fix(broken-links-2): fix links and add icon? to gitignore

.gitignore

@@ -21,4 +21,5 @@ src/sekoiaio.scss
 docs/getting_started/inactive_users
 .DS_Store
 *.pyc
-node_modules/
+node_modules/
+Icon?

_shared_content/automate/actions.md

@@ -96,12 +96,12 @@ These helpers need their associated trigger to function properly:
 
 ## Third-party applications
 
-- [Microsoft Entra ID (Azure AD) ](library/entra-id.md)
+- [Microsoft Entra ID (Azure AD) ](library/microsoft-entra-id.md)
 - [Microsoft Remote Server](library/microsoft-remote-server.md)
 - [Fortigate Firewalls](library/fortigate-firewalls.md)
 - [HarfangLab](library/harfanglab.md)
 - [Panda Security](library/panda-security.md)
-- [Sentinel One](library/sentinel-one.md)
+- [Sentinel One](library/sentinelone.md)
 - [ServiceNow](library/servicenow.md)
 
 More actions are available in the Actions Library. To learn how to set up an action, please refer to its documentation.

_shared_content/intelligence_center/consume/telemetry.md

@@ -87,7 +87,7 @@ The telemetry data provides a valuable resource to scrutinize the observable's h
 
 In this case, the telemetry heatmap serves as a dynamic timeline, allowing security analysts to efficiently assess the observable's credibility.
 
-Since you can import external IOCs to the platform by using the [IOC collections](_shared_content/intelligence_center/consume/ioccollections.md) feature, it's possible to generate a `telemetry report` to help verify the viability of the imported IOCs. 
+Since you can import external IOCs to the platform by using the [IOC collections](/xdr/features/detect/ioccollections) feature, it's possible to generate a `telemetry report` to help verify the viability of the imported IOCs. 
 
 !!! Warning
     The generated telemetry report contains the associated observable telemetry, not the threat telemetry. This telemetry is calculated based on the occurence of a value, not a threat ID. 

docs/getting_started/index.md

@@ -11,7 +11,7 @@ On this website, you’ll find the documentation for the three award-winning pro
 
 In addition to a web interface, Sekoia.io provides **REST/API** for external apps for almost all of its features, and it’s free!
 
-This documentation platform is made to guide you through the different features and use cases of the app, but also to answer all of your questions. It’s open-source and it’s a work in progress, so don’t hesitate to contribute and enhance its content using this [public repo](https://github.com/Sekoia.io/documentation).
+This documentation platform is made to guide you through the different features and use cases of the app, but also to answer all of your questions. It’s open-source and it’s a work in progress, so don’t hesitate to contribute and enhance its content using this [public repo](https://github.com/SEKOIA-IO/documentation).
 
 If you are interested in our products, contact us to plan a demo by filling out [this form](https://www.sekoia.io/en/contact/).
 

docs/getting_started/manage_users.md

@@ -2,21 +2,13 @@
 
 ## Overview
 
-Admins and users with the right permissions are able to add users with a role.
-
 A role has attached permissions allowing a user to access, view pages and use its features.
 
 In the following sections, you will learn how to manage your users.
 
 ## Needed role and permissions
 
-To manage users in a community, you need to have the role `manage_member`. This role contains the following permissions: 
-
-| Permission | Description |
-| --- | --- |
-| COMMUNITY_ADD_MEMBER | Adds new members to the community |
-| COMMUNITY_LIST_MEMBER | Lists all members in a community |
-| COMMUNITY_REMOVE_MEMBER | Removes members from a community |
+To manage users in a community, you need to be an Administrator of the community.
 
 ## Detailed page of a user
 
@@ -77,5 +69,3 @@ To create custom roles for your guests, you’ll have to:
 
 Permissions can be different depending on your job position at your company.
 There are three main categories to all of these permissions: `Admin`, `Manage` or `View`.
-
-In the [next page](roles_permissions.md), you’ll have a look at all our permissions depending on which product you are subscribed to.

docs/getting_started/sso/azure.md

@@ -5,7 +5,7 @@ In order to configure Azure with Sekoia.io, the following steps must be done:
 1. Verify that the user that will connect have a complete profile. To authenticate, the profile must have the following information: email address, first name, last name and full name
 2. Create a new application on Azure
 3. Connect to Sekoia.io, add a new domain that belongs to your community and wait for its validation
-4. Configure OpenID Connect in Sekoia.io (see associated documentation [Single Sign-On With OpenID Connect](../SSO_openid_connect.md))
+4. Configure OpenID Connect in Sekoia.io (see associated documentation [Single Sign-On With OpenID Connect](/getting_started/sso/openid_connect))
 
 ## Create a Microsoft Entra ID (Azure AD)  app registration
 

docs/getting_started/sso/okta.md

@@ -4,7 +4,7 @@ In order to configure Okta with Sekoia.io, the following steps must be done:
 
 1. Create a new application in your Okta admin console
 2. Connect to Sekoia.io and add a new domain that belongs to your community and wait for its validation.
-3. Configure OpenID Connect in Sekoia.io. (see associated documentation [Single Sign-On With OpenID Connect](../SSO_openid_connect.md))
+3. Configure OpenID Connect in Sekoia.io. (see associated documentation [Single Sign-On With OpenID Connect](/getting_started/sso/openid_connect))
 
 
 ## Create a new application in Okta

docs/xdr/features/collect/ingestion_methods/https/logstash.md

@@ -6,7 +6,7 @@ To push logs, you have to configure some filters in Logstash that will add the p
 
 ## Example
 
-In the following example, we have multiple inputs to handle logs collected via Syslog (Apache HTTP Server and NGINX logs) and via [Beats (Winlogbeat)](../integrations/endpoint/winlogbeat.md) and forward them to Sekoia.io. 
+In the following example, we have multiple inputs to handle logs collected via Syslog (Apache HTTP Server and NGINX logs) and via [Beats (Winlogbeat)](/xdr/features/collect/integrations/endpoint/winlogbeat.md) and forward them to Sekoia.io. 
 
 In order to filter events effectively, Logstash uses tags as a key component. To ensure proper functionality, make sure to update the intake key value by editing the placeholder `CHANGE_ME_INTAKE_KEY` mentioned below. Additionally, you have the flexibility to incorporate multiple filters within the `filter` section as per your requirements.
 

docs/xdr/features/collect/integrations/cloud_and_saas/azure/azure_files.md

@@ -60,6 +60,6 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n
 
 To start to pull events, you have to:
 
-1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](../../../../../automate/library/microsoft-azure.md#consume-eventhub-messages)
+1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/feature/automate/library/microsoft-azure.md#consume-eventhub-messages)
 2. Set up the trigger configuration with the EventHub's `Connection string-primary key`, the hub name, the consumer group, the storage's `Connection string-primary key` and the container name.
 3. Start the playbook and enjoy your events

docs/xdr/features/collect/integrations/cloud_and_saas/azure/azure_front_door.md

@@ -32,7 +32,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n
 
 ### Pull events
 
-Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](../../../../..automate/library/microsoft-azure.md#consume-eventhub-messages). 
+Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/features/automate/library/microsoft-azure.md#consume-eventhub-messages). 
 
 Set up the trigger configuration with the EventHub's `Connection string-primary key`, the hub name, the consumer group, the storage's `Connection string-primary key` and the container name.
 

docs/xdr/features/collect/integrations/cloud_and_saas/cato_sase.md

@@ -39,7 +39,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n
 
 To start to pull events, you have to:
 
-1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Cato SASE](../../../automate/library/cato_sase.md) trigger
+1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Cato SASE](/xdr/features/automate/library/cato-networks.md) trigger
 2. Set up the module configuration with the Api Key and Account Id. Set up the trigger configuration with the intake key
 3. Start the playbook and enjoy your events
 

docs/xdr/features/collect/integrations/cloud_and_saas/netskope/netskope_events.md

@@ -43,7 +43,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n
 
 To start to pull events, you have to:
 
-1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from Netskope](../../../automate/library/netskope.md) trigger
+1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from Netskope](/xdr/features/automate/library/netskope.md) trigger
 2. Set up the module configuration with the base URL of your Netskope instance. Set up the trigger configuration with the API token and the intake key
 3. Start the playbook and enjoy your events
 

docs/xdr/features/collect/integrations/endpoint/crowdstrike_falcon.md

@@ -57,6 +57,6 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n
 
 To start to pull events, you have to:
 
-1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch CrowdStrike Falcon Events](../../../automate/library/crowdstrike_falcon.md) trigger
+1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch CrowdStrike Falcon Events](/xdr/features/automate/library/crowdstrike-falcon.md) trigger
 2. Set up the module configuration with the base URL of the API (e.g. https://api.eu-1.crowdstrike.com), your client id and your client secret. Set up the trigger configuration with the intake key.
 3. Start the playbook and enjoy your events

docs/xdr/features/collect/integrations/endpoint/linux.md

@@ -19,5 +19,5 @@ Linux is a family of free and open-source software operating systems built aroun
     - [Sentinel One](sentinelone.md)
     - [Sophos EDR](sophos_edr.md)
     - [Tehtris](tehtris_edr.md)
-    - [Trend Micro Deep Security](trend_micro_deep_security.md)
+    - [Trend Micro Deep Security](trend_micro/trend_micro_deep_security.md)
 

docs/xdr/features/collect/integrations/endpoint/sentinelone.md

@@ -41,7 +41,7 @@ This setup guide will show you how to pull events produced by SentinelOne EDR on
 4. Select `Create User` and copy the generated API token.
 
 !!! note
-    A `Service User` with the `Site Admin` or `IR Team` role can mitigate threats from [Sekoia.io](https://app.sekoia.io/) using [SentinelOne playbook actions](../../../automate/library/sentinel-one.md). A user with the `Site Viewer` role can view activity events and threats but cannot take action.
+    A `Service User` with the `Site Admin` or `IR Team` role can mitigate threats from [Sekoia.io](https://app.sekoia.io/) using [SentinelOne playbook actions](/xdr/features/automate/library/sentinelone.md). A user with the `Site Viewer` role can view activity events and threats but cannot take action.
 
 ## Create a SentinelOne intake
 

docs/xdr/features/detect/rules_catalog.md

@@ -159,7 +159,7 @@ If you choose `All communities`, your rule will be available for all your commun
   This is the detection logic itself. It varies according to the selected rule type.
 
 !!! note 
-    Fields available to create a detection pattern follow the [ECS standard](features/investigate/events_query_language.md) and can be found on Events page  > **Show fields and top values**. 
+    Fields available to create a detection pattern follow the ECS standard and can be found on Events page  > **Show fields and top values**. 
 
 #### Security alerts
 In the Alert properties part, you should indicate the category and type of the alerts raised by the rule and the severity of the rule, which is used to calculate the urgency of the corresponding raised alerts in association with assets criticality for events matching assets.

docs/xdr/usecases/playbook/Add_UserAgent_in_comment.md

@@ -12,13 +12,13 @@ This use case describes how to enrich the comments of an alert with the User age
 	* `SIC_WRITE_ALERTS_COMMENT`
 
 !!!note
-    To create your API Key, follow this [documentation](../../../getting_started/generate_api_keys.md).
+    To create your API Key, follow this [documentation](/getting_started/manage_api_keys/#create-an-api-key).
 
 ## Playbook configuration
 
 Find the playbook configuration below: 
 
-![Playbook Add_UserAgent_in_comment](docs/assets/playbooks/library/UseCases/Add_UserAgent_in_comment.md.png)
+![Playbook Add_UserAgent_in_comment](/assets/playbooks/library/UseCases/Add_UserAgent_in_comment.png)
 
 | Module | Configuration |
 | --- | --- |

docs/xdr/usecases/playbook/ExtractIP_from_Url_country.md

@@ -10,13 +10,13 @@ This use case describes how to extract an IP address from a URL and a country.
 	* Be an Administrator or an Analyst of the community.
     * Have an API Key with a role that contains at least the permission "View alerts"
 
-> To create your API Key, follow this [documentation](../../../getting_started/generate_api_keys.md).
+> To create your API Key, follow this [documentation](/getting_started/manage_api_keys/).
 
 ## Playbook configuration
 
 Here is the playbook configuration to set:
 
-![Playbook ExtractIP](docs/assets/playbooks/library/UseCases/ExtractIP.png)
+![Playbook ExtractIP](/assets/playbooks/library/UseCases/ExtractIP.png)
 
 Alert created => set module & trigger configuration
 Get Alert => **uuid** = `short_id` variables in **Alert created**

docs/xdr/usecases/playbook/Get_events_information_from_alert.md

@@ -14,13 +14,13 @@ This use case describes how to get the MAC address of events associated with an
 	* `SIC_READ_EVENT_STATS`
 
 !!! note 
-    To create your API Key, follow this [documentation](../../../getting_started/generate_api_keys.md).
+    To create your API Key, follow this [documentation](/getting_started/manage_api_keys).
 
 ## Playbook configuration
 
 Here is the configuration below: 
 
-![Playbook Enrich_information_in_alert](docs/assets/playbooks/library/UseCases/Enrich_information_in_alert.png)
+![Playbook Enrich_information_in_alert](/assets/playbooks/library/UseCases/Enrich_information_in_alert.png)
 
 | Module | Configuration |
 | --- | --- |

docs/xdr/usecases/playbook/whoIs.md

@@ -14,13 +14,13 @@ This use case describes how to use Whois module in order to enrich an IP address
 	* `SIC_READ_EVENT_STATS`
 
 !!!note
-    To create your API Key, follow this [documentation](../../../getting_started/generate_api_keys.md).
+    To create your API Key, follow this [documentation](../../../getting_started/manage_api_keys.md).
 
 ## Playbook configuration
 
 You can find the configuration below: 
 
-![Playbook WhoIS](docs/assets/playbooks/library/UseCases/WhoIS.png)
+![Playbook WhoIS](/docs/assets/playbooks/library/UseCases/WhoIS.png)
 
 | Module | Configuration |
 | --- | --- |