Integrathon documentation improvement

.gitignore

@@ -22,4 +22,5 @@ docs/getting_started/inactive_users
 .DS_Store
 *.pyc
 node_modules/
-Icon?
+Icon?
+/docu

_shared_content/automate/actions.md

@@ -18,11 +18,11 @@ The Actions Library lists all available actions in playbooks with their detailed
 
 | Name | Description |
 | --- | --- |
-| [Get Event Field Common Values](../library/sekoia-io/#get-event-field-common-values) | Retrieve the most common values of an ECS field based on the time window |
-| [List Assets](../library/sekoia-io/#list-assets) | Retrieve detailed information about assets based on a filter |
-| [Search Alerts](../library/sekoia-io/#search-alerts) | Retrieve detailed information about alerts (such as the urgency, name of the rule, etc… except events) based on a filter. |
-| [Get Alert](../library/sekoia-io/#get-alert) | Retrieve detailed alert information such as the urgency, name of the rule, pattern, etc… except events. |
-| [Get Events](../library/sekoia-io/#get-events) | Retrieve events based on a search. This action is equivalent to a search on the event page and takes into consideration 3 parameters: a query with filters (`source.ip=xx.xxx.xx`), and earliest time/latest time: two dates to determine the date range of the search. |
+| [Get Event Field Common Values](/integration/action_library/generic/sekoia-io/#get-event-field-common-values) | Retrieve the most common values of an ECS field based on the time window |
+| [List Assets](/integration/action_library/generic/sekoia-io/#list-assets) | Retrieve detailed information about assets based on a filter |
+| [Search Alerts](/integration/action_library/generic/sekoia-io/#search-alerts) | Retrieve detailed information about alerts (such as the urgency, name of the rule, etc… except events) based on a filter. |
+| [Get Alert](/integration/action_library/generic/sekoia-io/#get-alert) | Retrieve detailed alert information such as the urgency, name of the rule, pattern, etc… except events. |
+| [Get Events](/integration/action_library/generic/sekoia-io/#get-events) | Retrieve events based on a search. This action is equivalent to a search on the event page and takes into consideration 3 parameters: a query with filters (`source.ip=xx.xxx.xx`), and earliest time/latest time: two dates to determine the date range of the search. |
 
 !!!note
 	`Get Events` can be used to retrieve events from an alert. Events associated to an alert contain the key `alert_short_ids` with the value of the ID of the alert.
@@ -31,15 +31,15 @@ The Actions Library lists all available actions in playbooks with their detailed
 
 | Name | Description |
 | --- | --- |
-| [Create an asset](../library/sekoia-io/#create-asset) | Create an asset |
-| [Delete an asset](../library/sekoia-io/#delete-an-asset) | Delete an asset |
-| [Add attribute to asset](../library/sekoia-io/#add-attribute-to-asset) | Add attribute to asset |
-| [Add key to asset](../library/sekoia-io/#add-key-to-asset) | Add key to asset |
-| [Edit alert](../library/sekoia-io/#edit-alert) | Edit an alert details such as the urgency or the alert category |
-| [Comment alert](../library/sekoia-io/#comment-alert) | Add a comment to the alert |
-| [Update alert status](../library/sekoia-io/#update-alert-status) | Change the status of an alert |
-| [Push Events to Intake](../library/sekoia-io/#push-events-to-intake) | Push one or more events to an Intake |
-| [Attach Alerts to Case](../library/sekoia-io/#attach-alerts-to-case) | Attach one or more alerts to a case. |
+| [Create an asset](/integration/action_library/generic/sekoia-io/#create-asset) | Create an asset |
+| [Delete an asset](/integration/action_library/generic/sekoia-io/#delete-an-asset) | Delete an asset |
+| [Add attribute to asset](/integration/action_library/generic/sekoia-io/#add-attribute-to-asset) | Add attribute to asset |
+| [Add key to asset](/integration/action_library/generic/sekoia-io/#add-key-to-asset) | Add key to asset |
+| [Edit alert](/integration/action_library/generic/sekoia-io/#edit-alert) | Edit an alert details such as the urgency or the alert category |
+| [Comment alert](/integration/action_library/generic/sekoia-io/#comment-alert) | Add a comment to the alert |
+| [Update alert status](/integration/action_library/generic/sekoia-io/#update-alert-status) | Change the status of an alert |
+| [Push Events to Intake](/integration/action_library/generic/sekoia-io/#push-events-to-intake) | Push one or more events to an Intake |
+| [Attach Alerts to Case](/integration/action_library/generic/sekoia-io/#attach-alerts-to-case) | Attach one or more alerts to a case. |
 
 
 #### How to update an alert status
@@ -58,51 +58,54 @@ To update an alert status, you need to copy the `status_uuid` corresponding to t
 
 To get notified, you can rely on these tools:
 
-- [Mandrill](library/mandrill.md): Send Message
-- [Mattermost](library/mattermost.md): Post message / Post Sekoia.io alert
-- [Pagerduty](library/pagerduty.md): Trigger Alert
-- [The Hive](library/the-hive.md): Create an alert in the Hive
+- [Mandrill](/integration/action_library/applicative/mandrill.md): Send Message
+- [Mattermost](/integration/action_library/applicative/mattermost.md): Post message / Post Sekoia.io alert
+- [Pagerduty](/integration/action_library/applicative/pagerduty.md): Trigger Alert
+- [The Hive](/integration/action_library/collaboration_tools/the-hive.md): Create an alert in the Hive
+- ...
 
 ## Data collection
 
 If you have an account in one of the listed tools below, you can easily extract data from there and import it to Sekoia.io. This is made possible with an API key.
 
-- [BinaryEdge](library/binaryedge-s-api.md)
-- [Censys](library/censys.md)
-- [GLIMPS](library/glimps.md)
-- [IKnowWhatYouDownloaded](library/iknowwhatyoudownload.md)
-- [Onyphe](library/onyphe.md)
-- [Public Suffix](library/public-suffix.md)
-- [RiskIQ](library/riskiq.md)
-- [Shodan](library/shodan.md)
-- [VirusTotal](library/virustotal.md)
-- [Whois](library/whois.md)
+- [BinaryEdge](/integration/action_library/threat_intelligence/binaryedge-s-api.md)
+- [Censys](/integration/action_library/threat_intelligence/censys.md)
+- [GLIMPS](/integration/action_library/threat_intelligence/glimps.md)
+- [IKnowWhatYouDownloaded](/integration/action_library/threat_intelligence/iknowwhatyoudownload.md)
+- [Onyphe](/integration/action_library/threat_intelligence/onyphe.md)
+- [Public Suffix](/integration/action_library/threat_intelligence/public-suffix.md)
+- [RiskIQ](/integration/action_library/threat_intelligence/riskiq.md)
+- [Shodan](/integration/action_library/threat_intelligence/shodan.md)
+- [VirusTotal](/integration/action_library/threat_intelligence/virustotal.md)
+- [Whois](/integration/action_library/threat_intelligence/whois.md)
+- ...
 
 ## Helpers
 
 | Name | Description |
 | --- | --- |
-| [fileutils](library/fileutils.md) | Extract data from XML or JSON files |
-| [http](library/http.md) | Request HTTP resources (download file, request URL) |
-| [STIX](library/stix.md) | Add source, add tags, create relationships, cryptolaemus to STIX, CVE to STIX, filter bundle, JSON objects to observables, VirusTotal LiveHunt to observables, MISP to STIX, observables to contextualized indicators, observables to indicators, remove orphan objects, STIX to MISP, string to observables |
+| [fileutils](/integration/action_library/generic/fileutils.md) | Extract data from XML or JSON files |
+| [http](/integration/action_library/generic/http.md) | Request HTTP resources (download file, request URL) |
+| [STIX](/integration/action_library/threat_intelligence/stix.md) | Add source, add tags, create relationships, cryptolaemus to STIX, CVE to STIX, filter bundle, JSON objects to observables, VirusTotal LiveHunt to observables, MISP to STIX, observables to contextualized indicators, observables to indicators, remove orphan objects, STIX to MISP, string to observables |
 
 These helpers need their associated trigger to function properly:
 
 | Name | Description |
 | --- | --- |
-| [MISP](library/misp.md) | Gather, store, share and correlate threat intelligence. Convert from MISP to STIX, publish MISP event |
-| [MWDB](library/mwdb.md) | Convert a MWDB config to a bundle of observables |
-| [Triage](library/triage.md) | Triage raw results to observables |
+| [MISP](/integration/action_library/threat_intelligence/misp.md) | Gather, store, share and correlate threat intelligence. Convert from MISP to STIX, publish MISP event |
+| [MWDB](/integration/action_library/threat_intelligence/mwdb.md) | Convert a MWDB config to a bundle of observables |
+| [Triage](/integration/action_library/threat_intelligence/triage.md) | Triage raw results to observables |
 
 ## Third-party applications
 
-- [Microsoft Entra ID (Azure AD) ](library/microsoft-entra-id.md)
-- [Microsoft Remote Server](library/microsoft-remote-server.md)
-- [Fortigate Firewalls](library/fortigate-firewalls.md)
-- [HarfangLab](library/harfanglab.md)
-- [Panda Security](library/panda-security.md)
-- [Sentinel One](library/sentinelone.md)
-- [ServiceNow](library/servicenow.md)
+- [Microsoft Entra ID (Azure AD) ](/integration/action_library/iam_sase/microsoft-entra-id.md)
+- [Microsoft Remote Server](/integration/action_library/applicative/microsoft-remote-server.md)
+- [Fortigate Firewalls](/integration/action_library/network/fortigate-firewalls.md)
+- [HarfangLab](/integration/action_library/endpoint/harfanglab.md)
+- [Panda Security](/integration/action_library/endpoint/panda-security.md)
+- [Sentinel One](/integration/action_library/endpoint/sentinelone.md)
+- [ServiceNow](/integration/action_library/collaboration_tools/servicenow.md)
+- ...
 
 More actions are available in the Actions Library. To learn how to set up an action, please refer to its documentation.
 

_shared_content/automate/playbooks-on-premises.md

@@ -2,7 +2,7 @@
 
 Our clients may find it necessary to execute Playbook actions within a local network that remains isolated from external internet access or rejects inbound connections. To meet this particular need, we enable users to select actions they want to perform on their local network directly from the Playbooks' user interface. 
 
-Clients must undertake a short installation process to harness the full potential of this security-enhancing feature. This involves installing our [dedicated agent](https://docs.sekoia.io/xdr/features/collect/integrations/endpoint/sekoiaio/) and Docker onto a Linux machine within their local network. The meticulous setup ensures that Playbook actions can be executed with the utmost reliability and security, maintaining the integrity of the local network environment. 
+Clients must undertake a short installation process to harness the full potential of this security-enhancing feature. This involves installing our [dedicated agent](https://docs.sekoia.io/integration/integrations/endpoint/sekoiaio/) and Docker onto a Linux machine within their local network. The meticulous setup ensures that Playbook actions can be executed with the utmost reliability and security, maintaining the integrity of the local network environment. 
 
 Below, we provide detailed instructions on how to accomplish the installation process.