SEKOIA-IO · Darkheir · Oct 16, 2024 · Oct 16, 2024
diff --git a/_shared_content/automate/library/atlassian-jira.md b/_shared_content/automate/library/atlassian-jira.md
@@ -1,3 +1,7 @@
+uuid: d1445e5e-8e3b-417f-ae19-bca67a10affd
+name: Atlassian JIRA
+type: playbook
+
 # Atlassian JIRA
 
 ![Atlassian JIRA](/assets/playbooks/library/atlassian-jira.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/aws.md b/_shared_content/automate/library/aws.md
@@ -1,3 +1,7 @@
+uuid: b4462429-6f0f-42b5-87b8-430111697d28
+name: AWS
+type: playbook
+
 # AWS
 
 ![AWS](/assets/playbooks/library/aws.svg){ align=right width=150 }
@@ -59,119 +63,6 @@ Get the last records from FlowLog (deprecated in flavor of Fetch new logs on S3)
 | `records_path` | `string` | The filename containing the records |
 
 
-### Fetch new CloudFront logs on S3
-
-Get all CloudFront records from S3
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `queue_name` | `string` | The name of the SQS queue that received the notifications of the creation of S3 objects |
-| `chunk_size` | `integer` | The size of chunks for the batch processing |
-| `separator` | `string` | The separator used between each records (default: the linefeed character '\n') |
-| `skip_first` | `integer` | The number of records to skip at the begining of each S3 object (default: 0) |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-
-
-### Fetch new Flowlogs on S3
-
-Get line-oriented Flowlog records from new S3 objects based on notifications
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `queue_name` | `string` | The name of the SQS queue that received the notifications of the creation of S3 objects |
-| `chunk_size` | `integer` | The size of chunks for the batch processing |
-| `separator` | `string` | The separator used between each records (default: the linefeed character '\n') |
-| `skip_first` | `integer` | The number of records to skip at the begining of each S3 object (default: 0) |
-| `ignore_comments` | `boolean` | Flag to ignore commented lines (starting with the character `#`; default: false) |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-
-
-### Fetch new FlowLogs Parquet records on S3
-
-Get FlowLogs records from new S3 Parquet objects based on notifications
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `queue_name` | `string` | The name of the SQS queue that received the notifications of the creation of S3 objects |
-| `chunk_size` | `integer` | The size of chunks for the batch processing |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-
-
-### Fetch new logs on S3
-
-Get line-oriented records from new S3 objects based on notifications
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `queue_name` | `string` | The name of the SQS queue that received the notifications of the creation of S3 objects |
-| `chunk_size` | `integer` | The size of chunks for the batch processing |
-| `separator` | `string` | The separator used between each records (default: the linefeed character '\n') |
-| `skip_first` | `integer` | The number of records to skip at the begining of each S3 object (default: 0) |
-| `ignore_comments` | `boolean` | Flag to ignore commented lines (starting with the character `#`; default: false) |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-
-
-### Fetch new OCSF records on S3
-
-Get OSCF records from new S3 Parquet objects based on notifications
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `queue_name` | `string` | The name of the SQS queue that received the notifications of the creation of S3 objects |
-| `chunk_size` | `integer` | The size of chunks for the batch processing |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-
-
-### Fetch new CloudTrail records on S3
-
-Get Cloudtrail records from new S3 objects based on notifications
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `queue_name` | `string` | The name of the SQS queue that received the notifications of the creation of S3 objects |
-| `chunk_size` | `integer` | The size of chunks for the batch processing |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-
-
-### Fetch new messages from the SQS
-
-Get messages from SQS
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `queue_name` | `string` | The name of the SQS queue |
-| `chunk_size` | `integer` | The size of chunks for the batch processing |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-
-
 ## Extra
 
 Module **`AWS` v1.31.6**
diff --git a/_shared_content/automate/library/binaryedge-s-api.md b/_shared_content/automate/library/binaryedge-s-api.md
@@ -1,3 +1,7 @@
+uuid: d9ba02ab-cb1e-4c8d-bf60-feebfc3700d6
+name: BinaryEdge's API
+type: playbook
+
 # BinaryEdge's API
 
 ![BinaryEdge's API](/assets/playbooks/library/binaryedge-s-api.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/censys.md b/_shared_content/automate/library/censys.md
@@ -1,3 +1,7 @@
+uuid: 48a7eb68-f319-4498-b3ed-461d690e6d05
+name: Censys
+type: playbook
+
 # Censys
 
 ![Censys](/assets/playbooks/library/censys.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/certificate-transparency.md b/_shared_content/automate/library/certificate-transparency.md
@@ -1,3 +1,7 @@
+uuid: 6d6cfd48-1f93-423c-bc8d-0fe5d3029395
+name: Certificate Transparency
+type: playbook
+
 # Certificate Transparency
 
 ![Certificate Transparency](/assets/playbooks/library/certificate-transparency.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/crowdstrike-falcon.md b/_shared_content/automate/library/crowdstrike-falcon.md
@@ -1,3 +1,7 @@
+uuid: 4fdbae70-e9cd-492e-9a39-24ce99325e3f
+name: CrowdStrike Falcon
+type: playbook
+
 # CrowdStrike Falcon
 
 ![CrowdStrike Falcon](/assets/playbooks/library/crowdstrike-falcon.png){ align=right width=150 }
@@ -12,21 +16,6 @@ Integrates with CrowdStrike Falcon EDR
 | `client_secret` | `string` | Client Secret |
 | `base_url` | `string` | Base URL of the API |
 
-## Triggers
-
-### Fetch CrowdStrike Falcon Events
-
-Get latest events from CrowdStrike Falcon
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `intake_key` | `string` | Intake key to use when sending events |
-| `tg_base_url` | `string` | The base_url for the ThreatGraphAPI |
-| `tg_username` | `['string', 'null']` | The username for the ThreatGraphAPI |
-| `tg_password` | `['string', 'null']` | The password for the ThreatGraphAPI |
-
 ## Actions
 
 ### Block IOC

diff --git a/_shared_content/automate/library/detection-rules.md b/_shared_content/automate/library/detection-rules.md
@@ -1,3 +1,7 @@
+uuid: fd4754b9-aff6-4865-92c7-bb0b1d5605c0
+name: Detection Rules
+type: playbook
+
 # Detection Rules
 
 ![Detection Rules](/assets/playbooks/library/detection-rules.svg){ align=right width=150 }

diff --git a/_shared_content/automate/library/digital-shadows.md b/_shared_content/automate/library/digital-shadows.md
@@ -1,3 +1,7 @@
+uuid: e76687ed-db66-482a-8549-f3ef3b248e06
+name: Digital Shadows
+type: playbook
+
 # Digital Shadows
 
 ![Digital Shadows](/assets/playbooks/library/digital-shadows.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/fortigate-firewalls.md b/_shared_content/automate/library/fortigate-firewalls.md
@@ -1,3 +1,7 @@
+uuid: ca9a9497-bcd2-4d0c-b0c1-72699231feb2
+name: Fortigate Firewalls
+type: playbook
+
 # Fortigate Firewalls
 
 ![Fortigate Firewalls](/assets/playbooks/library/fortigate-firewalls.svg){ align=right width=150 }

diff --git a/_shared_content/automate/library/git.md b/_shared_content/automate/library/git.md
@@ -1,3 +1,7 @@
+uuid: 0a0cdc27-5b29-41e0-9a0c-36ee065922e5
+name: Git
+type: playbook
+
 # Git
 
 ![Git](/assets/playbooks/library/git.svg){ align=right width=150 }

diff --git a/_shared_content/automate/library/glimps.md b/_shared_content/automate/library/glimps.md
@@ -1,3 +1,7 @@
+uuid: 3ba4b84b-c323-48ef-93d2-6f3544c783d6
+name: GLIMPS
+type: playbook
+
 # GLIMPS
 
 ![GLIMPS](/assets/playbooks/library/glimps.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/google.md b/_shared_content/automate/library/google.md
@@ -1,3 +1,7 @@
+uuid: 4f682a9e-9a25-43a5-8a48-cd9bd7fade7e
+name: Google
+type: playbook
+
 # Google
 
 ![Google](/assets/playbooks/library/google.svg){ align=right width=150 }
@@ -10,65 +14,6 @@ Google module
 | --------- | ------- | --------------------------- |
 | `credentials` | `object` | Credentials to use. You can find them in the credentials file |
 
-## Triggers
-
-### Get user activities
-
-Get user activities using google reports
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `application_name` | `string` | The application from which the activities should be fetched |
-| `timedelta` | `integer` | The temporal shift, in the past, in minutes, the connector applies when fetching the events (default to 0 minutes ago) |
-| `start_time` | `integer` | The number of hours from which events should be queried. |
-| `chunk_size` | `integer` | The max size of chunks for the batch processing |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-| `admin_mail` | `string` | Email of your google admin |
-
-
-### Get login user activities
-
-Get Login user activities using google reports api
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `timedelta` | `integer` | The temporal shift, in the past, in minutes, the connector applies when fetching the events (default to 150 minutes ago) |
-| `start_time` | `integer` | The number of hours from which events should be queried. |
-| `chunk_size` | `integer` | The max size of chunks for the batch processing |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `intake_key` | `string` | Intake key to use when sending events |
-| `admin_mail` | `string` | Email of your google admin |
-
-
-### Connect to the specified project subscription
-
-Connect to the Google Cloud Pub/Sub topic and return events
-
-**Arguments**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `intake_key` | `string` | Intake key to use when sending events |
-| `frequency` | `integer` | Batch frequency in seconds |
-| `intake_server` | `string` | Server of the intake server (e.g. 'https://intake.sekoia.io') |
-| `project_id` | `string` | Project ID |
-| `subject_id` | `string` | Subscription ID |
-| `chunk_size` | `integer` | The size of chunks for the batch processing (max is 1000) |
-
-
-**Outputs**
-
-| Name      |  Type   |  Description  |
-| --------- | ------- | --------------------------- |
-| `messages_path` | `string` | Path to the file holding the results |
-
 ## Actions
 
 ### Run a query against a BigQuery table

diff --git a/_shared_content/automate/library/harfanglab.md b/_shared_content/automate/library/harfanglab.md
@@ -1,3 +1,7 @@
+uuid: 8380240b-61a4-48b7-93e4-044a7ee2309b
+name: HarfangLab
+type: playbook
+
 # HarfangLab
 
 ![HarfangLab](/assets/playbooks/library/harfanglab.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/http.md b/_shared_content/automate/library/http.md
@@ -1,3 +1,7 @@
+uuid: 5894985f-91eb-46db-9306-cc5ac6463d3d
+name: HTTP
+type: playbook
+
 # HTTP
 
 ![HTTP](/assets/playbooks/library/http.svg){ align=right width=150 }

diff --git a/_shared_content/automate/library/iknowwhatyoudownload.md b/_shared_content/automate/library/iknowwhatyoudownload.md
@@ -1,3 +1,7 @@
+uuid: 3c334ccd-91be-49d5-9267-915db6ab588e
+name: IKnowWhatYouDownload
+type: playbook
+
 # IKnowWhatYouDownload
 
 ![IKnowWhatYouDownload](/assets/playbooks/library/iknowwhatyoudownload.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/ipinfo.md b/_shared_content/automate/library/ipinfo.md
@@ -1,3 +1,7 @@
+uuid: 2f8ad4f8-7740-4ce9-ab1d-9903d79c0739
+name: IPInfo
+type: playbook
+
 # IPInfo
 
 ![IPInfo](/assets/playbooks/library/ipinfo.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/iptoasn.md b/_shared_content/automate/library/iptoasn.md
@@ -1,3 +1,7 @@
+uuid: b1c26bbd-8ec6-464b-a979-bc1f804417b2
+name: IPtoASN
+type: playbook
+
 # IPtoASN
 
 ![IPtoASN](/assets/playbooks/library/iptoasn.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/mandrill.md b/_shared_content/automate/library/mandrill.md
@@ -1,3 +1,7 @@
+uuid: bc2699a6-93e5-4d74-816d-4186d6eb3ce8
+name: Mandrill
+type: playbook
+
 # Mandrill
 
 ![Mandrill](/assets/playbooks/library/mandrill.svg){ align=right width=150 }

diff --git a/_shared_content/automate/library/mattermost.md b/_shared_content/automate/library/mattermost.md
@@ -1,3 +1,7 @@
+uuid: 89c860f0-3e73-4946-a5c9-431deb33b0e8
+name: Mattermost
+type: playbook
+
 # Mattermost
 
 ![Mattermost](/assets/playbooks/library/mattermost.svg){ align=right width=150 }

diff --git a/_shared_content/automate/library/microsoft-active-directory.md b/_shared_content/automate/library/microsoft-active-directory.md
@@ -1,3 +1,7 @@
+uuid: b2d96259-af89-4f7a-ae6e-a0af2d2400f3
+name: Microsoft Active Directory
+type: playbook
+
 # Microsoft Active Directory
 
 ![Microsoft Active Directory](/assets/playbooks/library/microsoft-active-directory.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/microsoft-entra-id.md b/_shared_content/automate/library/microsoft-entra-id.md
@@ -1,3 +1,7 @@
+uuid: 3abf7928-65ef-4a5f-ba3e-5fbe56123d0c
+name: Microsoft Entra ID
+type: playbook
+
 # Microsoft Entra ID
 
 ![Microsoft Entra ID](/assets/playbooks/library/microsoft-entra-id.svg){ align=right width=150 }

diff --git a/_shared_content/automate/library/microsoft-windows-server.md b/_shared_content/automate/library/microsoft-windows-server.md
@@ -1,3 +1,7 @@
+uuid: 33ea4995-5454-4091-a19f-497cb213346a
+name: Microsoft Windows Server
+type: playbook
+
 # Microsoft Windows Server
 
 ![Microsoft Windows Server](/assets/playbooks/library/microsoft-windows-server.png){ align=right width=150 }

diff --git a/_shared_content/automate/library/misp.md b/_shared_content/automate/library/misp.md
@@ -1,3 +1,7 @@
+uuid: df3a0c67-592b-45b2-8465-48473929c7f9
+name: MISP
+type: playbook
+
 # MISP
 
 ![MISP](/assets/playbooks/library/misp.png){ align=right width=150 }