diff --git a/_shared_content/automate/library/salesforce.md b/_shared_content/automate/library/salesforce.md index f763c0a007..f0e5aea5da 100644 --- a/_shared_content/automate/library/salesforce.md +++ b/_shared_content/automate/library/salesforce.md @@ -14,7 +14,7 @@ Salesforce provides users comprehensive tools to manage customer data, automate ## Triggers -### [BETA] Collect Salesforce events +### Collect Salesforce events Trigger playbook to get Salesforce information diff --git a/_shared_content/automate/library/vade-cloud.md b/_shared_content/automate/library/vade-cloud.md index cda055b842..ab49a26f75 100644 --- a/_shared_content/automate/library/vade-cloud.md +++ b/_shared_content/automate/library/vade-cloud.md @@ -2,8 +2,6 @@ ![Vade Cloud](/assets/playbooks/library/vade-cloud.png){ align=right width=150 } - - ## Configuration | Name | Type | Description | @@ -14,7 +12,7 @@ ## Triggers -### [BETA] Fetch new logs from Vade Cloud +### Fetch new logs from Vade Cloud Get last logs from the Vade Cloud platform diff --git a/_shared_content/operations_center/detection/generated/attack_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.json b/_shared_content/operations_center/detection/generated/attack_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.json index 56abd65ea6..bf94cd884e 100644 --- a/_shared_content/operations_center/detection/generated/attack_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.json +++ b/_shared_content/operations_center/detection/generated/attack_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.json @@ -1 +1 @@ -{"name": "SEKOIA.IO x Citrix NetScaler / ADC [BETA]", "versions": {"attack": "13", "layer": "4.4", "navigator": "4.8.2"}, "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1190", "score": 100, "comment": "Rules: CVE-2020-0688 Microsoft Exchange Server Exploit, CVE-2021-21985 VMware vCenter, CVE-2021-22123 Fortinet FortiWeb OS Command Injection, CVE-2020-1147 SharePoint, CVE-2020-17530 Apache Struts RCE, CVE-2021-20021 SonicWall Unauthenticated Administrator Access, CVE-2018-11776 Apache Struts2, CVE-2021-21972 VMware vCenter, CVE-2021-26855 Exchange SSRF, CVE-2019-0604 SharePoint, CVE-2021-22893 Pulse Connect Secure RCE Vulnerability, CVE-2020-14882 Oracle WebLogic Server"}, {"techniqueID": "T1566", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs, SEKOIA.IO Intelligence Feed, Possible Malicious File Double Extension"}, {"techniqueID": "T1203", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1204", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1204.001", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1204.002", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1071.001", "score": 100, "comment": "Rules: Koadic MSHTML Command, FoggyWeb HTTP Default GET/POST Requests, Detect requests to Konni C2 servers"}, {"techniqueID": "T1071", "score": 100, "comment": "Rules: Koadic MSHTML Command, FoggyWeb HTTP Default GET/POST Requests, SEKOIA.IO Intelligence Feed, Detect requests to Konni C2 servers"}, {"techniqueID": "T1074", "score": 100, "comment": "Rules: CVE-2021-20023 SonicWall Arbitrary File Read"}, {"techniqueID": "T1105", "score": 100, "comment": "Rules: Suspicious URI Used In A Lazarus Campaign"}, {"techniqueID": "T1505.003", "score": 100, "comment": "Rules: ProxyShell Exchange Suspicious Paths"}, {"techniqueID": "T1505", "score": 100, "comment": "Rules: ProxyShell Exchange Suspicious Paths"}, {"techniqueID": "T1588.002", "score": 100, "comment": "Rules: Privilege Escalation Awesome Scripts (PEAS)"}, {"techniqueID": "T1588", "score": 100, "comment": "Rules: Privilege Escalation Awesome Scripts (PEAS)"}, {"techniqueID": "T1136", "score": 100, "comment": "Rules: CVE-2021-20021 SonicWall Unauthenticated Administrator Access"}, {"techniqueID": "T1036.007", "score": 100, "comment": "Rules: Possible Malicious File Double Extension"}, {"techniqueID": "T1036", "score": 100, "comment": "Rules: Possible Malicious File Double Extension"}, {"techniqueID": "T1484", "score": 100, "comment": "Rules: Jumpcloud Policy Modified"}, {"techniqueID": "T1041", "score": 100, "comment": "Rules: SEKOIA.IO Intelligence Feed"}, {"techniqueID": "T1486", "score": 100, "comment": "Rules: RYUK Ransomeware - martinstevens Username"}]} \ No newline at end of file +{"name": "SEKOIA.IO x Citrix NetScaler / ADC", "versions": {"attack": "13", "layer": "4.4", "navigator": "4.8.2"}, "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1190", "score": 100, "comment": "Rules: CVE-2020-0688 Microsoft Exchange Server Exploit, CVE-2021-21985 VMware vCenter, CVE-2021-22123 Fortinet FortiWeb OS Command Injection, CVE-2020-1147 SharePoint, CVE-2020-17530 Apache Struts RCE, CVE-2021-20021 SonicWall Unauthenticated Administrator Access, CVE-2018-11776 Apache Struts2, CVE-2021-21972 VMware vCenter, CVE-2021-26855 Exchange SSRF, CVE-2019-0604 SharePoint, CVE-2021-22893 Pulse Connect Secure RCE Vulnerability, CVE-2020-14882 Oracle WebLogic Server"}, {"techniqueID": "T1566", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs, SEKOIA.IO Intelligence Feed, Possible Malicious File Double Extension"}, {"techniqueID": "T1203", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1204", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1204.001", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1204.002", "score": 100, "comment": "Rules: Download Files From Suspicious TLDs"}, {"techniqueID": "T1071.001", "score": 100, "comment": "Rules: Koadic MSHTML Command, FoggyWeb HTTP Default GET/POST Requests, Detect requests to Konni C2 servers"}, {"techniqueID": "T1071", "score": 100, "comment": "Rules: Koadic MSHTML Command, FoggyWeb HTTP Default GET/POST Requests, SEKOIA.IO Intelligence Feed, Detect requests to Konni C2 servers"}, {"techniqueID": "T1074", "score": 100, "comment": "Rules: CVE-2021-20023 SonicWall Arbitrary File Read"}, {"techniqueID": "T1105", "score": 100, "comment": "Rules: Suspicious URI Used In A Lazarus Campaign"}, {"techniqueID": "T1505.003", "score": 100, "comment": "Rules: ProxyShell Exchange Suspicious Paths"}, {"techniqueID": "T1505", "score": 100, "comment": "Rules: ProxyShell Exchange Suspicious Paths"}, {"techniqueID": "T1588.002", "score": 100, "comment": "Rules: Privilege Escalation Awesome Scripts (PEAS)"}, {"techniqueID": "T1588", "score": 100, "comment": "Rules: Privilege Escalation Awesome Scripts (PEAS)"}, {"techniqueID": "T1136", "score": 100, "comment": "Rules: CVE-2021-20021 SonicWall Unauthenticated Administrator Access"}, {"techniqueID": "T1036.007", "score": 100, "comment": "Rules: Possible Malicious File Double Extension"}, {"techniqueID": "T1036", "score": 100, "comment": "Rules: Possible Malicious File Double Extension"}, {"techniqueID": "T1484", "score": 100, "comment": "Rules: Jumpcloud Policy Modified"}, {"techniqueID": "T1041", "score": 100, "comment": "Rules: SEKOIA.IO Intelligence Feed"}, {"techniqueID": "T1486", "score": 100, "comment": "Rules: RYUK Ransomeware - martinstevens Username"}]} \ No newline at end of file diff --git a/_shared_content/operations_center/detection/generated/suggested_rules_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.md b/_shared_content/operations_center/detection/generated/suggested_rules_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.md index 0d62f17903..ab7397c527 100644 --- a/_shared_content/operations_center/detection/generated/suggested_rules_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.md +++ b/_shared_content/operations_center/detection/generated/suggested_rules_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.md @@ -1,8 +1,8 @@ ## Related Built-in Rules -The following Sekoia.io built-in rules match the intake **Citrix NetScaler / ADC [BETA]**. This documentation is updated automatically and is based solely on the fields used by the intake which are checked against our rules. This means that some rules will be listed but might not be relevant with the intake. +The following Sekoia.io built-in rules match the intake **Citrix NetScaler / ADC**. This documentation is updated automatically and is based solely on the fields used by the intake which are checked against our rules. This means that some rules will be listed but might not be relevant with the intake. -[SEKOIA.IO x Citrix NetScaler / ADC [BETA] on ATT&CK Navigator](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2FSEKOIA-IO%2Fdocumentation%2Fmain%2F_shared_content%2Foperations_center%2Fdetection%2Fgenerated%2Fattack_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.json){ .md-button } +[SEKOIA.IO x Citrix NetScaler / ADC on ATT&CK Navigator](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2FSEKOIA-IO%2Fdocumentation%2Fmain%2F_shared_content%2Foperations_center%2Fdetection%2Fgenerated%2Fattack_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.json){ .md-button } ??? abstract "CVE-2018-11776 Apache Struts2" Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md index 1c9c84788e..dfff372abe 100644 --- a/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/aws/aws_guardduty.md @@ -5,9 +5,6 @@ type: intake ## Overview AWS GuardDuty is a service that detects potential security issues within your network. -!!! warning - Important note - This format is currently in beta. We highly value your feedback to improve its performance. - {!_shared_content/operations_center/detection/generated/suggested_rules_3e060900-4004-4754-a597-d2944a601930_do_not_edit_manually.md!} {!_shared_content/operations_center/integrations/generated/3e060900-4004-4754-a597-d2944a601930.md!} diff --git a/docs/xdr/features/collect/integrations/endpoint/crowdstrike_telemetry.md b/docs/xdr/features/collect/integrations/endpoint/crowdstrike_falcon_telemetry.md similarity index 93% rename from docs/xdr/features/collect/integrations/endpoint/crowdstrike_telemetry.md rename to docs/xdr/features/collect/integrations/endpoint/crowdstrike_falcon_telemetry.md index 24b274aac8..9b60e8a94e 100644 --- a/docs/xdr/features/collect/integrations/endpoint/crowdstrike_telemetry.md +++ b/docs/xdr/features/collect/integrations/endpoint/crowdstrike_falcon_telemetry.md @@ -1,5 +1,5 @@ uuid: 10999b99-9a8d-4b92-9fbd-01e3fac01cd5 -name: CrowdStrike Telemetry +name: CrowdStrike Falcon Telemetry type: intake ## Overview @@ -34,7 +34,7 @@ To set up the integration: ### Create the intake -Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `CrowdStrike Telemetry`. Copy the intake key. +Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `CrowdStrike Falcon Telemetry`. Copy the intake key. ### Pull events diff --git a/docs/xdr/features/collect/integrations/network/citrix_adc.md b/docs/xdr/features/collect/integrations/network/citrix_netscaler_adc.md similarity index 86% rename from docs/xdr/features/collect/integrations/network/citrix_adc.md rename to docs/xdr/features/collect/integrations/network/citrix_netscaler_adc.md index 8e699d51a0..aaa02de321 100644 --- a/docs/xdr/features/collect/integrations/network/citrix_adc.md +++ b/docs/xdr/features/collect/integrations/network/citrix_netscaler_adc.md @@ -1,13 +1,10 @@ uuid: 02a74ceb-a9b0-467c-97d1-588319e39d71 -name: Citrix ADC +name: Citrix NetScaler / ADC type: intake ## Overview -Citrix ADC (formely Citrix NetScaler) is a delivery controller and load-balancing tool that offers enhanced security and application performance. - -!!! warning - Important note - This format is currently in beta. We highly value your feedback to improve its performance. +Citrix NetScaler / ADC (formely Citrix NetScaler) is a delivery controller and load-balancing tool that offers enhanced security and application performance. {!_shared_content/operations_center/detection/generated/suggested_rules_02a74ceb-a9b0-467c-97d1-588319e39d71_do_not_edit_manually.md!} diff --git a/docs/xdr/features/collect/integrations/network/varonis_data_security.md b/docs/xdr/features/collect/integrations/network/varonis_data_security.md index bbf7c7cf20..33a8c2eed9 100644 --- a/docs/xdr/features/collect/integrations/network/varonis_data_security.md +++ b/docs/xdr/features/collect/integrations/network/varonis_data_security.md @@ -6,10 +6,6 @@ type: intake Varonis offers solutions to track and protect data. - -!!! warning - Important note - This format is currently in beta. We highly value your feedback to improve its performance. - {!_shared_content/operations_center/detection/generated/suggested_rules_7b75d498-4a65-4d44-aa81-31090d723a60_do_not_edit_manually.md!} {!_shared_content/operations_center/integrations/generated/7b75d498-4a65-4d44-aa81-31090d723a60.md!} diff --git a/mkdocs.yml b/mkdocs.yml index 8b5a488ae6..5b77d60c3c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -151,7 +151,7 @@ nav: - Auditbeat Linux: xdr/features/collect/integrations/endpoint/auditbeat_linux.md - Winlogbeat: xdr/features/collect/integrations/endpoint/winlogbeat.md - CrowdStrike Falcon: xdr/features/collect/integrations/endpoint/crowdstrike_falcon.md - - CrowdStrike Telemetry: xdr/features/collect/integrations/endpoint/crowdstrike_telemetry.md + - CrowdStrike Falcon Telemetry: xdr/features/collect/integrations/endpoint/crowdstrike_falcon_telemetry.md - Cybereason MalOp: xdr/features/collect/integrations/endpoint/cybereason_malop.md - Cybereason MalOp activity: xdr/features/collect/integrations/endpoint/cybereason_malop_activity.md - Darktrace Threat Visualizer: xdr/features/collect/integrations/endpoint/darktrace_threat_visualizer.md @@ -188,7 +188,7 @@ nav: - Cisco Identity Services Engine (ISE): xdr/features/collect/integrations/network/cisco/cisco_identity_services_engine_ise.md - Cisco NX-OS: xdr/features/collect/integrations/network/cisco/cisco_nx_os.md - Cisco Meraki MX: xdr/features/collect/integrations/network/cisco/cisco_meraki_mx.md - - Citrix ADC: xdr/features/collect/integrations/network/citrix_adc.md + - Citrix Netscaler / ADC: xdr/features/collect/integrations/network/citrix_netscaler_adc.md - Gatewatcher AionIQ: xdr/features/collect/integrations/network/gatewatcher_aioniq.md - F5 BIG-IP: xdr/features/collect/integrations/network/f5-big-ip.md - Forcepoint Secure Web Gateway: xdr/features/collect/integrations/network/forcepoint_web_gateway.md