Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Massive fixes on links #1948

Merged
merged 3 commits into from
Aug 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/integration/categories/applicative/azure_files.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/feature/automate/library/microsoft-azure.md#consume-eventhub-messages)
1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Consume Eventhub messages](/xdr/feature/automate/library/microsoft-azure/#consume-eventhub-messages)
2. Set up the trigger configuration with the EventHub's `Connection string-primary key`, the hub name, the consumer group, the storage's `Connection string-primary key` and the container name.
3. Start the playbook and enjoy your events

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new audit logs from Github](../../../automate/library/github.md) trigger
1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new audit logs from Github](/integration/action_library/collaboration_tools/github) trigger
2. Set up the module configuration with the Github organization and the APIkey. Set up the trigger configuration with the intake key
3. Start the playbook and enjoy your events

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/applicative/salesforce.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Salesforce](../../../automate/library/salesforce.md) trigger
1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Salesforce](/integration/action_library/applicative/salesforce) trigger
2. Set up the module configuration with the consumer key and consumer secret. Set up the trigger configuration with the intake key
3. Start the playbook and enjoy your events

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/applicative/veeam_backup.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

### Forward logs to Sekoia.io

Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io.
Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io.

{!_shared_content/operations_center/integrations/generated/dbebefdd-dd2e-48a9-89e6-ee5a00ee0956_sample.md!}

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/email/o365.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ Go to your Sekoia.io [playbooks page](https://app.sekoia.io/operations/playbooks
#### Alternative mode

If you are unable or you don't want to collect Office 365 logs through the management API,
Sekoia.io also supports Office 365 log collection through Azure EventHub. Follow [this guide](o365_appendix.md) for more details on this solution.
Sekoia.io also supports Office 365 log collection through Azure EventHub. Follow [this guide](/integration/categories/endpoint/azure_windows) for more details on this solution.


### Collect Microsoft Defender for Office365 events
Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/email/postfix.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ As of now, the main solution to collect Postfix logs leverages the Rsyslog recip

### Rsyslog

Please refer to the documentation of Postfix to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io.
Please refer to the documentation of Postfix to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io.

{!_shared_content/operations_center/integrations/generated/eb727929-6a06-4e68-a09d-cf0e5daf3ccd_sample.md!}

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/email/proofpoint_pod.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

### Pull events

Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint PoD connector](../../../automate/library/proofpoint.md#get-proofpoint-pod-events).
Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint PoD connector](/integration/action_library/applicative/proofpoint/#get-proofpoint-pod-events).

Set up the trigger configuration with the api key, the cluster id and the intake key. Customize others parameters if needed.

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/email/proofpoint_tap.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

### Pull events

Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint TAP connector](../../../automate/library/proofpoint.md#get-proofpoint-tap-events).
Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [ProofPoint TAP connector](/integration/action_library/applicative/proofpoint/#get-proofpoint-tap-events).

Set up the trigger configuration with the service principal, the secret and the intake key. Customize others parameters if needed.

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/email/vade.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ Lastly, you must add the Sekoia's action `Push Events to intake` to the graph an
- the Sekoia.io `api_key` generated within the user center
- the `base_url` (`https://intake.sekoia.io`)
- the `events_path` to push on Intake (your logs, you will probably fill it with `{{ node.0['emails_path'] }}`)
- the `intake_key` of the intake you have previously created (documentation can be found [here](../../intakes.md))
- the `intake_key` of the intake you have previously created (documentation can be found [here](/xdr/features/collect/intakes))

{!_shared_content/operations_center/integrations/generated/e4a758fc-7620-49e6-b8ed-b7fb3d7fa232_sample.md!}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ To create the intake, go to the [intake page](https://app.sekoia.io/operations/i

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Check Point Harmony Mobile](../../../automate/library/check-point.md) trigger
1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Check Point Harmony Mobile](/integration/action_library/network/check-point) trigger
2. Set up the module configuration with the Client ID, Client Secret and Authentication URL.
3. Set up the trigger configuration with the intake key
4. Start the playbook and enjoy your events
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from CrowdStrike Data replication](../../../automate/library/crowdstrike.md) trigger
1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from CrowdStrike Data replication](/integration/action_library/endpoint/crowdstrike) trigger
2. Set up the module configuration with your client id, the client secret and the region. Set up the trigger configuration with the intake key and the queue name.
3. Start the playbook and enjoy your events

Expand Down
4 changes: 2 additions & 2 deletions docs/integration/categories/endpoint/cybereason_malop.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Cybereason offers a set of Endpoint Detection and Response (EDR) solutions. Thro

!!! warning
If your tenant uses an allowlist to authorize connections, please ensure that Sekoia.io's IPs are allowed.
See our [FAQ](../../../../FAQ.md) to get our IPs.
See our [FAQ](/xdr/FAQ) to get our IPs.


## Configure
Expand All @@ -36,7 +36,7 @@ Keep aside the intake key.

To start pulling events, you have to:

1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from Cybereason](../../../../automate/library/cybereason) module.
1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from Cybereason](/integration/action_library/endpoint/cybereason.md) module.
2. Set up the module configuration with your Cybereason username and password.
3. Set up the trigger configuration with your intake key
4. Start the playbook and enjoy your [events](https://app.sekoia.io/operations/events).
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Keep aside the intake key.

### Setup the Syslog collector

Check the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to install and set up the syslog collector.
Check the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to install and set up the syslog collector.

Once the setup has completed, write down the IP address and port. This information will be used in the next step.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ type: intake

There are different types of logs produced by GKE:

**Auditd logs**: Most important logs from a security point of view. We recommend that you use [Auditbeat](../../../endpoint/auditbeat_linux/) to collect Auditd logs.
**Auditd logs**: Most important logs from a security point of view. We recommend that you use [Auditbeat](/integration/categories/endpoint/auditbeat_linux) to collect Auditd logs.

**Flow Logs**: From [Google VPC FLow Logs documentation](https://cloud.google.com/vpc/docs/using-flow-logs):
> VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as GKE nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization.

Please read the [dedicated documentation](google_vpc_flow_logs.md).
Please read the [dedicated documentation](/integration/categories/network/google_vpc_flow_logs).
(*Intake type: Google VPC Flow Logs*)

**Activity logs** (*Intake type: Google Cloud Audit log*):
Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/endpoint/ibm_i.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

## Send logs to Sekoia.io

Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io.
Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io.

{!_shared_content/operations_center/integrations/generated/fc03f783-5039-415e-915a-a4b010d9a872_sample.md!}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ As of now, the main solution to collect Windows logs with Log Insight leverages

### Rsyslog

Please refer to the documentation of Linux to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](../../../ingestion_methods/syslog/overview/) documentation to forward these logs to Sekoia.io.
Please refer to the documentation of Linux to forward events to your rsyslog server. The reader can consult the [Rsyslog Transport](/integration/ingestion_methods/syslog/overview) documentation to forward these logs to Sekoia.io.

{!_shared_content/operations_center/integrations/generated/ee54dd8e-4bd4-4fe8-9d9d-1a018cd8c4bb_sample.md!}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

### Pull events

Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Panda Security trigger](../../../automate/library/panda-security.md#fetch-security-events). You can use the existing template to fasten and ease the creation of your playbook.
Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Panda Security trigger](/integration/action_library/endpoint/panda-security/#fetch-security-events). You can use the existing template to fasten and ease the creation of your playbook.

Set up the module configuration with an access ID, the password of the access ID (`access_secret`), your WatchGuard Cloud account ID (`account_id`), the API Key (`api_key`).
Set the `base_url` with the domain part of the API Url (e.g: for the API URL `https://api.usa.cloud.watchguard.com/rest/`, the `base_url` is `https://api.usa.cloud.watchguard.com`).
Expand Down
4 changes: 2 additions & 2 deletions docs/integration/categories/endpoint/sekoiaio.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ The Endpoint Detection Agent supports the following operating systems, **on 64-b

## New features

To find out about the changes between each version please check the [agent's changelog](sekoiaio_changelog.md)
To find out about the changes between each version please check the [agent's changelog](https://changelog.sekoia.io/changelog?type=t6527b1484d556)

## Prerequisites
The Sekoia.io Endpoint Agent uses the HTTPS protocol to send its events and has an automatic update mechanism. As a prerequisite, it's necessary to open the following streams:
Expand Down Expand Up @@ -523,7 +523,7 @@ The proxy URL should follow the format `http://user:pass@host:port`.

A proper security log auditing configuration will allow the agent to collect different security-related events.

This document can be followed for an optimal configuration: [Configuring Security Log Audit Settings](https://github.com/Yamato-Security/EnableWindowsLogSettings/blob/main/ConfiguringSecurityLogAuditPolicies.md).
This document can be followed for an optimal configuration: [Configuring Security Log Audit Settings](https://github.com/Yamato-Security/EnableWindowsLogSettings/blob/main/ConfiguringSecurityLogAuditPolicies).

=== "Linux"

Expand Down
4 changes: 2 additions & 2 deletions docs/integration/categories/endpoint/sentinelone.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Depending on the context of the log, additional content could be available, such
- File information

!!! Tip
For advanced log collection, we suggest you use the SentinelOne Cloud Funnel 2.0 option, as described in the [SentinelOne Cloud Funnel 2.0 integration](sentinelone_cloudfunnel2.0.md).
For advanced log collection, we suggest you use the SentinelOne Cloud Funnel 2.0 option, as described in the [SentinelOne Cloud Funnel 2.0 integration](/integration/categories/endpoint/sentinelone_cloudfunnel2.0).


## Configure
Expand All @@ -42,7 +42,7 @@ This setup guide will show you how to pull events produced by SentinelOne EDR on
4. Select `Create User` and copy the generated API token.

!!! note
A `Service User` with the `Site Admin` or `IR Team` role can mitigate threats from [Sekoia.io](https://app.sekoia.io/) using [SentinelOne playbook actions](/xdr/features/automate/library/sentinelone.md). A user with the `Site Viewer` role can view activity events and threats but cannot take action.
A `Service User` with the `Site Admin` or `IR Team` role can mitigate threats from [Sekoia.io](https://app.sekoia.io/) using [SentinelOne playbook actions](/xdr/features/automate/library/sentinelone). A user with the `Site Viewer` role can view activity events and threats but cannot take action.

## Create a SentinelOne intake

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ SentinelOne Deep Visibility logs provides in-depth logs that are useful for dete
No additional installation or configuration on the agents is needed.

!!! warning
Alerts and Events logs from the SentinelOne console are not available with CloudFunnel. To collect events to be able to have information on access to the console, one must configure the SentinelOne log collection from API as documented [here](./sentinelone.md).
Alerts and Events logs from the SentinelOne console are not available with CloudFunnel. To collect events to be able to have information on access to the console, one must configure the SentinelOne log collection from API as documented [here](/integration/categories/endpoint/sentinelone).

Please find bellow a short list of activities that are available for security supervision thanks to SentinelOne Deep Visibility logs:

Expand Down Expand Up @@ -96,7 +96,7 @@ In the [Sekoia.io Operations Center](https://app.sekoia.io/operations/intakes):
To start pulling events, follow these steps:

1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks)
2. Create a new playbook with the [AWS Fetch new logs on S3 connector](../../../../automate/library/aws#fetch-new-logs-on-s3)
2. Create a new playbook with the [AWS Fetch new logs on S3 connector](/integration/action_library/cloud_providers/aws#fetch-new-logs-on-s3)
3. Set up the module configuration with the [AWS Access Key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), the secret key and the region name
4. Set up the trigger configuration with the name of the SQS queue and the intake key (from the intake previously created)
5. Start the playbook and enjoy your events
Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/endpoint/sophos_edr.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ In the Sophos Central Admin console:
1. Go to the [Playbook page](https://app.sekoia.io/operations/playbooks).
2. Click on `+ PLAYBOOK` and choose `Create a playbook from scratch`.
3. Give it a name and a description and click on `Next`.
4. In `Choose a trigger`, select the [Get Sophos events](../../../../automate/library/sophos/#get-sophos-events).
4. In `Choose a trigger`, select the [Get Sophos events](/integration/action_library/endpoint/sophos/#get-sophos-events).
5. Click on the `Get Sophos events` module on the right sidebar and in the `Module Configuration` section, select `Create new configuration`.
6. Write a `name` and paste the `client_id` and `client_secret` from the Sophos console and click on `Save`.

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/endpoint/tanium.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Tanium solutions manage and protect networks and endpoints.


## Configure
Tanium logs can be collected under the rsyslog format and then forward to Sekoia.io. Refer to the official documentation of Tanium to forward your logs under rsyslog format and consult the [Rsyslog Transport](../../../ingestion_methods/rsyslog/) documentation to forward these logs to Sekoia.io.
Tanium logs can be collected under the rsyslog format and then forward to Sekoia.io. Refer to the official documentation of Tanium to forward your logs under rsyslog format and consult the [Rsyslog Transport](/integration/ingestion_methods/rsyslog) documentation to forward these logs to Sekoia.io.

{!_shared_content/operations_center/integrations/generated/59991ced-c2a0-4fb0-91f3-49e3993c16f5_sample.md!}

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/endpoint/tehtris_edr.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ To create the intake, go to the [intake page](https://app.sekoia.io/operations/i

To start to pull events, you have to:

1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from TEHTRIS](../../../automate/library/tehtris.md#fetch-new-events-from-tehtris) module
1. Go to the [playbook page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Fetch new events from TEHTRIS](/integration/action_library/endpoint/tehtris/#fetch-new-events-from-tehtris) module

2. Set up the module configuration with your API key and your tenant ID (most of time, your tenant ID is the subdomain of your TEHTRIS instance; eg: `https://{tenant_id}.tehtris.net`)

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/endpoint/trellix_edr.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Trellix](../../../automate/library/trellix.md) trigger
1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Trellix](/integration/action_library/endpoint/trellix) trigger
2. Set up the module configuration with the Client Id and Client Secret. Set up the trigger configuration with the intake key
3. Start the playbook and enjoy your events

Expand Down
2 changes: 1 addition & 1 deletion docs/integration/categories/endpoint/vmware_esxi.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n

## Forward logs to Sekoia.io

Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io.
Please consult the [Syslog Forwarding](/integration/ingestion_methods/syslog/sekoiaio_forwarder) documentation to forward these logs to Sekoia.io.

{!_shared_content/operations_center/integrations/generated/2b13307b-7439-4973-900a-2b58303cac90_sample.md!}

Expand Down
Loading
Loading