Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh intakes documentation #1769

Merged
merged 1 commit into from
May 13, 2024
Merged

Refresh intakes documentation #1769

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
95 changes: 13 additions & 82 deletions ...perations_center/integrations/generated/07c0cac8-f68f-11ea-adc1-0242ac120002.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,16 +38,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
{
"message": "2 424805057484 eni-0f06a40fc9be596f6 212.83.179.156 10.0.0.96 123 123 17 2 152 1599665193 1599665488 ACCEPT OK",
"event": {
"action": "accept",
"category": [
"network"
],
"end": "2020-09-09T15:31:28Z",
"outcome": "ok",
"start": "2020-09-09T15:26:33Z",
"type": [
"allowed"
]
"start": "2020-09-09T15:26:33Z"
},
"@timestamp": "2020-09-09T15:26:33Z",
"action": {
Expand All @@ -60,10 +56,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"account": {
"id": "424805057484"
},
"provider": "aws",
"service": {
"name": "vpc"
}
"provider": "aws"
},
"destination": {
"address": "10.0.0.96",
Expand Down Expand Up @@ -93,9 +86,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"ip": "212.83.179.156",
"packets": 2,
"port": 123
},
"user": {
"id": "424805057484"
}
}

Expand All @@ -109,16 +99,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
{
"message": "{\"version\":2,\"account_id\":\"424805057484\",\"interface_id\":\"eni-0f06a40fc9be596f6\",\"srcaddr\":\"5.6.7.8\",\"dstaddr\":\"1.2.3.4\",\"srcport\":4712,\"dstport\":53205,\"protocol\":6,\"packets\":12,\"bytes\":2610,\"start\":1661950735,\"end\":1661950746,\"action\":\"ACCEPT\",\"log_status\":\"OK\"}\n",
"event": {
"action": "accept",
"category": [
"network"
],
"end": "2022-08-31T12:59:06Z",
"outcome": "ok",
"start": "2022-08-31T12:58:55Z",
"type": [
"allowed"
]
"start": "2022-08-31T12:58:55Z"
},
"@timestamp": "2022-08-31T12:58:55Z",
"action": {
Expand All @@ -131,10 +117,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"account": {
"id": "424805057484"
},
"provider": "aws",
"service": {
"name": "vpc"
}
"provider": "aws"
},
"destination": {
"address": "1.2.3.4",
Expand Down Expand Up @@ -164,9 +147,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"ip": "5.6.7.8",
"packets": 12,
"port": 4712
},
"user": {
"id": "424805057484"
}
}

Expand All @@ -180,16 +160,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
{
"message": "5 424805057484 eni-1235b8ca123456789 52.95.128.179 10.0.0.71 46945 53 17 1 73 1658131186 1658131216 ACCEPT OK vpc-abcdefab012345678 subnet-aaaaaaaa012345678 - 0 IPv4 52.95.128.179 10.0.0.71 eu-west-1 euw1-az3 - - - - egress 8",
"event": {
"action": "accept",
"category": [
"network"
],
"end": "2022-07-18T08:00:16Z",
"outcome": "ok",
"start": "2022-07-18T07:59:46Z",
"type": [
"allowed"
]
"start": "2022-07-18T07:59:46Z"
},
"@timestamp": "2022-07-18T07:59:46Z",
"action": {
Expand All @@ -202,10 +178,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"account": {
"id": "424805057484"
},
"provider": "aws",
"service": {
"name": "vpc"
}
"provider": "aws"
},
"destination": {
"address": "10.0.0.71",
Expand Down Expand Up @@ -235,9 +208,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"ip": "52.95.128.179",
"packets": 1,
"port": 46945
},
"user": {
"id": "424805057484"
}
}

Expand All @@ -251,16 +221,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
{
"message": "2 123456789010 eni-1235b8ca123456789 2001:db8:1234:a100:8d6e:3477:df66:f105 2001:db8:1234:a102:3304:8879:34cf:4071 34892 22 6 54 8855 1477913708 1477913820 ACCEPT OK",
"event": {
"action": "accept",
"category": [
"network"
],
"end": "2016-10-31T11:37:00Z",
"outcome": "ok",
"start": "2016-10-31T11:35:08Z",
"type": [
"allowed"
]
"start": "2016-10-31T11:35:08Z"
},
"@timestamp": "2016-10-31T11:35:08Z",
"action": {
Expand All @@ -273,10 +239,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"account": {
"id": "123456789010"
},
"provider": "aws",
"service": {
"name": "vpc"
}
"provider": "aws"
},
"destination": {
"address": "2001:db8:1234:a102:3304:8879:34cf:4071",
Expand Down Expand Up @@ -306,9 +269,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"ip": "2001:db8:1234:a100:8d6e:3477:df66:f105",
"packets": 54,
"port": 34892
},
"user": {
"id": "123456789010"
}
}

Expand Down Expand Up @@ -338,20 +298,14 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"account": {
"id": "123456789010"
},
"provider": "aws",
"service": {
"name": "vpc"
}
"provider": "aws"
},
"observer": {
"ingress": {
"interface": {
"name": "eni-1235b8ca123456789"
}
}
},
"user": {
"id": "123456789010"
}
}

Expand All @@ -365,16 +319,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
{
"message": "2 424805057484 eni-0f06a40fc9be596f6 195.14.170.50 10.0.0.96 53996 20248 6 1 40 1599665374 1599665428 REJECT OK",
"event": {
"action": "reject",
"category": [
"network"
],
"end": "2020-09-09T15:30:28Z",
"outcome": "ok",
"start": "2020-09-09T15:29:34Z",
"type": [
"denied"
]
"start": "2020-09-09T15:29:34Z"
},
"@timestamp": "2020-09-09T15:29:34Z",
"action": {
Expand All @@ -387,10 +337,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"account": {
"id": "424805057484"
},
"provider": "aws",
"service": {
"name": "vpc"
}
"provider": "aws"
},
"destination": {
"address": "10.0.0.96",
Expand Down Expand Up @@ -420,9 +367,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"ip": "195.14.170.50",
"packets": 1,
"port": 53996
},
"user": {
"id": "424805057484"
}
}

Expand All @@ -436,16 +380,12 @@ Find below few samples of events and how they are normalized by Sekoia.io.
{
"message": "{\"version\":2,\"account_id\":\"424805057484\",\"interface_id\":\"eni-0f06a40fc9be596f6\",\"srcaddr\":\"1.2.3.4\",\"dstaddr\":\"5.6.7.8\",\"srcport\":53094,\"dstport\":2323,\"protocol\":6,\"packets\":1,\"bytes\":40,\"start\":1661950735,\"end\":1661950746,\"action\":\"REJECT\",\"log_status\":\"OK\"}\n",
"event": {
"action": "reject",
"category": [
"network"
],
"end": "2022-08-31T12:59:06Z",
"outcome": "ok",
"start": "2022-08-31T12:58:55Z",
"type": [
"denied"
]
"start": "2022-08-31T12:58:55Z"
},
"@timestamp": "2022-08-31T12:58:55Z",
"action": {
Expand All @@ -458,10 +398,7 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"account": {
"id": "424805057484"
},
"provider": "aws",
"service": {
"name": "vpc"
}
"provider": "aws"
},
"destination": {
"address": "5.6.7.8",
Expand Down Expand Up @@ -491,9 +428,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"ip": "1.2.3.4",
"packets": 1,
"port": 53094
},
"user": {
"id": "424805057484"
}
}

Expand All @@ -516,10 +450,8 @@ The following table lists the fields that are extracted, normalized under the EC
|`action.type` | `keyword` | The type of the action |
|`cloud.account.id` | `keyword` | The cloud account or organization id. |
|`cloud.provider` | `keyword` | Name of the cloud provider. |
|`cloud.service.name` | `keyword` | The cloud service name. |
|`destination.ip` | `ip` | IP address of the destination. |
|`destination.port` | `long` | Port of the destination. |
|`event.action` | `keyword` | The action captured by the event. |
|`event.category` | `keyword` | Event category. The second categorization field in the hierarchy. |
|`event.end` | `date` | event.end contains the date when the event ended or when the activity was last observed. |
|`event.start` | `date` | event.start contains the date when the event started or when the activity was first observed. |
Expand All @@ -529,5 +461,4 @@ The following table lists the fields that are extracted, normalized under the EC
|`source.ip` | `ip` | IP address of the source. |
|`source.packets` | `long` | Packets sent from the source to the destination. |
|`source.port` | `long` | Port of the source. |
|`user.id` | `keyword` | Unique identifier of the user. |

7 changes: 0 additions & 7 deletions ...perations_center/integrations/generated/5702ae4e-7d8a-455f-a47b-ef64dd87c981.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"@timestamp": "2021-11-23T15:35:08.541882Z",
"action": {
"outcome_reason": "Configuration is changed in the admin session",
"target": "network-traffic",
"type": "system"
},
"log": {
Expand Down Expand Up @@ -658,7 +657,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"name": "roll-log",
"outcome": "success",
"outcome_reason": "Disk log has rolled.",
"target": "network-traffic",
"type": "system"
},
"fortinet": {
Expand Down Expand Up @@ -2280,7 +2278,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"name": "login",
"outcome": "failed",
"outcome_reason": "Login disabled from IP 1.1.1.1 for 60 seconds because of 3 bad attempts",
"target": "network-traffic",
"type": "system"
},
"log": {
Expand Down Expand Up @@ -2315,7 +2312,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"name": "ssl-new-con",
"outcome": "success",
"outcome_reason": "SSL new connection",
"target": "network-traffic",
"type": "vpn"
},
"destination": {
Expand Down Expand Up @@ -3523,7 +3519,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"name": "CRL_1",
"outcome": "success",
"outcome_reason": "A certificate is updated",
"target": "network-traffic",
"type": "vpn"
},
"fortinet": {
Expand Down Expand Up @@ -3581,7 +3576,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"name": "ssl-login-fail",
"outcome": "success",
"outcome_reason": "SSL user failed to logged in",
"target": "network-traffic",
"type": "vpn"
},
"fortinet": {
Expand Down Expand Up @@ -3651,7 +3645,6 @@ Find below few samples of events and how they are normalized by Sekoia.io.
"name": "ssl-login-fail",
"outcome": "success",
"outcome_reason": "SSL user failed to logged in",
"target": "network-traffic",
"type": "vpn"
},
"fortinet": {
Expand Down
Loading
Loading