Improve Skyhigh docs

docs/integration/categories/network/beyondtrust_pra.md

@@ -0,0 +1,49 @@
+uuid: f6cfddb4-543a-41fe-9802-c66b7c90366d
+name: BeyondTrust PRA
+type: intake
+
+## Overview
+
+!!! Warning
+    Important note - This format is currently in beta. We highly value your feedback to improve its performance.
+
+- **Vendor**: BeyondTrust
+- **Supported environment**: SaaS
+- **Detection based on**: Telemetry
+- **Supported application or feature**: 
+
+
+## Configure
+
+### How to create an API token
+
+1. Log in the BeyondTrust Privileged Remote Access console
+2. On the left panel, click `Management`
+
+    ![Management](/assets/operation_center/integration_catalog/cloud_and_saas/beyondtrust/01_management.png)
+
+3. Click `API Configuration`
+
+    ![Configuration](/assets/operation_center/integration_catalog/cloud_and_saas/beyondtrust/02_configuration.png)
+
+4. Check `Enable XML API` and click `+ Add`
+
+    ![Enable](/assets/operation_center/integration_catalog/cloud_and_saas/beyondtrust/03_enable_api_key.png)
+
+5. Check `Enable`
+6. Type a name for the API Account and add a comment (optional)
+7. Check `Reporting > Allow Access to Access Session Reports and Recordings`
+8. Copy the OAuth client ID and the OAuth client Secret
+9. Click `Save`
+
+    ![Click Save](/assets/operation_center/integration_catalog/cloud_and_saas/beyondtrust/04_create_api_key.png)
+
+### Instruction on Sekoia
+
+{!_shared_content/operations_center/integrations/generated/f6cfddb4-543a-41fe-9802-c66b7c90366d.md!}
+
+{!_shared_content/integration/detection_section.md!}
+
+{!_shared_content/operations_center/detection/generated/suggested_rules_f6cfddb4-543a-41fe-9802-c66b7c90366d_do_not_edit_manually.md!}
+
+{!_shared_content/operations_center/integrations/generated/f6cfddb4-543a-41fe-9802-c66b7c90366d.md!}

docs/integration/categories/network_security/skyhigh_secure_web_gateway.md → docs/integration/categories/network_security/skyhigh_secure_web_gateway_on_prem.md

@@ -1,5 +1,5 @@
 uuid: 40bac399-2d8e-40e3-af3b-f73a622c9687
-name: McAfee Web Gateway / Skyhigh Secure Web Gateway
+name: McAfee Web Gateway / Skyhigh Secure Web Gateway - On Prem
 type: intake
 
 ## Overview

docs/integration/categories/network_security/skyhigh_secure_web_gateway_saas.md

@@ -0,0 +1,66 @@
+uuid: 40bac399-2d8e-40e3-af3b-f73a622c9687
+name: McAfee Web Gateway / Skyhigh Secure Web Gateway - SaaS
+type: intake
+
+## Overview
+Skyhigh Secure Web Gateway (SWG) (previously McAfee Web Gateway (MWG)) is a web gateway offering malware detection, threat prevention and reputation filtering.
+
+- **Vendor**: Skyhigh Security
+- **Supported environment**: SaaS
+- **Version compatibility**: 12.2.10
+- **Detection based on**: Telemetry
+- **Supported application or feature**: Anti-virus, Web proxy,	Web logs
+
+
+## Configure
+
+#### Configure a Rule Set
+
+Prior to the configuration, download the “Rule Set” configuration [`SEKOIAIO_SKYHIGH_swg.xml`](/assets/integration/network/skyhigh_secure_web_gateway/SEKOIAIO_SKYHIGH_swg.xml).
+
+In your SWG console:
+
+- Select `Policy` section then the `Rule sets` tab. From the menu, select `Log Handler`.
+- Right-click on the `Default` Log Handler in the tree then select `Add > Rule Set from Library...`.
+- Once the `Add from Rule Set library` window opened, under the `Rule Set Library` tree, click on the `Import from file...` button and import `SEKOIAIO_mwg.xml` file.
+- Select the `Rule Set` `Sekoia.io` and ensure the rule `forward logs` is enabled.
+
+
+#### Find your Customer ID
+1. Go to `Settings > Infrastructure > Client Proxy Management`. 
+2. Click `Global Configuration > Tenant Authentication`. 
+3. The Customer ID is displayed under `Global Settings`.
+
+{!_shared_content/integration/intake_configuration.md!}
+
+
+#### Pull the logs to collect them on Sekoia.io
+
+Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:
+
+1. Click **+ PLAYBOOK** button to create a new one
+2. Select **Create a playbook from scratch**
+3. Give it a name in the field **Name**
+4. Open the left panel, click **Fastly** then select the trigger `Fetch events from Skyhigh Security Secure Web Gateway (SWG) API`
+5. Click **Create**
+6. Create a **Module configuration**. Name the module configuration as you wish.
+7. Create a **Trigger configuration** using:
+
+      - `Intake key` created on the previous step
+      - `customer Id` (from "Find your Customer ID" step), 
+      - `account name`
+      - `account password`
+      - `api domain name` (Europe: eu.msg.mcafeesaas.com, North America: us.msg.mcafeesaas.com)
+
+8. Click the **Save** button
+9. **Activate the playbook** with the toggle button
+
+#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)
+
+{!_shared_content/operations_center/integrations/generated/40bac399-2d8e-40e3-af3b-f73a622c9687_sample.md!}
+
+{!_shared_content/integration/detection_section.md!}
+
+{!_shared_content/operations_center/detection/generated/suggested_rules_40bac399-2d8e-40e3-af3b-f73a622c9687_do_not_edit_manually.md!}
+{!_shared_content/operations_center/integrations/generated/40bac399-2d8e-40e3-af3b-f73a622c9687.md!}
+

mkdocs.yml

@@ -409,6 +409,7 @@ nav:
       - Amazon VPC Flow Logs: integration/categories/network/aws_flow_logs.md
       - Azure Application Gateway: integration/categories/network/azure_application_gateway.md
       - ArubaOS Switch: integration/categories/network/arubaos.md
+      - BeyondTrust PRA: integration/categories/network/beyondtrust_pra.md
       - BIND: integration/categories/network/bind.md
       - Cato SASE: integration/categories/network/cato_sase.md
       - Cisco IOS: integration/categories/network/cisco_ios.md
@@ -473,7 +474,8 @@ nav:
       - Google Cloud Load Balancing: integration/categories/network_security/google_cloud_load_balancing.md
       - Imperva Web Application Firewall: integration/categories/network_security/imperva_waf.md
       - Lacework Cloud Security: integration/categories/network_security/lacework_cloud_security.md
-      - McAfee Web Gateway / Skyhigh Secure Web Gateway: integration/categories/network_security/skyhigh_secure_web_gateway.md
+      - McAfee Web Gateway / Skyhigh Secure Web Gateway - On Prem: integration/categories/network_security/skyhigh_secure_web_gateway_on_prem.md
+      - McAfee Web Gateway / Skyhigh Secure Web Gateway - SaaS: integration/categories/network_security/skyhigh_secure_web_gateway_saas.md
       - Netskope Events: integration/categories/network_security/netskope_events.md
       - Netskope Transaction Events: integration/categories/network_security/netskope_transaction.md
       - OGO Shield WAF: integration/categories/network_security/ogo_shield.md
@@ -814,7 +816,7 @@ plugins:
       xdr/features/collect/integrations/network/pulse.md: integration/categories/network/pulse.md
       xdr/features/collect/integrations/network/rubycat_prove_it.md: integration/categories/iam/rubycat_prove_it.md
       xdr/features/collect/integrations/network/sesameit_jizo.md: integration/categories/network/sesameit_jizo.md
-      xdr/features/collect/integrations/network/skyhigh_secure_web_gateway.md: integration/categories/network_security/skyhigh_secure_web_gateway.md
+      xdr/features/collect/integrations/network/skyhigh_secure_web_gateway.md: integration/categories/network_security/skyhigh_secure_web_gateway_on_prem.md
       xdr/features/collect/integrations/network/sonicwall_fw.md: integration/categories/network_security/sonicwall_fw.md
       xdr/features/collect/integrations/network/sonicwall_sma.md: integration/categories/network_security/sonicwall_sma.md
       xdr/features/collect/integrations/network/sophos_fw.md: integration/categories/network_security/sophos_fw.md