at this point in the history
update doc with intake info instead of playbook info
  • Loading branch information
rombernier authored Dec 4, 2024
2 parents 0b41d13 + ace049e commit fc90017
Show file tree
Hide file tree
Showing 46 changed files with 94 additions and 533 deletions.
12 changes: 3 additions & 9 deletions _shared_content/operations_center/integrations/google_cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,10 @@ You should now have:

To pull events, you have to:

1. Go to [the playbooks' page](https://app.sekoia.io/operations/playbooks)
2. Click on `+New playbook` to create a new playbook
3. Select `Use a template` when creating a playbook
4. Search for `Google Cloud` then select `Forward Google Pubsub records to Sekoia.io`
1. Go to [the intake's page](https://app.sekoia.io/intakes)
2. Click on `+New intakes` to create a new intake

This playbook consumes records from Google Pubsub and pushes them to Sekoia.io.

You can also create your own on the same basis by using the "Google Pub/Sub" trigger (`Connect to the specified`)

- Use the JSON keys (*service account credentials*) information downloaded to complete the fields on the trigger
This intake consumes records from Google Pubsub and pushes them to Sekoia.io.

**Fields description**

Expand Down
18 changes: 0 additions & 18 deletions docs/integration/categories/applicative/1password_epm.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,19 +47,6 @@ Go to your Sekoia.io [Intakes page](https://app.sekoia.io/operations/intakes), a
1. Click on **+ Intake** button to create a new one
2. Choose **1Password EPM**, give it a name and choose the relevant Entity
3. Click on **Create** button
4. Copy the **Intake key**

!!! Note
Save the `Intake key` on a block note. It will be used in the next step.

### Pull the logs to collect them on Sekoia.io

Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:

1. Click on **+ PLAYBOOK** button to create a new one
2. Select **Use a template**
3. Search for `1Password` keyword on the search bar and select the template named `Fetch new events from 1Password EPM`
4. Create a **Module configuration** using
- API token from `How to create an API token` step.
- Base URL depending by the server that hosts your 1Password account:

Expand All @@ -69,11 +56,6 @@ Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks),
| 1Password.ca | https://events.1password.ca |
| 1Password.eu | https://events.1password.eu |

Name the module configuration as you wish

5. Create a **Trigger configuration** using `Intake key` created on the previous step
6. Click on the **Save** button
7. Toggle **Activate the playbook** on the top right corner of the page

#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)

Expand Down
9 changes: 2 additions & 7 deletions docs/integration/categories/applicative/azure_files.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,15 +52,10 @@ This setup guide describe how to forward events produced by `Azure Files` to Sek

### Create the intake in Sekoia.io

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Azure Files`. Copy the intake key.
Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Azure Files`.

### Pull events
Set up the intake configuration with the EventHub's `Connection string-primary key`, the hub name, the consumer group, the storage's `Connection string-primary key` and the container name.

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/features/automate/library/microsoft-azure.md#consume-eventhub-messages)
2. Set up the trigger configuration with the EventHub's `Connection string-primary key`, the hub name, the consumer group, the storage's `Connection string-primary key` and the container name.
3. Start the playbook and enjoy your events

{!_shared_content/operations_center/integrations/generated/70c5c3db-fae8-4825-8d8b-08d6315e1ef6_sample.md!}

Expand Down
18 changes: 1 addition & 17 deletions docs/integration/categories/applicative/fastly_audit_waf.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,25 +32,9 @@ Fastly WAF audit logs tracks activities related to your corp and your sites like
#### Create your intake

1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Fastly Audit`.
2. Copy the associated Intake key
2. Enter `User's email`, `API token`, `Corporation name` and `Site name` (if needed) from the Fastly WAF dashboard

#### Pull the logs to collect them on Sekoia.io

Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:

1. Click **+ PLAYBOOK** button to create a new one
2. Select **Create a playbook from scratch**
3. Give it a name in the field **Name**
4. Open the left panel, click **Fastly** then select the trigger `Fetch new audit logs from Fastly WAF`
5. Click **Create**

6. Create a **Module configuration**. Name the module configuration as you wish.
7. Create a **Trigger configuration** using:
7.1. Type the `Intake key` created on the previous step
7.2 Enter `User's email`, `API token`, `Corporation name` and `Site name` (if needed) from the Fastly WAF dashboard

- Click the **Save** button
- **Activate the playbook** with the toggle button in the top right corner of the page

#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)

Expand Down
11 changes: 2 additions & 9 deletions docs/integration/categories/applicative/github_audit_logs.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,15 +83,8 @@ To create an API key on [Github](https://github.com/):

### Create the intake in Sekoia.io

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Github audit logs`. Copy the intake key.

### Pull events

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new audit logs from Github](/integration/action_library/github.md) trigger
2. Set up the module configuration with the Github organization and the APIkey. Set up the trigger configuration with the intake key
3. Start the playbook and enjoy your events
1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Github audit logs`.
2. Edit the intake configuration with the Github organization and the APIkey.

{!_shared_content/operations_center/integrations/generated/80de6ccb-7246-40de-bcbb-bc830118c1f9_sample.md!}

Expand Down
25 changes: 1 addition & 24 deletions docs/integration/categories/applicative/google_cloud_audit.md
Original file line number Diff line number Diff line change
Expand Up @@ -163,33 +163,10 @@ Go to your Sekoia.io [Intakes page](https://app.sekoia.io/operations/intakes), a
1. Click on **+ Intake** button to create a new one
2. Choose **Google Cloud Audit Logs**, give it a name and choose the relevant Entity
3. Click on **Create** button
4. Copy the **Intake key** of this Google Intake.

!!! Note
Save the `Intake key` on a block note. It will be used in the next step.

#### Pull the logs to collect them on Sekoia.io

Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:

- Click on **+ PLAYBOOK** button to create a new one
- Select **Use a template**
- Search for `Google` keywork on the search bar and select the template named `Forward Google Pubsub records to Sekoia.io`

![google-playbook-template](/assets/integration/cloud_and_saas/google/google-template.PNG){: style="max-width:100%"}

- Create a **Module configuration** using your service account credentials from your Google Cloud environment extracted on a JSON file. Name the module configuration as you wish

![template-playbook-configuration](/assets/integration/cloud_and_saas/google/template-configuration.png ){: style="max-width:100%"}

- Create a **Trigger configuration** using:

* `Intake key` created on the previous
4. Configure your intake with
* The project ID
* The suject ID that is `sekoia-gca-subscription`

- Click on the **Save** button
- **Activate the playbook** with the toggle button on the top right corner of the page

#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)

Expand Down
22 changes: 1 addition & 21 deletions docs/integration/categories/applicative/google_reports.md
Original file line number Diff line number Diff line change
Expand Up @@ -126,33 +126,13 @@ Find more information on the [official google documentation](https://cloud.googl
### Create your intake

1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Google Report`.
2. Copy the associated Intake key

### Pull the logs to collect them on Sekoia.io

Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:

- Click on **+ PLAYBOOK** button to create a new one
- Select **Create a playbook from scratch**
- Give it a name in the field **Name**
- Open the left panel, click **Google** then select the trigger `Get user activities`
- Click on **Create**

- Create a **Module configuration** using your service account credentials from your Google Cloud environment extracted on a JSON file. Name the module configuration as you wish


- Create a **Trigger configuration** using:

* Type the `Intake key` created on the previous
2. Edit the intake configuration with the following attribut:
* Select the `application name` what you to fetch events from
* Type the `an Google workspace admin email`.

!!! Important
This Google workspace admin email is any user part of the domain **that has** the right to view de Data of Google Workspace

- Click on the **Save** button
- **Activate the playbook** with the toggle button on the top right corner of the page

### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)


Expand Down
10 changes: 2 additions & 8 deletions docs/integration/categories/applicative/salesforce.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,15 +54,9 @@ This setup guide will show you how to provide an integration between Salesforce

### Create an intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Salesforce. Copy the intake key.
1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Salesforce.
2. Set up the intake configuration with the consumer key and consumer secret.

### Pull events

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Salesforce](/integration/action_library/salesforce.md) trigger
2. Set up the module configuration with the consumer key and consumer secret. Set up the trigger configuration with the intake key
3. Start the playbook and enjoy your events

!!! note

Expand Down
14 changes: 1 addition & 13 deletions docs/integration/categories/email/o365.md
Original file line number Diff line number Diff line change
Expand Up @@ -90,19 +90,7 @@ Go to your Sekoia.io [Intakes page](https://app.sekoia.io/operations/intakes), a

1. Click `+ Intake` button to create a new one
2. Choose `Microsoft 365/Office 365`, give it a name and choose the relevant Entity
3. Click `Manually` then click `Create`
4. Copy the `intake key`

#### Create your playbook

Go to your Sekoia.io [playbooks page](https://app.sekoia.io/operations/playbooks), and follow these steps:

1. Click on `+New playbook` to create a new playbook
2. Select `Create a playbook from scratch` when creating a playbook
3. Give it a `Name` and a `Description`
4. During the step "Choose a trigger", search for `Office 365` then select `Office 365 Management API`. The playbook details interface will open and will contain only one module named `Office 365 Management API`
6. Click on the module, and configure it by clicking on the "Configuration" tab on the right panel using the `client id`, the `client secret`, the `intake key` (from the previous step) and `tenant id`
8. Save the playbook and start it
3. Edit the intake configuration using the `client id`, the `client secret` and `tenant id`

!!! Important
Once the integration is created on Sekoia.io, it may take up to 12 hours for the Microsoft API to make data available for the first time.
Expand Down
9 changes: 2 additions & 7 deletions docs/integration/categories/email/proofpoint_pod.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,8 @@ To create an APIKey, from our dashboard:

### Create the intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Proofpoint PoD`.

### Pull events

Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint PoD connector](/integration/action_library/proofpoint.md#get-proofpoint-pod-events).

Set up the trigger configuration with the api key, the cluster id and the intake key. Customize others parameters if needed.
1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Proofpoint PoD`.
2. Set up the intake configuration with the api key and the cluster id.

Start the playbook and enjoy your events.

Expand Down
9 changes: 2 additions & 7 deletions docs/integration/categories/email/proofpoint_tap.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,8 @@ As a prerequisite, you need to create a service principal and a secret on the se

### Create the intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Proofpoint TAP`.

### Pull events

Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint TAP connector](/integration/action_library/proofpoint.md#get-proofpoint-tap-events).

Set up the trigger configuration with the service principal, the secret and the intake key. Customize others parameters if needed.
1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Proofpoint TAP`.
2. Set up the intake configuration with the service principal and the secret.

Start the playbook and enjoy your events.

Expand Down
19 changes: 1 addition & 18 deletions docs/integration/categories/email/trend_micro_email_security.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,21 +32,8 @@ Trend Micro Email Security is a robust email protection solution that safeguards
### Create your intake

1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Trend Micro Email Security`.
2. Copy the associated Intake key
2. Edit the intake configuration using your `Service URL`, `Username` and `Login ID`. All three are required.

### Pull the logs to collect them on Sekoia.io

Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:

1. Click on **+ PLAYBOOK** button to create a new one
2. Select **Create a playbook from scratch**
3. Give it a name in the field **Name**
4. Open the left panel, click **Trend Micro Email Security** then select the trigger `Fetch new logs`
5. Click on **Create**

6. Create a **Trigger configuration** using your `Service URL`, `Username`, `API key` and `Intake key`. All four are required.

* `API key` is created on the first step
* `username` is your `Login ID` entered during account creating
* The value of `service URL` varies according to your location:

Expand All @@ -59,10 +46,6 @@ Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks),
| Singapore | api.tmes-sg.trendmicro.com |
| India | api.tmes-in.trendmicro.com |

* Type the `Intake key` created on the previous step

7. Click on the **Save** button
8. **Activate the playbook** with the toggle button in the top right corner of the page

### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)

Expand Down
13 changes: 2 additions & 11 deletions docs/integration/categories/email/vade_cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,22 +18,13 @@ In this documentation we will explain how to collect and send Vade Cloud logs to

### Create the intake in Sekoia.io

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Vade Cloud`. Copy the **intake key**.

### Pull events

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the `Fetch new logs from Vade Cloud` trigger
2. Set up the module configuration with the:
1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Vade Cloud`.
2. Set up the intake configuration with the:

- Vade Cloud API hostname: the URL of your admin interface of Vade Cloud. Most of the time this is `https://cloud.vadesecure.com`; TO BE ADAPTED depending on your context.
- The email of the user: the login you use to connect to the admin interface of Vade Cloud. The account type **MUST** be "Admin".
- The user password: the password you use to connect to the admin interface of Vade Cloud.

3. Set up the trigger configuration with the **intake key** from the previous step.
4. Start the playbook and enjoy your events

!!! Info
Please make sure that the login is your account email.

Expand Down
12 changes: 2 additions & 10 deletions docs/integration/categories/endpoint/checkpoint_harmony_mobile.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,16 +35,8 @@ Check Point Harmony Mobile is the industry's first unified security solution for

### Create the intake

To create the intake, go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Check Point Harmony Mobile`.

### Pull events

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Check Point Harmony Mobile](/integration/action_library/check-point.md) trigger
2. Set up the module configuration with the Client ID, Client Secret and Authentication URL.
3. Set up the trigger configuration with the intake key
4. Start the playbook and enjoy your events
1. To create the intake, go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Check Point Harmony Mobile`.
2. Set up the intake configuration with the Client ID, Client Secret and Authentication URL.

{!_shared_content/operations_center/integrations/generated/ff53e0db-059b-4e16-ba90-8c4dbf5cee35_sample.md!}

Expand Down
12 changes: 2 additions & 10 deletions docs/integration/categories/endpoint/crowdstrike_falcon.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,8 @@ To collect `Vertex`, please contact Crowdstrike Support to activate the Threat G

### Create the intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `CrowdStrike Falcon`. Copy the intake key.


### Pull events

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch CrowdStrike Falcon Events](/integration/action_library/crowdstrike-falcon.md) trigger
2. Set up the module configuration with the base URL of the API (e.g. https://api.eu-1.crowdstrike.com), your client id and your client secret. Set up the trigger configuration with the intake key.
3. Start the playbook and enjoy your events
1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `CrowdStrike Falcon`.
2. Set up the intake configuration with the base URL of the API (e.g. https://api.eu-1.crowdstrike.com), your client id and your client secret.

{!_shared_content/operations_center/integrations/generated/22f2afd2-c858-443d-8e06-7b335e439c29_sample.md!}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,16 +40,8 @@ To set up the integration:

### Create the intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `CrowdStrike Falcon Telemetry`. Copy the intake key.


### Pull events

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from CrowdStrike Data replication](/integration/action_library/crowdstrike.md) trigger
2. Set up the module configuration with your client id, the client secret and the region. Set up the trigger configuration with the intake key and the queue name.
3. Start the playbook and enjoy your events
1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `CrowdStrike Falcon Telemetry`.
2. Set up the intake configuration with your client id, the client secret, the region and the queue name.

{!_shared_content/operations_center/integrations/generated/10999b99-9a8d-4b92-9fbd-01e3fac01cd5_sample.md!}

Expand Down
Loading

0 comments on commit fc90017

Please sign in to comment.