Skip to content

Commit

Permalink
Refresh intakes documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@sekoia-io-cross-repo-comm-app @github-actions
sekoia-io-cross-repo-comm-app[bot] authored and github-actions[bot] committed Feb 21, 2025
1 parent accbeea commit 6d3a087
Show file tree
Hide file tree
Showing 16 changed files with 2,087 additions and 54 deletions.
87 changes: 87 additions & 0 deletions ...perations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1397,6 +1397,54 @@ This section demonstrates how the raw logs will be transformed by our parsers. I
```


=== "test_drive_sample3.json"

```json

{
"message": "{\"kind\": \"admin#reports#activity\", \"id\": {\"time\": \"2025-02-18T17:10:20.317Z\", \"uniqueQualifier\": \"-12345678\", \"applicationName\": \"drive\", \"customerId\": \"CUSTO1\"}, \"etag\": \"\\\"ABCDEF123\\\"\", \"actor\": {\"email\": \"\", \"profileId\": \"105250506097979753968\"}, \"events\": [{\"type\": \"access\", \"name\": \"sheets_import_range\", \"parameters\": [{\"name\": \"primary_event\", \"boolValue\": true}, {\"name\": \"billable\", \"boolValue\": false}, {\"name\": \"sheets_import_range_recipient_doc\", \"value\": \"123qwerty456\"}, {\"name\": \"owner_is_shared_drive\", \"boolValue\": true}, {\"name\": \"owner_team_drive_id\", \"value\": \"asdf678\"}, {\"name\": \"owner\", \"value\": \"johndoe\"}, {\"name\": \"doc_id\", \"value\": \"zxcv890\"}, {\"name\": \"doc_type\", \"value\": \"spreadsheet\"}, {\"name\": \"is_encrypted\", \"boolValue\": false}, {\"name\": \"doc_title\", \"value\": \"TPS report\"}, {\"name\": \"visibility\", \"value\": \"people_with_link\"}, {\"name\": \"shared_drive_id\", \"value\": \"asdf678\"}, {\"name\": \"actor_is_collaborator_account\", \"boolValue\": false}, {\"name\": \"owner_is_team_drive\", \"boolValue\": true}, {\"name\": \"team_drive_id\", \"value\": \"asdf678\"}]}]}",
"event": {
"action": "sheets_import_range",
"category": [
"file"
],
"dataset": "admin#reports#activity",
"type": [
"access"
]
},
"@timestamp": "2025-02-18T17:10:20.317000Z",
"cloud": {
"account": {
"id": "CUSTO1"
}
},
"file": {
"gid": "asdf678",
"name": "TPS report",
"owner": "johndoe",
"type": "spreadsheet"
},
"google": {
"report": {
"parameters": {
"visibility": "people_with_link"
}
}
},
"network": {
"application": "drive"
},
"related": {
"user": [
"johndoe"
]
}
}
```


=== "test_drive_view_document.json"

```json
Expand Down Expand Up @@ -1559,6 +1607,45 @@ This section demonstrates how the raw logs will be transformed by our parsers. I
```


=== "test_groups_enterprise_1.json"

```json

{
"message": "{\"kind\": \"admin#reports#activity\", \"id\": {\"time\": \"2025-02-18T16:00:24.311Z\", \"uniqueQualifier\": \"-123456\", \"applicationName\": \"groups_enterprise\", \"customerId\": \"CUSTOMER1\"}, \"etag\": \"\\\"ABCDEF123\\\"\", \"actor\": {\"callerType\": \"KEY\", \"key\": \"SYSTEM\"}, \"events\": [{\"type\": \"moderator_action\", \"name\": \"remove_user\", \"parameters\": [{\"name\": \"member_id\", \"value\": \"[email protected]\"}, {\"name\": \"group_id\", \"value\": \"[email protected]\"}, {\"name\": \"member_type\", \"value\": \"user\"}]}, {\"type\": \"moderator_action\", \"name\": \"remove_member\", \"parameters\": [{\"name\": \"member_id\", \"value\": \"[email protected]\"}, {\"name\": \"group_id\", \"value\": \"[email protected]\"}, {\"name\": \"member_type\", \"value\": \"user\"}]}]}",
"event": {
"action": [
"remove_member",
"remove_user"
],
"category": [
"iam"
],
"dataset": "admin#reports#activity",
"type": [
"admin"
]
},
"@timestamp": "2025-02-18T16:00:24.311000Z",
"cloud": {
"account": {
"id": "CUSTOMER1"
}
},
"network": {
"application": "groups_enterprise"
},
"user": {
"email": "[email protected]",
"group": {
"id": "[email protected]"
}
}
}
```


=== "test_groups_entre_sample1.json"

```json
Expand Down
150 changes: 150 additions & 0 deletions ...ns_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd_sample.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1718,6 +1718,96 @@ In this section, you will find examples of raw logs as generated natively by the



=== "test_drive_sample3"


```json
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-02-18T17:10:20.317Z",
"uniqueQualifier": "-12345678",
"applicationName": "drive",
"customerId": "CUSTO1"
},
"etag": "\"ABCDEF123\"",
"actor": {
"email": "",
"profileId": "105250506097979753968"
},
"events": [
{
"type": "access",
"name": "sheets_import_range",
"parameters": [
{
"name": "primary_event",
"boolValue": true
},
{
"name": "billable",
"boolValue": false
},
{
"name": "sheets_import_range_recipient_doc",
"value": "123qwerty456"
},
{
"name": "owner_is_shared_drive",
"boolValue": true
},
{
"name": "owner_team_drive_id",
"value": "asdf678"
},
{
"name": "owner",
"value": "johndoe"
},
{
"name": "doc_id",
"value": "zxcv890"
},
{
"name": "doc_type",
"value": "spreadsheet"
},
{
"name": "is_encrypted",
"boolValue": false
},
{
"name": "doc_title",
"value": "TPS report"
},
{
"name": "visibility",
"value": "people_with_link"
},
{
"name": "shared_drive_id",
"value": "asdf678"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": true
},
{
"name": "team_drive_id",
"value": "asdf678"
}
]
}
]
}
```



=== "test_drive_view_document"


Expand Down Expand Up @@ -2212,6 +2302,66 @@ In this section, you will find examples of raw logs as generated natively by the



=== "test_groups_enterprise_1"


```json
{
"kind": "admin#reports#activity",
"id": {
"time": "2025-02-18T16:00:24.311Z",
"uniqueQualifier": "-123456",
"applicationName": "groups_enterprise",
"customerId": "CUSTOMER1"
},
"etag": "\"ABCDEF123\"",
"actor": {
"callerType": "KEY",
"key": "SYSTEM"
},
"events": [
{
"type": "moderator_action",
"name": "remove_user",
"parameters": [
{
"name": "member_id",
"value": "[email protected]"
},
{
"name": "group_id",
"value": "[email protected]"
},
{
"name": "member_type",
"value": "user"
}
]
},
{
"type": "moderator_action",
"name": "remove_member",
"parameters": [
{
"name": "member_id",
"value": "[email protected]"
},
{
"name": "group_id",
"value": "[email protected]"
},
{
"name": "member_type",
"value": "user"
}
]
}
]
}
```



=== "test_groups_entre_sample1"


Expand Down
85 changes: 85 additions & 0 deletions ...perations_center/integrations/generated/07c0cac8-f68f-11ea-adc1-0242ac120002.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,78 @@ This section demonstrates how the raw logs will be transformed by our parsers. I
```


=== "accept_ok_v5.json"

```json

{
"message": "5 1234567890 eni-1235b8ca123456789 5.6.7.8 1.2.3.4 50188 4433 6 1 44 1739865042 1739865042 ACCEPT OK vpc-1 subnet-1 - 2 IPv4 5.6.7.8 1.2.3.4 eu-west-1 euw1-az2 - - - - ingress -",
"event": {
"category": [
"network"
],
"end": "2025-02-18T07:50:42Z",
"outcome": "ok",
"start": "2025-02-18T07:50:42Z"
},
"@timestamp": "2025-02-18T07:50:42Z",
"action": {
"name": "accept",
"outcome": "ok",
"target": "network-traffic",
"type": "forward"
},
"aws": {
"flowlogs": {
"subnet": {
"id": "subnet-1"
},
"tcp_flags": 2,
"vpc": {
"id": "vpc-1"
}
}
},
"cloud": {
"account": {
"id": "1234567890"
},
"provider": "aws"
},
"destination": {
"address": "1.2.3.4",
"ip": "1.2.3.4",
"port": 4433
},
"network": {
"iana_number": "6",
"transport": "tcp"
},
"observer": {
"ingress": {
"interface": {
"name": "eni-1235b8ca123456789"
}
}
},
"related": {
"ip": [
"1.2.3.4",
"5.6.7.8"
]
},
"source": {
"address": "5.6.7.8",
"bytes": 44,
"ip": "5.6.7.8",
"packets": 1,
"port": 50188
}
}
```


=== "accept_structured.json"

```json
Expand Down Expand Up @@ -173,6 +245,17 @@ This section demonstrates how the raw logs will be transformed by our parsers. I
"target": "network-traffic",
"type": "forward"
},
"aws": {
"flowlogs": {
"subnet": {
"id": "subnet-aaaaaaaa012345678"
},
"tcp_flags": 0,
"vpc": {
"id": "vpc-abcdefab012345678"
}
}
},
"cloud": {
"account": {
"id": "424805057484"
Expand Down Expand Up @@ -300,6 +383,7 @@ This section demonstrates how the raw logs will be transformed by our parsers. I
"subnet": {
"id": "subnet-0123456789abcdefg"
},
"tcp_flags": 3,
"vpc": {
"id": "vpc-0123456789abcdefg"
}
Expand Down Expand Up @@ -518,6 +602,7 @@ The following table lists the fields that are extracted, normalized under the EC
|`action.target` | `keyword` | The target of the action |
|`action.type` | `keyword` | The type of the action |
|`aws.flowlogs.subnet.id` | `keyword` | The ID of the subnet |
|`aws.flowlogs.tcp_flags` | `number` | TCP flags |
|`aws.flowlogs.vpc.id` | `keyword` | The ID of the VPC |
|`cloud.account.id` | `keyword` | The cloud account or organization id. |
|`cloud.instance.id` | `keyword` | Instance ID of the host machine. |
Expand Down
9 changes: 9 additions & 0 deletions ...ns_center/integrations/generated/07c0cac8-f68f-11ea-adc1-0242ac120002_sample.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,15 @@ In this section, you will find examples of raw logs as generated natively by the



=== "accept_ok_v5"


```json
5 1234567890 eni-1235b8ca123456789 5.6.7.8 1.2.3.4 50188 4433 6 1 44 1739865042 1739865042 ACCEPT OK vpc-1 subnet-1 - 2 IPv4 5.6.7.8 1.2.3.4 eu-west-1 euw1-az2 - - - - ingress -
```



=== "accept_structured"


Expand Down
Loading

0 comments on commit 6d3a087

Please sign in to comment.