From 9eb92536baa656109d04d15b9f2038c5415a626f Mon Sep 17 00:00:00 2001 From: Bivic Date: Mon, 5 Aug 2024 14:54:07 +0200 Subject: [PATCH 1/3] fix bad links --- mkdocs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mkdocs.yml b/mkdocs.yml index caf62ca4da..859a641d7d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -362,7 +362,7 @@ nav: - SentinelOne Cloud Funnel 2.0: integration/categories/endpoint/sentinelone_cloudfunnel2.0.md - Sekoia.io Endpoint Agent: integration/categories/endpoint/sekoiaio.md - Sophos EDR: integration/categories/endpoint/sophos_edr.md - - Stormshield SES: docs/integration/categories/endpoint/stormshield_endpoint.md + - Stormshield SES: integration/categories/endpoint/stormshield_endpoint.md - Symantec Endpoint Protection: integration/categories/endpoint/symantec_epp.md - TEHTRIS Endpoint Detection & Reponse: integration/categories/endpoint/tehtris_edr.md - Tanium: integration/categories/endpoint/tanium.md @@ -723,7 +723,7 @@ plugins: xdr/features/collect/integrations/endpoint/panda_security_aether.md: integration/categories/endpoint/panda_security_aether.md xdr/features/collect/integrations/endpoint/sentinelone.md: integration/categories/endpoint/sentinelone.md xdr/features/collect/integrations/endpoint/sophos_edr.md: integration/categories/endpoint/sophos_edr.md - xdr/features/collect/integrations/endpoint/stormshield_endpoint.md: docs/integration/categories/endpoint/stormshield_endpoint.md + xdr/features/collect/integrations/endpoint/stormshield_endpoint.md: integration/categories/endpoint/stormshield_endpoint.md xdr/features/collect/integrations/endpoint/symantec_epp.md: integration/categories/endpoint/symantec_epp.md xdr/features/collect/integrations/endpoint/tanium.md: integration/categories/endpoint/tanium.md xdr/features/collect/integrations/endpoint/tehtris_edr.md: integration/categories/endpoint/tehtris_edr.md From 98ba7673b617f429369670e5cee3e326030911ca Mon Sep 17 00:00:00 2001 From: Bivic Date: Mon, 5 Aug 2024 16:12:48 +0200 Subject: [PATCH 2/3] massive link fix --- docs/integration/categories/applicative/azure_files.md | 2 +- .../categories/applicative/github_audit_logs.md | 2 +- docs/integration/categories/applicative/salesforce.md | 2 +- .../integration/categories/applicative/veeam_backup.md | 2 +- docs/integration/categories/email/o365.md | 2 +- docs/integration/categories/email/postfix.md | 2 +- docs/integration/categories/email/proofpoint_pod.md | 2 +- docs/integration/categories/email/proofpoint_tap.md | 2 +- docs/integration/categories/email/vade.md | 2 +- .../categories/endpoint/checkpoint_harmony_mobile.md | 2 +- .../endpoint/crowdstrike_falcon_telemetry.md | 2 +- .../categories/endpoint/cybereason_malop.md | 4 ++-- .../categories/endpoint/cybereason_malop_activity.md | 2 +- .../categories/endpoint/google_kubernetes_engine.md | 4 ++-- docs/integration/categories/endpoint/ibm_i.md | 2 +- .../categories/endpoint/log_insight_windows.md | 2 +- .../categories/endpoint/panda_security_aether.md | 2 +- docs/integration/categories/endpoint/sekoiaio.md | 4 ++-- docs/integration/categories/endpoint/sentinelone.md | 4 ++-- .../categories/endpoint/sentinelone_cloudfunnel2.0.md | 4 ++-- docs/integration/categories/endpoint/sophos_edr.md | 2 +- docs/integration/categories/endpoint/tanium.md | 2 +- docs/integration/categories/endpoint/tehtris_edr.md | 2 +- docs/integration/categories/endpoint/trellix_edr.md | 2 +- docs/integration/categories/endpoint/vmware_esxi.md | 2 +- docs/integration/categories/endpoint/vmware_vcenter.md | 2 +- docs/integration/categories/endpoint/windows.md | 10 +++++----- docs/integration/categories/endpoint/winlogbeat.md | 2 +- .../categories/endpoint/withsecure_elements.md | 2 +- docs/integration/categories/generic/cef.md | 2 +- docs/integration/categories/iam/alsid.md | 2 +- docs/integration/categories/iam/azure_key_vault.md | 2 +- .../categories/iam/jumpcloud_directory_insights.md | 2 +- docs/integration/categories/iam/okta_system_log.md | 2 +- docs/integration/categories/iam/openldap.md | 2 +- docs/integration/categories/network/aws_flow_logs.md | 4 ++-- .../categories/network/azure_application_gateway.md | 2 +- .../categories/network/efficientip_solidserver_ddi.md | 2 +- docs/integration/categories/network/ekinops_oneos.md | 2 +- .../integration/categories/network/juniper_switches.md | 2 +- .../categories/network/microsoft_always_on_vpn.md | 2 +- docs/integration/categories/network/netfilter.md | 2 +- docs/integration/categories/network/openssh.md | 2 +- docs/integration/categories/network/openvpn.md | 2 +- docs/integration/categories/network/opnsense.md | 2 +- docs/integration/categories/network/pulse.md | 2 +- docs/integration/categories/network/sesameit_jizo.md | 2 +- docs/integration/categories/network/squid.md | 2 +- docs/integration/categories/network/umbrella_dns.md | 2 +- docs/integration/categories/network/unbound.md | 2 +- .../network_security/skyhigh_secure_web_gateway.md | 4 ++-- .../categories/network_security/sonicwall_fw.md | 2 +- .../categories/network_security/sonicwall_sma.md | 2 +- .../categories/network_security/sophos_fw.md | 2 +- .../network_security/stormshield_network_security.md | 4 ++-- .../categories/network_security/trellix_epo.md | 2 +- .../categories/network_security/trellix_nx.md | 2 +- .../categories/network_security/ubika_waap.md | 2 +- .../network_security/varonis_data_security.md | 4 ++-- docs/integration/categories/network_security/vectra.md | 2 +- .../categories/network_security/watchguard_firebox.md | 2 +- .../categories/network_security/zscaler_zia.md | 2 +- 62 files changed, 75 insertions(+), 75 deletions(-) diff --git a/docs/integration/categories/applicative/azure_files.md b/docs/integration/categories/applicative/azure_files.md index a7fc506915..ec7fc56e0c 100644 --- a/docs/integration/categories/applicative/azure_files.md +++ b/docs/integration/categories/applicative/azure_files.md @@ -59,7 +59,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/feature/automate/library/microsoft-azure.md#consume-eventhub-messages) +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/feature/automate/library/microsoft-azure/#consume-eventhub-messages) 2. Set up the trigger configuration with the EventHub's `Connection string-primary key`, the hub name, the consumer group, the storage's `Connection string-primary key` and the container name. 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/applicative/github_audit_logs.md b/docs/integration/categories/applicative/github_audit_logs.md index d31096d648..824fd25058 100644 --- a/docs/integration/categories/applicative/github_audit_logs.md +++ b/docs/integration/categories/applicative/github_audit_logs.md @@ -90,7 +90,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new audit logs from Github](../../../automate/library/github.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new audit logs from Github](/integration/action_library/collaboration_tools/github) trigger 2. Set up the module configuration with the Github organization and the APIkey. Set up the trigger configuration with the intake key 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/applicative/salesforce.md b/docs/integration/categories/applicative/salesforce.md index b7406f54f2..973d11b4fe 100644 --- a/docs/integration/categories/applicative/salesforce.md +++ b/docs/integration/categories/applicative/salesforce.md @@ -61,7 +61,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Salesforce](../../../automate/library/salesforce.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Salesforce](/integration/action_library/applicative/salesforce) trigger 2. Set up the module configuration with the consumer key and consumer secret. Set up the trigger configuration with the intake key 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/applicative/veeam_backup.md b/docs/integration/categories/applicative/veeam_backup.md index 8b08dd2f00..f03fd1b057 100644 --- a/docs/integration/categories/applicative/veeam_backup.md +++ b/docs/integration/categories/applicative/veeam_backup.md @@ -55,7 +55,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/dbebefdd-dd2e-48a9-89e6-ee5a00ee0956_sample.md!} diff --git a/docs/integration/categories/email/o365.md b/docs/integration/categories/email/o365.md index 200d1a542e..aeae700f53 100644 --- a/docs/integration/categories/email/o365.md +++ b/docs/integration/categories/email/o365.md @@ -114,7 +114,7 @@ Go to your Sekoia.io [playbooks page](https://app.sekoia.io/operations/playbooks #### Alternative mode If you are unable or you don't want to collect Office 365 logs through the management API, -Sekoia.io also supports Office 365 log collection through Azure EventHub. Follow [this guide](o365_appendix.md) for more details on this solution. +Sekoia.io also supports Office 365 log collection through Azure EventHub. Follow [this guide](/integration/categories/endpoint/azure_windows) for more details on this solution. ### Collect Microsoft Defender for Office365 events diff --git a/docs/integration/categories/email/postfix.md b/docs/integration/categories/email/postfix.md index 04518b6093..da30f7d323 100644 --- a/docs/integration/categories/email/postfix.md +++ b/docs/integration/categories/email/postfix.md @@ -18,7 +18,7 @@ As of now, the main solution to collect Postfix logs leverages the Rsyslog recip ### Rsyslog -Please refer to the documentation of Postfix to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please refer to the documentation of Postfix to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/eb727929-6a06-4e68-a09d-cf0e5daf3ccd_sample.md!} diff --git a/docs/integration/categories/email/proofpoint_pod.md b/docs/integration/categories/email/proofpoint_pod.md index 83a99422a3..9f73de02b7 100644 --- a/docs/integration/categories/email/proofpoint_pod.md +++ b/docs/integration/categories/email/proofpoint_pod.md @@ -35,7 +35,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Pull events -Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint PoD connector](../../../automate/library/proofpoint.md#get-proofpoint-pod-events). +Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint PoD connector](/integration/action_library/applicative/proofpoint/#get-proofpoint-pod-events). Set up the trigger configuration with the api key, the cluster id and the intake key. Customize others parameters if needed. diff --git a/docs/integration/categories/email/proofpoint_tap.md b/docs/integration/categories/email/proofpoint_tap.md index 68a95e31f8..b620d1569a 100644 --- a/docs/integration/categories/email/proofpoint_tap.md +++ b/docs/integration/categories/email/proofpoint_tap.md @@ -32,7 +32,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Pull events -Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint TAP connector](../../../automate/library/proofpoint.md#get-proofpoint-tap-events). +Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint TAP connector](/integration/action_library/applicative/proofpoint/#get-proofpoint-tap-events). Set up the trigger configuration with the service principal, the secret and the intake key. Customize others parameters if needed. diff --git a/docs/integration/categories/email/vade.md b/docs/integration/categories/email/vade.md index eb5410fd84..5e1ca9945a 100644 --- a/docs/integration/categories/email/vade.md +++ b/docs/integration/categories/email/vade.md @@ -37,7 +37,7 @@ Lastly, you must add the Sekoia's action `Push Events to intake` to the graph an - the Sekoia.io `api_key` generated within the user center - the `base_url` (`https://intake.sekoia.io`) - the `events_path` to push on Intake (your logs, you will probably fill it with `{{ node.0['emails_path'] }}`) -- the `intake_key` of the intake you have previously created (documentation can be found [here](../../intakes.md)) +- the `intake_key` of the intake you have previously created (documentation can be found [here](/xdr/features/collect/intakes)) {!_shared_content/operations_center/integrations/generated/e4a758fc-7620-49e6-b8ed-b7fb3d7fa232_sample.md!} diff --git a/docs/integration/categories/endpoint/checkpoint_harmony_mobile.md b/docs/integration/categories/endpoint/checkpoint_harmony_mobile.md index 7b799deea2..9b28d078d8 100644 --- a/docs/integration/categories/endpoint/checkpoint_harmony_mobile.md +++ b/docs/integration/categories/endpoint/checkpoint_harmony_mobile.md @@ -42,7 +42,7 @@ To create the intake, go to the [intake page](https://app.sekoia.io/operations/i To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Check Point Harmony Mobile](../../../automate/library/check-point.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Check Point Harmony Mobile](/integration/action_library/network/check-point) trigger 2. Set up the module configuration with the Client ID, Client Secret and Authentication URL. 3. Set up the trigger configuration with the intake key 4. Start the playbook and enjoy your events diff --git a/docs/integration/categories/endpoint/crowdstrike_falcon_telemetry.md b/docs/integration/categories/endpoint/crowdstrike_falcon_telemetry.md index 080b9fce43..dbdd15deeb 100644 --- a/docs/integration/categories/endpoint/crowdstrike_falcon_telemetry.md +++ b/docs/integration/categories/endpoint/crowdstrike_falcon_telemetry.md @@ -48,7 +48,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from CrowdStrike Data replication](../../../automate/library/crowdstrike.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from CrowdStrike Data replication](/integration/action_library/endpoint/crowdstrike) trigger 2. Set up the module configuration with your client id, the client secret and the region. Set up the trigger configuration with the intake key and the queue name. 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/endpoint/cybereason_malop.md b/docs/integration/categories/endpoint/cybereason_malop.md index a2162b081b..33c08132e4 100644 --- a/docs/integration/categories/endpoint/cybereason_malop.md +++ b/docs/integration/categories/endpoint/cybereason_malop.md @@ -13,7 +13,7 @@ Cybereason offers a set of Endpoint Detection and Response (EDR) solutions. Thro !!! warning If your tenant uses an allowlist to authorize connections, please ensure that Sekoia.io's IPs are allowed. - See our [FAQ](../../../../FAQ.md) to get our IPs. + See our [FAQ](/xdr/FAQ) to get our IPs. ## Configure @@ -36,7 +36,7 @@ Keep aside the intake key. To start pulling events, you have to: -1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from Cybereason](../../../../automate/library/cybereason) module. +1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from Cybereason](/integration/action_library/endpoint/cybereason.md) module. 2. Set up the module configuration with your Cybereason username and password. 3. Set up the trigger configuration with your intake key 4. Start the playbook and enjoy your [events](https://app.sekoia.io/operations/events). diff --git a/docs/integration/categories/endpoint/cybereason_malop_activity.md b/docs/integration/categories/endpoint/cybereason_malop_activity.md index f239a50e9d..149a8e1ec3 100644 --- a/docs/integration/categories/endpoint/cybereason_malop_activity.md +++ b/docs/integration/categories/endpoint/cybereason_malop_activity.md @@ -30,7 +30,7 @@ Keep aside the intake key. ### Setup the Syslog collector -Check the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to install and set up the syslog collector. +Check the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to install and set up the syslog collector. Once the setup has completed, write down the IP address and port. This information will be used in the next step. diff --git a/docs/integration/categories/endpoint/google_kubernetes_engine.md b/docs/integration/categories/endpoint/google_kubernetes_engine.md index f097e86163..16c0b0caf7 100644 --- a/docs/integration/categories/endpoint/google_kubernetes_engine.md +++ b/docs/integration/categories/endpoint/google_kubernetes_engine.md @@ -10,12 +10,12 @@ type: intake There are different types of logs produced by GKE: -**Auditd logs**: Most important logs from a security point of view. We recommend that you use [Auditbeat](../../../endpoint/auditbeat_linux/) to collect Auditd logs. +**Auditd logs**: Most important logs from a security point of view. We recommend that you use [Auditbeat](/integration/categories/endpoint/auditbeat_linux) to collect Auditd logs. **Flow Logs**: From [Google VPC FLow Logs documentation](https://cloud.google.com/vpc/docs/using-flow-logs): > VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as GKE nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization. -Please read the [dedicated documentation](google_vpc_flow_logs.md). +Please read the [dedicated documentation](/integration/categories/network/google_vpc_flow_logs). (*Intake type: Google VPC Flow Logs*) **Activity logs** (*Intake type: Google Cloud Audit log*): diff --git a/docs/integration/categories/endpoint/ibm_i.md b/docs/integration/categories/endpoint/ibm_i.md index 39a8b9efb4..23f6b0d5a3 100644 --- a/docs/integration/categories/endpoint/ibm_i.md +++ b/docs/integration/categories/endpoint/ibm_i.md @@ -71,7 +71,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ## Send logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/fc03f783-5039-415e-915a-a4b010d9a872_sample.md!} diff --git a/docs/integration/categories/endpoint/log_insight_windows.md b/docs/integration/categories/endpoint/log_insight_windows.md index a54360f76d..a2746599a0 100644 --- a/docs/integration/categories/endpoint/log_insight_windows.md +++ b/docs/integration/categories/endpoint/log_insight_windows.md @@ -26,7 +26,7 @@ As of now, the main solution to collect Windows logs with Log Insight leverages ### Rsyslog -Please refer to the documentation of Linux to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please refer to the documentation of Linux to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/ee54dd8e-4bd4-4fe8-9d9d-1a018cd8c4bb_sample.md!} diff --git a/docs/integration/categories/endpoint/panda_security_aether.md b/docs/integration/categories/endpoint/panda_security_aether.md index 97fc8dd1ce..6b1bf52e12 100644 --- a/docs/integration/categories/endpoint/panda_security_aether.md +++ b/docs/integration/categories/endpoint/panda_security_aether.md @@ -35,7 +35,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Pull events -Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Panda Security trigger](../../../automate/library/panda-security.md#fetch-security-events). You can use the existing template to fasten and ease the creation of your playbook. +Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Panda Security trigger](/integration/action_library/endpoint/panda-security/#fetch-security-events). You can use the existing template to fasten and ease the creation of your playbook. Set up the module configuration with an access ID, the password of the access ID (`access_secret`), your WatchGuard Cloud account ID (`account_id`), the API Key (`api_key`). Set the `base_url` with the domain part of the API Url (e.g: for the API URL `https://api.usa.cloud.watchguard.com/rest/`, the `base_url` is `https://api.usa.cloud.watchguard.com`). diff --git a/docs/integration/categories/endpoint/sekoiaio.md b/docs/integration/categories/endpoint/sekoiaio.md index 048e52aaec..fc8b5f64ba 100644 --- a/docs/integration/categories/endpoint/sekoiaio.md +++ b/docs/integration/categories/endpoint/sekoiaio.md @@ -44,7 +44,7 @@ The Endpoint Detection Agent supports the following operating systems, **on 64-b ## New features -To find out about the changes between each version please check the [agent's changelog](sekoiaio_changelog.md) +To find out about the changes between each version please check the [agent's changelog](https://changelog.sekoia.io/changelog?type=t6527b1484d556) ## Prerequisites The Sekoia.io Endpoint Agent uses the HTTPS protocol to send its events and has an automatic update mechanism. As a prerequisite, it's necessary to open the following streams: @@ -523,7 +523,7 @@ The proxy URL should follow the format `http://user:pass@host:port`. A proper security log auditing configuration will allow the agent to collect different security-related events. - This document can be followed for an optimal configuration: [Configuring Security Log Audit Settings](https://github.com/Yamato-Security/EnableWindowsLogSettings/blob/main/ConfiguringSecurityLogAuditPolicies.md). + This document can be followed for an optimal configuration: [Configuring Security Log Audit Settings](https://github.com/Yamato-Security/EnableWindowsLogSettings/blob/main/ConfiguringSecurityLogAuditPolicies). === "Linux" diff --git a/docs/integration/categories/endpoint/sentinelone.md b/docs/integration/categories/endpoint/sentinelone.md index 859ea7e88d..7058985551 100644 --- a/docs/integration/categories/endpoint/sentinelone.md +++ b/docs/integration/categories/endpoint/sentinelone.md @@ -24,7 +24,7 @@ Depending on the context of the log, additional content could be available, such - File information !!! Tip - For advanced log collection, we suggest you use the SentinelOne Cloud Funnel 2.0 option, as described in the [SentinelOne Cloud Funnel 2.0 integration](sentinelone_cloudfunnel2.0.md). + For advanced log collection, we suggest you use the SentinelOne Cloud Funnel 2.0 option, as described in the [SentinelOne Cloud Funnel 2.0 integration](/integration/categories/endpoint/sentinelone_cloudfunnel2.0). ## Configure @@ -42,7 +42,7 @@ This setup guide will show you how to pull events produced by SentinelOne EDR on 4. Select `Create User` and copy the generated API token. !!! note - A `Service User` with the `Site Admin` or `IR Team` role can mitigate threats from [Sekoia.io](https://app.sekoia.io/) using [SentinelOne playbook actions](/xdr/features/automate/library/sentinelone.md). A user with the `Site Viewer` role can view activity events and threats but cannot take action. + A `Service User` with the `Site Admin` or `IR Team` role can mitigate threats from [Sekoia.io](https://app.sekoia.io/) using [SentinelOne playbook actions](/xdr/features/automate/library/sentinelone). A user with the `Site Viewer` role can view activity events and threats but cannot take action. ## Create a SentinelOne intake diff --git a/docs/integration/categories/endpoint/sentinelone_cloudfunnel2.0.md b/docs/integration/categories/endpoint/sentinelone_cloudfunnel2.0.md index 6622d4be46..3fba413fd7 100644 --- a/docs/integration/categories/endpoint/sentinelone_cloudfunnel2.0.md +++ b/docs/integration/categories/endpoint/sentinelone_cloudfunnel2.0.md @@ -18,7 +18,7 @@ SentinelOne Deep Visibility logs provides in-depth logs that are useful for dete No additional installation or configuration on the agents is needed. !!! warning - Alerts and Events logs from the SentinelOne console are not available with CloudFunnel. To collect events to be able to have information on access to the console, one must configure the SentinelOne log collection from API as documented [here](./sentinelone.md). + Alerts and Events logs from the SentinelOne console are not available with CloudFunnel. To collect events to be able to have information on access to the console, one must configure the SentinelOne log collection from API as documented [here](/integration/categories/endpoint/sentinelone). Please find bellow a short list of activities that are available for security supervision thanks to SentinelOne Deep Visibility logs: @@ -96,7 +96,7 @@ In the [Sekoia.io Operations Center](https://app.sekoia.io/operations/intakes): To start pulling events, follow these steps: 1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) -2. Create a new playbook with the [AWS Fetch new logs on S3 connector](../../../../automate/library/aws#fetch-new-logs-on-s3) +2. Create a new playbook with the [AWS Fetch new logs on S3 connector](/integration/action_library/cloud_providers/aws#fetch-new-logs-on-s3) 3. Set up the module configuration with the [AWS Access Key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), the secret key and the region name 4. Set up the trigger configuration with the name of the SQS queue and the intake key (from the intake previously created) 5. Start the playbook and enjoy your events diff --git a/docs/integration/categories/endpoint/sophos_edr.md b/docs/integration/categories/endpoint/sophos_edr.md index 7b5ace2d52..f8e9eab4d2 100644 --- a/docs/integration/categories/endpoint/sophos_edr.md +++ b/docs/integration/categories/endpoint/sophos_edr.md @@ -40,7 +40,7 @@ In the Sophos Central Admin console: 1. Go to the [Playbook page](https://app.sekoia.io/operations/playbooks). 2. Click on `+ PLAYBOOK` and choose `Create a playbook from scratch`. 3. Give it a name and a description and click on `Next`. -4. In `Choose a trigger`, select the [Get Sophos events](../../../../automate/library/sophos/#get-sophos-events). +4. In `Choose a trigger`, select the [Get Sophos events](/integration/action_library/endpoint/sophos/#get-sophos-events). 5. Click on the `Get Sophos events` module on the right sidebar and in the `Module Configuration` section, select `Create new configuration`. 6. Write a `name` and paste the `client_id` and `client_secret` from the Sophos console and click on `Save`. diff --git a/docs/integration/categories/endpoint/tanium.md b/docs/integration/categories/endpoint/tanium.md index bb79d450c7..8c2d0fa937 100644 --- a/docs/integration/categories/endpoint/tanium.md +++ b/docs/integration/categories/endpoint/tanium.md @@ -14,7 +14,7 @@ Tanium solutions manage and protect networks and endpoints. ## Configure -Tanium logs can be collected under the rsyslog format and then forward to Sekoia.io. Refer to the official documentation of Tanium to forward your logs under rsyslog format and consult the [Rsyslog Transport](../../../ingestion_methods/rsyslog/) documentation to forward these logs to Sekoia.io. +Tanium logs can be collected under the rsyslog format and then forward to Sekoia.io. Refer to the official documentation of Tanium to forward your logs under rsyslog format and consult the [Rsyslog Transport](/integration/ingestion_methods/rsyslog) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/59991ced-c2a0-4fb0-91f3-49e3993c16f5_sample.md!} diff --git a/docs/integration/categories/endpoint/tehtris_edr.md b/docs/integration/categories/endpoint/tehtris_edr.md index 056a7fd530..9217928b7e 100644 --- a/docs/integration/categories/endpoint/tehtris_edr.md +++ b/docs/integration/categories/endpoint/tehtris_edr.md @@ -37,7 +37,7 @@ To create the intake, go to the [intake page](https://app.sekoia.io/operations/i To start to pull events, you have to: -1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from TEHTRIS](../../../automate/library/tehtris.md#fetch-new-events-from-tehtris) module +1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from TEHTRIS](/integration/action_library/endpoint/tehtris/#fetch-new-events-from-tehtris) module 2. Set up the module configuration with your API key and your tenant ID (most of time, your tenant ID is the subdomain of your TEHTRIS instance; eg: `https://{tenant_id}.tehtris.net`) diff --git a/docs/integration/categories/endpoint/trellix_edr.md b/docs/integration/categories/endpoint/trellix_edr.md index 2fd0eea6b3..e1b6c54fe6 100644 --- a/docs/integration/categories/endpoint/trellix_edr.md +++ b/docs/integration/categories/endpoint/trellix_edr.md @@ -31,7 +31,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Trellix](../../../automate/library/trellix.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Trellix](/integration/action_library/endpoint/trellix) trigger 2. Set up the module configuration with the Client Id and Client Secret. Set up the trigger configuration with the intake key 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/endpoint/vmware_esxi.md b/docs/integration/categories/endpoint/vmware_esxi.md index 1025bc5ba3..333b61be19 100644 --- a/docs/integration/categories/endpoint/vmware_esxi.md +++ b/docs/integration/categories/endpoint/vmware_esxi.md @@ -30,7 +30,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ## Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/2b13307b-7439-4973-900a-2b58303cac90_sample.md!} diff --git a/docs/integration/categories/endpoint/vmware_vcenter.md b/docs/integration/categories/endpoint/vmware_vcenter.md index b416b24a87..566903d6ed 100644 --- a/docs/integration/categories/endpoint/vmware_vcenter.md +++ b/docs/integration/categories/endpoint/vmware_vcenter.md @@ -30,7 +30,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ## Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. Create a new configuration file: diff --git a/docs/integration/categories/endpoint/windows.md b/docs/integration/categories/endpoint/windows.md index 48049de890..cac4d0f357 100644 --- a/docs/integration/categories/endpoint/windows.md +++ b/docs/integration/categories/endpoint/windows.md @@ -211,11 +211,11 @@ Restart-Service nxlog ### Configure the concentrator to forward events to Sekoia.io Please read the dedicated documentation for each concentrator: -* [Rsyslog](../../../ingestion_methods/syslog/overview/) -* [Logstash](../../../ingestion_methods/logstash/) -* [Syslog-ng](../../../ingestion_methods/syslog-ng/) -* [Graylog](../../../ingestion_methods/graylog/) -* [Sekoia.io docker concentrator](../../../ingestion_methods/sekoiaio_forwarder/) +* [Rsyslog](/integration/ingestion_methods/syslog/overview) +* [Logstash](/integration/ingestion_methods/logstash) +* [Syslog-ng](/integration/ingestion_methods/syslog-ng) +* [Graylog](/integration/ingestion_methods/https/graylog) +* [Sekoia.io docker concentrator](/integration/ingestion_methods/syslog/sekoiaio_forwarder) !!! Note While Sekoia.io docker concentrator is highly recommended, you are free to use the one that you are most comfortable with. diff --git a/docs/integration/categories/endpoint/winlogbeat.md b/docs/integration/categories/endpoint/winlogbeat.md index fd8059b529..b603d0f927 100644 --- a/docs/integration/categories/endpoint/winlogbeat.md +++ b/docs/integration/categories/endpoint/winlogbeat.md @@ -154,7 +154,7 @@ PS C:\Program Files\Winlogbeat> Start-Service winlogbeat ### Forward logs to Sekoia.io -Please consult our [guide](/integration/ingestion_methods/https/logstash.md) to configure logs forwarding from Logstash to Sekoia.io. +Please consult our [guide](/integration/ingestion_methods/https/logstash) to configure logs forwarding from Logstash to Sekoia.io. {!_shared_content/operations_center/integrations/generated/c10307ea-5dd1-45c6-85aa-2a6a900df99b_sample.md!} diff --git a/docs/integration/categories/endpoint/withsecure_elements.md b/docs/integration/categories/endpoint/withsecure_elements.md index fda8803ff1..5fd143f9b3 100644 --- a/docs/integration/categories/endpoint/withsecure_elements.md +++ b/docs/integration/categories/endpoint/withsecure_elements.md @@ -37,7 +37,7 @@ In the WithSecure Elements Central Admin console: 1. Go to the [Playbook page](https://app.sekoia.io/operations/playbooks). 2. Click on `+ PLAYBOOK` and choose `Create a playbook from scratch`. 3. Give it a name such as `Collect WithSecure Elements events` and a description and click on `Next`. -4. In `Choose a trigger`, select the [Fetch security events](../../../../automate/library/withsecure). +4. In `Choose a trigger`, select the [Fetch security events](/integration/action_library/endpoint/withsecure). 5. Click on the `Fetch security events` trigger and, on the right sidebar, create a new `Module Configuration`. Give it a name such as `My Organisation WithSecure` and enter your API Client credentials `Client ID`/`Secret` 6. In the Trigger Configuration section, Click on `Create new configuration`. 8. Write a `name`, paste the `intake_key` associated to your `WithSecure Elements` intake and click on `Save`. diff --git a/docs/integration/categories/generic/cef.md b/docs/integration/categories/generic/cef.md index bfd3c7c28a..16c9b05ff6 100644 --- a/docs/integration/categories/generic/cef.md +++ b/docs/integration/categories/generic/cef.md @@ -16,7 +16,7 @@ As of now, the main solution to collect CEF logs leverages the Rsyslog recipe. P ### Rsyslog -Please refer to the documentation of your vendor to forward events to your rsyslog server. The reader is also invited to consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please refer to the documentation of your vendor to forward events to your rsyslog server. The reader is also invited to consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/1d172ee6-cdc0-4713-9cfd-43f7d9595777_sample.md!} diff --git a/docs/integration/categories/iam/alsid.md b/docs/integration/categories/iam/alsid.md index e27a8aa880..11de868622 100644 --- a/docs/integration/categories/iam/alsid.md +++ b/docs/integration/categories/iam/alsid.md @@ -21,7 +21,7 @@ As of now, the main solution to collect Alsid logs leverages the Rsyslog recipe. ### Rsyslog -Please refer to the documentation of Alsid to forward events to your rsyslog server. The reader is also invited to consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please refer to the documentation of Alsid to forward events to your rsyslog server. The reader is also invited to consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/integration/detection_section.md!} diff --git a/docs/integration/categories/iam/azure_key_vault.md b/docs/integration/categories/iam/azure_key_vault.md index 307eed10a3..b0a44211c8 100644 --- a/docs/integration/categories/iam/azure_key_vault.md +++ b/docs/integration/categories/iam/azure_key_vault.md @@ -39,7 +39,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Azure Key Vault](../../../../../automate/library/microsoft-azure.md#collect-azure-blob-storage-events) +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Azure Key Vault](/integration/action_library/cloud_providers/microsoft-azure/#beta-collect-azure-blob-storage-events) 2. Set up the trigger configuration with `account_key`, `account_name` and the `container_name`. 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/iam/jumpcloud_directory_insights.md b/docs/integration/categories/iam/jumpcloud_directory_insights.md index d9ebece799..1cb0bc8086 100644 --- a/docs/integration/categories/iam/jumpcloud_directory_insights.md +++ b/docs/integration/categories/iam/jumpcloud_directory_insights.md @@ -34,7 +34,7 @@ Jumpcloud Directory Insights provides activity records related to your organizat To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Jumpcloud Directory Insights Connector](../../../automate/library/jumpcloud-directory-insights.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Jumpcloud Directory Insights Connector](/integration/action_library/iam/jumpcloud-directory-insights) trigger 2. Set up the module configuration with your API Key. Set up the trigger configuration with the intake key and select the event types you want to collect (`all` by default, refer to the [Jumpcloud Directory Insights service list](https://docs.jumpcloud.com/api/insights/directory/1.0/index.html#section/Using-the-Directory-Insights-API/JSON-POST-Request-Body) for other possible values). 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/iam/okta_system_log.md b/docs/integration/categories/iam/okta_system_log.md index d7c3662176..745a5f1c9a 100644 --- a/docs/integration/categories/iam/okta_system_log.md +++ b/docs/integration/categories/iam/okta_system_log.md @@ -27,7 +27,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new system logs from OKTA](../../../automate/library/okta.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new system logs from OKTA](/integration/action_library/iam/okta) trigger 2. Set up the module configuration with your API Key and the base url of your Okta instance. Set up the trigger configuration with the intake key 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/iam/openldap.md b/docs/integration/categories/iam/openldap.md index d439e2d465..c215943c9a 100644 --- a/docs/integration/categories/iam/openldap.md +++ b/docs/integration/categories/iam/openldap.md @@ -40,7 +40,7 @@ Below is a couple of suggestions you can follow to configure your system to coll ``` ### Forward logs to SEKOIA.IO -Please consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/integration/detection_section.md!} diff --git a/docs/integration/categories/network/aws_flow_logs.md b/docs/integration/categories/network/aws_flow_logs.md index efa548e939..f4f36e144c 100644 --- a/docs/integration/categories/network/aws_flow_logs.md +++ b/docs/integration/categories/network/aws_flow_logs.md @@ -45,8 +45,8 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: 1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with: - - the [AWS Fetch new Flowlogs on S3 connector](../../../../automate/library/aws.md#fetch-new-flowlogs-on-s3) for plain text files (gzipped included) - - the [AWS Fetch new FlowLogs Parquet records on S3 connector](../../../../automate/library/aws.md#fetch-new-flowlogs-parquet-records-on-s3) for parquet files + - the [AWS Fetch new Flowlogs on S3 connector](/integration/action_library/cloud_providers/aws/#fetch-new-flowlogs-on-s3) for plain text files (gzipped included) + - the [AWS Fetch new FlowLogs Parquet records on S3 connector](/integration/action_library/cloud_providers/aws/#fetch-new-flowlogs-parquet-records-on-s3) for parquet files 2. Set up the module configuration with the [AWS Access Key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), the secret key and the region name. Set up the trigger configuration with the name of the SQS queue and the intake key, from the intake previously created. 3. Start the playbook and enjoy your events. diff --git a/docs/integration/categories/network/azure_application_gateway.md b/docs/integration/categories/network/azure_application_gateway.md index 3961827a90..e87d65d097 100644 --- a/docs/integration/categories/network/azure_application_gateway.md +++ b/docs/integration/categories/network/azure_application_gateway.md @@ -48,7 +48,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/feature/automate/library/microsoft-azure.md#consume-eventhub-messages) +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/feature/automate/library/microsoft-azure/#consume-eventhub-messages) 2. Set up the trigger configuration with the EventHub's `Connection string-primary key`, the hub name, the consumer group, the storage's `Connection string-primary key` and the container name. 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/network/efficientip_solidserver_ddi.md b/docs/integration/categories/network/efficientip_solidserver_ddi.md index 6dda9d7c30..8e251358b9 100644 --- a/docs/integration/categories/network/efficientip_solidserver_ddi.md +++ b/docs/integration/categories/network/efficientip_solidserver_ddi.md @@ -68,7 +68,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ## Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/f95fea50-533c-4897-9272-2f8361e63644_sample.md!} diff --git a/docs/integration/categories/network/ekinops_oneos.md b/docs/integration/categories/network/ekinops_oneos.md index 7456a30293..51b8f2f882 100644 --- a/docs/integration/categories/network/ekinops_oneos.md +++ b/docs/integration/categories/network/ekinops_oneos.md @@ -49,7 +49,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/4760d0bc-2194-44e5-a876-85102b18d832_sample.md!} diff --git a/docs/integration/categories/network/juniper_switches.md b/docs/integration/categories/network/juniper_switches.md index ce7f7a0dca..ff93adaa67 100644 --- a/docs/integration/categories/network/juniper_switches.md +++ b/docs/integration/categories/network/juniper_switches.md @@ -86,7 +86,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/b1545bb3-6f55-4ba4-ac80-d649040a127c_sample.md!} diff --git a/docs/integration/categories/network/microsoft_always_on_vpn.md b/docs/integration/categories/network/microsoft_always_on_vpn.md index 545b53e691..699c117734 100644 --- a/docs/integration/categories/network/microsoft_always_on_vpn.md +++ b/docs/integration/categories/network/microsoft_always_on_vpn.md @@ -74,7 +74,7 @@ Restart the NXLog service through the Services tool as Administrator or use Powe ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. ### Enjoy your events Go to the [events page](https://app.sekoia.io/operations/events) to watch your incoming events. diff --git a/docs/integration/categories/network/netfilter.md b/docs/integration/categories/network/netfilter.md index 61ac2274d8..b34f6c1ad7 100644 --- a/docs/integration/categories/network/netfilter.md +++ b/docs/integration/categories/network/netfilter.md @@ -33,7 +33,7 @@ As of now, the main solution to send Netfilter events to Sekoia.io is to use a R ### Rsyslog -Please consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io +Please consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io ### Configure Netfilter using Iptables The first step is to configure Netfilter to log the awaited diff --git a/docs/integration/categories/network/openssh.md b/docs/integration/categories/network/openssh.md index f3fb702f65..9fa1bea577 100644 --- a/docs/integration/categories/network/openssh.md +++ b/docs/integration/categories/network/openssh.md @@ -19,7 +19,7 @@ As of now, the main solution to collect OpenSSH logs leverages the Rsyslog recip ### Rsyslog -Please refer to the documentation of OpenSSH to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please refer to the documentation of OpenSSH to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/b28db14b-e3a7-463e-8659-9bf0e577944f_sample.md!} diff --git a/docs/integration/categories/network/openvpn.md b/docs/integration/categories/network/openvpn.md index 395b3ae50c..a1c8d4cb0f 100644 --- a/docs/integration/categories/network/openvpn.md +++ b/docs/integration/categories/network/openvpn.md @@ -68,7 +68,7 @@ This setup guide will show you how to forward your OpenVPN logs to Sekoia.io by ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. ### Create the intake diff --git a/docs/integration/categories/network/opnsense.md b/docs/integration/categories/network/opnsense.md index 215709a168..8a44c529b8 100644 --- a/docs/integration/categories/network/opnsense.md +++ b/docs/integration/categories/network/opnsense.md @@ -46,7 +46,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. diff --git a/docs/integration/categories/network/pulse.md b/docs/integration/categories/network/pulse.md index 25386bc9b2..7cf2e84b8d 100644 --- a/docs/integration/categories/network/pulse.md +++ b/docs/integration/categories/network/pulse.md @@ -67,7 +67,7 @@ This setup guide will show you how to forward your Pulse Connect Secure logs to - Please refer to the documentation of Pulse Secure Connect to forward events to your syslog concentrator. 3. **Forward Logs to Sekoia.io:** - - The reader can consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. + - The reader can consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. ### Instruction on Sekoia diff --git a/docs/integration/categories/network/sesameit_jizo.md b/docs/integration/categories/network/sesameit_jizo.md index dd74348944..22f7162c4e 100644 --- a/docs/integration/categories/network/sesameit_jizo.md +++ b/docs/integration/categories/network/sesameit_jizo.md @@ -41,7 +41,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ## Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/ 46e14ac3-0b79-42d6-8630-da4fcdb8d5f1_sample.md!} diff --git a/docs/integration/categories/network/squid.md b/docs/integration/categories/network/squid.md index f6f2d47b11..15bcf362c1 100644 --- a/docs/integration/categories/network/squid.md +++ b/docs/integration/categories/network/squid.md @@ -16,7 +16,7 @@ As of now, the main solution to collect Squid logs leverages the Rsyslog recipe. ### Rsyslog -In this Section, we detail how to configure Squid’s logging output for Sekoia.io by means of the Rsyslog transport. We hereby focus on the configuration of Squid and invite the reader to the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +In this Section, we detail how to configure Squid’s logging output for Sekoia.io by means of the Rsyslog transport. We hereby focus on the configuration of Squid and invite the reader to the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. To configure Squid logging, you can create a new configuration `99-sekoiaio.conf` file in the `/etc/squid/conf.d/` directory of your server. With most of Squid configurations (including Debian, Red Hat Entreprise Linux, etc.), this file will automatically be used. diff --git a/docs/integration/categories/network/umbrella_dns.md b/docs/integration/categories/network/umbrella_dns.md index b0828dd806..ae45ad1a93 100644 --- a/docs/integration/categories/network/umbrella_dns.md +++ b/docs/integration/categories/network/umbrella_dns.md @@ -35,7 +35,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [AWS Fetch new logs on S3 connector](../../../../automate/library/aws.md#fetch-new-logs-on-s3) +1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [AWS Fetch new logs on S3 connector](/integration/action_library/cloud_providers/aws/#fetch-new-logs-on-s3) 2. Set up the module configuration with the [AWS Access Key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), the secret key and the region name. Set up the trigger configuration with the name of the SQS queue and the intake key, from the intake previously created 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/network/unbound.md b/docs/integration/categories/network/unbound.md index 0c74665554..76cf8807f0 100644 --- a/docs/integration/categories/network/unbound.md +++ b/docs/integration/categories/network/unbound.md @@ -17,7 +17,7 @@ Unbound is a validating, recursive, and caching DNS resolver product from NLnet This setup guide will show you how to forward logs produced by your Unbound server to Sekoia.io by means of an rsyslog transport channel. ### Configure the Rsyslog server -Please consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/5d9e261a-944c-4a76-8c61-6794fd44d9a8_sample.md!} diff --git a/docs/integration/categories/network_security/skyhigh_secure_web_gateway.md b/docs/integration/categories/network_security/skyhigh_secure_web_gateway.md index e7c648de87..8185e68124 100644 --- a/docs/integration/categories/network_security/skyhigh_secure_web_gateway.md +++ b/docs/integration/categories/network_security/skyhigh_secure_web_gateway.md @@ -44,7 +44,7 @@ To forward your logs to your log concentrator, in our MWG console: ``` if $programname == 'mwg' and $syslogfacility-text == 'daemon' and $syslogseverity-text == 'info' then @@: ``` - Replace the `` placeholder with the ip address of our log concentrator and `` by the listening port on the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) for the Skyhigh raw events. + Replace the `` placeholder with the ip address of our log concentrator and `` by the listening port on the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) for the Skyhigh raw events. !!!Note The double at characters without spaces (@@) indicates that syslog messages are transferred to a host using the TCP protocol. To use the UDP protocol, use single at character (@). @@ -52,7 +52,7 @@ To forward your logs to your log concentrator, in our MWG console: ## Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/40bac399-2d8e-40e3-af3b-f73a622c9687_sample.md!} diff --git a/docs/integration/categories/network_security/sonicwall_fw.md b/docs/integration/categories/network_security/sonicwall_fw.md index c5de4f8367..832891c529 100644 --- a/docs/integration/categories/network_security/sonicwall_fw.md +++ b/docs/integration/categories/network_security/sonicwall_fw.md @@ -40,7 +40,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/ee0b3023-524c-40f6-baf5-b69c7b679887_sample.md!} diff --git a/docs/integration/categories/network_security/sonicwall_sma.md b/docs/integration/categories/network_security/sonicwall_sma.md index 7bb4ae5a7c..62b8e999b3 100644 --- a/docs/integration/categories/network_security/sonicwall_sma.md +++ b/docs/integration/categories/network_security/sonicwall_sma.md @@ -38,7 +38,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/622999fe-d383-4d41-9f2d-eed5013fe463_sample.md!} diff --git a/docs/integration/categories/network_security/sophos_fw.md b/docs/integration/categories/network_security/sophos_fw.md index 2365bb2ec9..5c9fe544fa 100644 --- a/docs/integration/categories/network_security/sophos_fw.md +++ b/docs/integration/categories/network_security/sophos_fw.md @@ -31,7 +31,7 @@ You can configure a syslog server in Sophos Firewall by following the instructio ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/325369ba-8515-45b4-b750-5db882ea1266_sample.md!} diff --git a/docs/integration/categories/network_security/stormshield_network_security.md b/docs/integration/categories/network_security/stormshield_network_security.md index 6b610913e0..a81db23ac1 100644 --- a/docs/integration/categories/network_security/stormshield_network_security.md +++ b/docs/integration/categories/network_security/stormshield_network_security.md @@ -47,9 +47,9 @@ On a device, please download the [Sekoia.io intake certificate](https://app.seko ### Configure the log forwarding You have to go on your Sekoia.io instance to generate an "intake key". -Everything you need to do for this part of the configuration is described [here](../../../collect/intakes.md). +Everything you need to do for this part of the configuration is described [here](/xdr/features/collect/intakes). -Finally, to push logs, you have to [configure](../../../collect/ingestion_methods/index.md) some filters and rewrite rules in Syslog that will add the proper “intake key” considering your logs. +Finally, to push logs, you have to [configure](/integration/ingestion_methods/index) some filters and rewrite rules in Syslog that will add the proper “intake key” considering your logs. {!_shared_content/operations_center/integrations/generated/79029ef9-e5d3-44f3-b70f-fd3b54ba1fe4_sample.md!} diff --git a/docs/integration/categories/network_security/trellix_epo.md b/docs/integration/categories/network_security/trellix_epo.md index 97080ebecd..d11705e270 100644 --- a/docs/integration/categories/network_security/trellix_epo.md +++ b/docs/integration/categories/network_security/trellix_epo.md @@ -39,7 +39,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n To start to pull events, you have to: -1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Trellix](../../../automate/library/trellix.md) trigger +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Trellix](/integration/action_library/endpoint/trellix) trigger 2. Set up the module configuration with the Client Id and Client Secret. Set up the trigger configuration with the intake key 3. Start the playbook and enjoy your events diff --git a/docs/integration/categories/network_security/trellix_nx.md b/docs/integration/categories/network_security/trellix_nx.md index 4b102d5587..faea6d4741 100644 --- a/docs/integration/categories/network_security/trellix_nx.md +++ b/docs/integration/categories/network_security/trellix_nx.md @@ -41,7 +41,7 @@ You should have: Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Trellix Network Security. ### Configure the Rsyslog server -Please consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/bae128bb-98c6-45f7-9763-aad3451821e5_sample.md!} diff --git a/docs/integration/categories/network_security/ubika_waap.md b/docs/integration/categories/network_security/ubika_waap.md index 783afd3c2c..3bd91229ba 100644 --- a/docs/integration/categories/network_security/ubika_waap.md +++ b/docs/integration/categories/network_security/ubika_waap.md @@ -39,7 +39,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/6dbdd199-77ae-4705-a5de-5c2722fa020e_sample.md!} diff --git a/docs/integration/categories/network_security/varonis_data_security.md b/docs/integration/categories/network_security/varonis_data_security.md index 241eba36e6..fe12b89817 100644 --- a/docs/integration/categories/network_security/varonis_data_security.md +++ b/docs/integration/categories/network_security/varonis_data_security.md @@ -49,9 +49,9 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io -Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. -Currently, the syslog format generated by Varonis does not comply with RFC standards. As a result, the transmitted data is not inherently compatible with the Sekoia forwarder. Therefore, it is necessary to refer to [this documentation](../../../ingestion_methods/sekoiaio_forwarder/#import-a-custom-rsyslog-configuration) in order to extend the default configuration of the forwarder (available since version 2.4) and add this specific configuration for Varonis logs: +Currently, the syslog format generated by Varonis does not comply with RFC standards. As a result, the transmitted data is not inherently compatible with the Sekoia forwarder. Therefore, it is necessary to refer to [this documentation](/integration/ingestion_methods/syslog/sekoiaio_forwarder#import-a-custom-rsyslog-configuration) in order to extend the default configuration of the forwarder (available since version 2.4) and add this specific configuration for Varonis logs: ```bash input(type="im$PROTOCOL" port="$PORT" ruleset="remoteVaronis") diff --git a/docs/integration/categories/network_security/vectra.md b/docs/integration/categories/network_security/vectra.md index 3b8eff60c5..511036fc0c 100644 --- a/docs/integration/categories/network_security/vectra.md +++ b/docs/integration/categories/network_security/vectra.md @@ -17,7 +17,7 @@ Vectra provides AI-powered incident detection and resolution support for native This setup guide will show you how to forward logs produced by your Vectra Appliance server to Sekoia.io by means of an rsyslog transport channel. ### Configure the Rsyslog server -Please consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io. +Please consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/bf8867ee-43b7-444c-9475-a7f43754ab6d_sample.md!} diff --git a/docs/integration/categories/network_security/watchguard_firebox.md b/docs/integration/categories/network_security/watchguard_firebox.md index be73e9e568..95a6301316 100644 --- a/docs/integration/categories/network_security/watchguard_firebox.md +++ b/docs/integration/categories/network_security/watchguard_firebox.md @@ -34,7 +34,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ## Forward logs to Sekoia.io -Please consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation or [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. +Please consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation or [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io. {!_shared_content/operations_center/integrations/generated/d719e8b5-85a1-4dad-bf71-46155af56570_sample.md!} diff --git a/docs/integration/categories/network_security/zscaler_zia.md b/docs/integration/categories/network_security/zscaler_zia.md index c3ad2b29bd..cad4446785 100644 --- a/docs/integration/categories/network_security/zscaler_zia.md +++ b/docs/integration/categories/network_security/zscaler_zia.md @@ -100,7 +100,7 @@ In the Zscaler ZIA console: #### Forward logs to Sekoia.io -For more information on forwarding logs to Sekoia.io, see [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) +For more information on forwarding logs to Sekoia.io, see [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) ### Forward events with Cloud NSS Feed From a867b2b37bc409aaad9a7b099742d22451a3dea8 Mon Sep 17 00:00:00 2001 From: Bivic Date: Mon, 5 Aug 2024 16:54:29 +0200 Subject: [PATCH 3/3] stormshield endpoint to stromshield ses --- .../endpoint/{stormshield_endpoint.md => stormshield_ses.md} | 0 mkdocs.yml | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename docs/integration/categories/endpoint/{stormshield_endpoint.md => stormshield_ses.md} (100%) diff --git a/docs/integration/categories/endpoint/stormshield_endpoint.md b/docs/integration/categories/endpoint/stormshield_ses.md similarity index 100% rename from docs/integration/categories/endpoint/stormshield_endpoint.md rename to docs/integration/categories/endpoint/stormshield_ses.md diff --git a/mkdocs.yml b/mkdocs.yml index 859a641d7d..9a88a29f46 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -362,7 +362,7 @@ nav: - SentinelOne Cloud Funnel 2.0: integration/categories/endpoint/sentinelone_cloudfunnel2.0.md - Sekoia.io Endpoint Agent: integration/categories/endpoint/sekoiaio.md - Sophos EDR: integration/categories/endpoint/sophos_edr.md - - Stormshield SES: integration/categories/endpoint/stormshield_endpoint.md + - Stormshield SES: integration/categories/endpoint/stormshield_ses.md - Symantec Endpoint Protection: integration/categories/endpoint/symantec_epp.md - TEHTRIS Endpoint Detection & Reponse: integration/categories/endpoint/tehtris_edr.md - Tanium: integration/categories/endpoint/tanium.md @@ -723,7 +723,7 @@ plugins: xdr/features/collect/integrations/endpoint/panda_security_aether.md: integration/categories/endpoint/panda_security_aether.md xdr/features/collect/integrations/endpoint/sentinelone.md: integration/categories/endpoint/sentinelone.md xdr/features/collect/integrations/endpoint/sophos_edr.md: integration/categories/endpoint/sophos_edr.md - xdr/features/collect/integrations/endpoint/stormshield_endpoint.md: integration/categories/endpoint/stormshield_endpoint.md + xdr/features/collect/integrations/endpoint/stormshield_endpoint.md: integration/categories/endpoint/stormshield_ses.md xdr/features/collect/integrations/endpoint/symantec_epp.md: integration/categories/endpoint/symantec_epp.md xdr/features/collect/integrations/endpoint/tanium.md: integration/categories/endpoint/tanium.md xdr/features/collect/integrations/endpoint/tehtris_edr.md: integration/categories/endpoint/tehtris_edr.md