Merge pull request #1589 from SEKOIA-IO/fix/UpdateIntakeDocumentation

Update intake documentation
SEKOIA-IO · Jan 28, 2024 · 0b486f9 · 0b486f9
2 parents fe07a6b + 69c4eb6
commit 0b486f9
Show file tree

Hide file tree

Showing 5 changed files with 733 additions and 0 deletions.
diff --git a/...perations_center/integrations/generated/05e6f36d-cee0-4f06-b575-9e43af779f9f.md b/...perations_center/integrations/generated/05e6f36d-cee0-4f06-b575-9e43af779f9f.md
diff --git a/...perations_center/integrations/generated/23b75d0c-2026-4d3e-b916-636c27ba4931.md b/...perations_center/integrations/generated/23b75d0c-2026-4d3e-b916-636c27ba4931.md
@@ -292,6 +292,120 @@ Find below few samples of events and how they are normalized by Sekoia.io.
 	```
 
 
+=== "test_log1.json"
+
+    ```json
+
+    {
+        "message": "Info: 1649655138.876 43 10.10.209.152 TCP_MISS/200 4936 GET http://formationenligne.barthelemy-avocats.com/lib/ajax/service-nologin.php?info=core_output_load_template_with_dependencies,core_output_load_template_with_dependencies,core_output_load_template_with_dependencies&cachekey=1647340070&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core_message%22%2C%22template%22%3A%22message_jumpto%22%2C%22themename%22%3A%22fordson%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22tool_usertours%22%2C%22template%22%3A%22resettour%22%2C%22themename%22%3A%22fordson%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22block_recentlyaccess",
+        "event": {
+            "category": [
+                "network",
+                "web"
+            ],
+            "kind": "event"
+        },
+        "cisco_wsa": {
+            "threat": {
+                "category": "Not Set"
+            }
+        },
+        "network": {
+            "direction": "egress"
+        },
+        "observer": {
+            "product": "Cisco Web Security Appliances",
+            "type": "proxy",
+            "vendor": "Cisco"
+        },
+        "sekoiaio": {
+            "intake": {
+                "parsing_warnings": [
+                    "No fields extracted from original event"
+                ]
+            }
+        }
+    }
+    	
+	```
+
+
+=== "test_log2.json"
+
+    ```json
+
+    {
+        "message": "Info: 1649655134.381 30 10.10.209.152 TCP_MISS/200 628 GET http://formationenligne.barthelemy-avocats.com/lib/ajax/service-nologin.php?info=6-method-calls&cachekey=1649643002&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22cancel%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22closebuttontitle%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22loading%22%2C%22stringparams%22%3A%5B%5D%2C%22component%22%3A%22core%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_get_string%22%2C%22args%22%3A%7B%22stringid%22%3A%22savechanges%22%2C%22stringparams%22%3A%5B%5D%2",
+        "event": {
+            "category": [
+                "network",
+                "web"
+            ],
+            "kind": "event"
+        },
+        "cisco_wsa": {
+            "threat": {
+                "category": "Not Set"
+            }
+        },
+        "network": {
+            "direction": "egress"
+        },
+        "observer": {
+            "product": "Cisco Web Security Appliances",
+            "type": "proxy",
+            "vendor": "Cisco"
+        },
+        "sekoiaio": {
+            "intake": {
+                "parsing_warnings": [
+                    "No fields extracted from original event"
+                ]
+            }
+        }
+    }
+    	
+	```
+
+
+=== "test_log3.json"
+
+    ```json
+
+    {
+        "message": "Info: 1649655134.394 51 10.10.209.152 TCP_MISS/200 8286 GET http://formationenligne.barthelemy-avocats.com/lib/ajax/service-nologin.php?info=7-method-calls&cachekey=1647340070&args=%5B%7B%22index%22%3A0%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22loading%22%2C%22themename%22%3A%22fordson%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A1%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal%22%2C%22themename%22%3A%22fordson%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A2%2C%22methodname%22%3A%22core_output_load_template_with_dependencies%22%2C%22args%22%3A%7B%22component%22%3A%22core%22%2C%22template%22%3A%22modal_backdrop%22%2C%22themename%22%3A%22fordson%22%2C%22lang%22%3A%22fr%22%7D%7D%2C%7B%22index%22%3A3%2C%22methodname%22%3A%22core_outp",
+        "event": {
+            "category": [
+                "network",
+                "web"
+            ],
+            "kind": "event"
+        },
+        "cisco_wsa": {
+            "threat": {
+                "category": "Not Set"
+            }
+        },
+        "network": {
+            "direction": "egress"
+        },
+        "observer": {
+            "product": "Cisco Web Security Appliances",
+            "type": "proxy",
+            "vendor": "Cisco"
+        },
+        "sekoiaio": {
+            "intake": {
+                "parsing_warnings": [
+                    "No fields extracted from original event"
+                ]
+            }
+        }
+    }
+    	
+	```
+
+
 === "w3c.json"
 
     ```json

diff --git a/...perations_center/integrations/generated/2b13307b-7439-4973-900a-2b58303cac90.md b/...perations_center/integrations/generated/2b13307b-7439-4973-900a-2b58303cac90.md
@@ -1169,6 +1169,33 @@ Find below few samples of events and how they are normalized by Sekoia.io.
 	```
 
 
+=== "test_incident.json"
+
+    ```json
+
+    {
+        "message": " Event [1201736] [2-3]  (fileName = \"ds:///vmfs/volumes/63985d53-c3598817-6688-5c6f69e18ad0/HDD01-835/HDD01-835.vmdk\", datastore = 'vim.Datastore:d6543eda-9347-4b38-b803-6f5048248ea8:datastore-2809', backingObjectId = \"\", diskMode = \"independent_nonpersistent\", split = <unset>, writeThrough = <unset>, thinProvisioned = false, eagerlyScrub = false, uuid = \"6000C299-dd5c-07cb-b868-3600b53d2781\", contentId = \"5c1d0d8547e8b15283e287f5cb18ef5e\", changeId = <unset>, parent = null, deltaDiskFormat = <unset>, digestEnabled = false, deltaGrainSize = <unset>, deltaDiskFormatVariant = <unset>, sharing = <unset>, keyId = null, cryptoIntegrityProtectionType = <unset>), deltaDiskFormat = \"seSparseFormat\", digestEnabled = false, deltaGrainSize = 4, deltaDiskFormatVariant = <unset>, sharing = \"sharingNone\", keyId = null, cryptoIntegrityProtectionType = <unset>), connectable = null, slotInfo = null, controllerKey = 1000, unitNumber = 3, numaNode = <unset>, capacityInKB = 104857600, capacityInBytes = 107374182400, shar",
+        "event": {
+            "kind": "event",
+            "category": [
+                "file"
+            ],
+            "type": [
+                "info"
+            ]
+        },
+        "observer": {
+            "vendor": "VMware",
+            "product": "ESXi"
+        },
+        "file": {
+            "name": "ds:///vmfs/volumes/63985d53-c3598817-6688-5c6f69e18ad0/HDD01-835/HDD01-835.vmdk"
+        }
+    }
+    	
+	```
+
+