From ebe388d1af338737b49c7dfbfb9bd1405ac93b14 Mon Sep 17 00:00:00 2001 From: "sekoia-io-cross-repo-comm-app[bot]" Date: Thu, 2 Nov 2023 08:10:58 +0000 Subject: [PATCH] Refresh intakes documentation --- .../6b8cb346-6605-4240-ac15-3828627ba899.md | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/_shared_content/operations_center/integrations/generated/6b8cb346-6605-4240-ac15-3828627ba899.md b/_shared_content/operations_center/integrations/generated/6b8cb346-6605-4240-ac15-3828627ba899.md index 586a2a9e98..304d382d66 100644 --- a/_shared_content/operations_center/integrations/generated/6b8cb346-6605-4240-ac15-3828627ba899.md +++ b/_shared_content/operations_center/integrations/generated/6b8cb346-6605-4240-ac15-3828627ba899.md @@ -339,6 +339,48 @@ Find below few samples of events and how they are normalized by Sekoia.io. ``` +=== "test_rdp_session.json" + + ```json + + { + "message": "[RDP Session] session_id=\"57a6694d877c413ba502946a03461dd2\" client_ip=\"1.2.3.4\" target_ip=\"5.6.7.8\" user=\"john.doe@example.org\" device=\"HOST0102\" service=\"RDP\" account=\"u10293@platform.example.org\" type=\"KBD_INPUT\" data=\"cusi//si//is\"\n", + "event": { + "action": "KBD_INPUT", + "kind": "event" + }, + "destination": { + "address": "5.6.7.8", + "ip": "5.6.7.8" + }, + "related": { + "ip": [ + "1.2.3.4", + "5.6.7.8" + ], + "user": [ + "john.doe@example.org" + ] + }, + "service": { + "name": "RDP" + }, + "source": { + "address": "1.2.3.4", + "ip": "1.2.3.4" + }, + "user": { + "name": "john.doe@example.org" + }, + "wallix": { + "data": "cusi//si//is", + "type": "KBD_INPUT" + } + } + + ``` + + === "wabaudit_action_add_type_ConnectionPolicy.json" ```json