Refresh automation library documentation

Author: squioc

_shared_content/automate/library/sekoia-io.md

@@ -1012,8 +1012,8 @@ Retrieve the definition of an alert
 
 | Name      |  Type   |  Description  |
 | --------- | ------- | --------------------------- |
-| `uuid` | `string` |  |
-| `stix` | `boolean` |  |
+| `uuid` | `string` | UUID of the alert to retrieve. |
+| `stix` | `boolean` | If true, include the full STIX 2 bundle in the response (default: false). |
 | `cases` | `boolean` | Fetch the cases associated with this alert in addition (default: false) |
 
 
@@ -1022,42 +1022,42 @@ Retrieve the definition of an alert
 | Name      |  Type   |  Description  |
 | --------- | ------- | --------------------------- |
 | `urgency` | `object` |  |
-| `history` | `array` |  |
+| `history` | `array` | Ordered list of modifications made to the alert (status changes, field updates, assignments, etc.). |
 | `is_incident` | `boolean` |  |
-| `assets` | `array` |  |
-| `countermeasures` | `array` |  |
-| `updated_at` | `integer` |  |
-| `comments` | `array` |  |
-| `ttps` | `array` |  |
-| `number_of_unseen_comments` | `integer` |  |
-| `status` | `object` |  |
+| `assets` | `array` | UUIDs of the assets involved in the alert. |
+| `countermeasures` | `array` | Response actions (countermeasures) recommended or applied in reaction to the alert. Each countermeasure has a name, a description, a list of concrete action steps to execute, and a lifecycle status (pending → activated or denied). They can originate from three sources, reflected in the `type` field: `text` (free-form analyst note, e.g. 'Isolate the affected host'), `intelligence_center` (a course of action sourced from SEKOIA.IO's threat intelligence, e.g. 'Block IOC X on your firewall'), or `openc2` (a machine-readable OpenC2 command sent to a security actuator). Included by default; opt out with `?countermeasures=false`. |
+| `updated_at` | `integer` | Unix timestamp (whole seconds) of the last update to the alert. |
+| `comments` | `array` | Comments left by analysts on the alert. Each entry carries an `unseen` flag for the current user. |
+| `ttps` | `array` | MITRE ATT&CK techniques, tactics and procedures (TTPs) associated with the alert, as minimal STIX objects. |
+| `number_of_unseen_comments` | `integer` | Number of comments on the alert not yet seen by the current user. |
+| `status` | `object` | Current workflow status of the alert (e.g. `Pending`, `Acknowledged`, `Ongoing`, `Closed`). |
 | `custom_status_uuid` | `string` | UUID of the custom status associated to the alert |
 | `custom_status` | `object` |  |
 | `verdict` | `object` |  |
-| `created_by` | `string` |  |
-| `updated_by` | `string` |  |
-| `source` | `string` |  |
-| `community_uuid` | `string` |  |
-| `number_of_total_comments` | `integer` |  |
-| `uuid` | `string` |  |
-| `rule` | `object` |  |
-| `adversaries` | `array` |  |
-| `short_id` | `string` |  |
-| `first_seen_at` | `string` |  |
-| `last_seen_at` | `string` |  |
+| `created_by` | `string` | UUID of the profile that created the alert. |
+| `updated_by` | `string` | UUID of the profile that last updated the alert. |
+| `source` | `string` | Source of the suspicious activity (e.g. an IP address or hostname). |
+| `community_uuid` | `string` | UUID of the community the alert belongs to. |
+| `number_of_total_comments` | `integer` | Total number of comments on the alert. |
+| `uuid` | `string` | Unique identifier of the alert. |
+| `rule` | `object` | Detection rule that triggered the alert. |
+| `adversaries` | `array` | Threat actors or adversary groups attributed to the alert, as minimal STIX Domain Objects (for example, `threat-actor`). |
+| `short_id` | `string` | Human-readable short identifier for the alert (e.g. `ALa1b2c3d4e5`). |
+| `first_seen_at` | `string` | Timestamp of the first event that contributed to this alert. |
+| `last_seen_at` | `string` | Timestamp of the most recent event that contributed to this alert. |
 | `event_uuids` | `array` |  |
-| `kill_chain_short_id` | `string` |  |
-| `similar` | `integer` |  |
-| `alert_type` | `object` |  |
-| `details` | `string` |  |
-| `stix` | `object` |  |
-| `created_by_type` | `string` |  |
-| `entity` | `object` |  |
-| `created_at` | `integer` |  |
-| `updated_by_type` | `string` |  |
-| `title` | `string` |  |
-| `target` | `string` |  |
-| `cases` | `array` |  |
+| `kill_chain_short_id` | `string` | Short identifier of the MITRE ATT&CK tactic associated with the alert (e.g. `TA0001` for Initial Access). |
+| `similar` | `integer` | Number of similar alerts detected by the platform's deduplication mechanism. |
+| `alert_type` | `object` | Category and value describing the type of threat (e.g. category `malware`, value `ransomware`). |
+| `details` | `string` | Free-text field providing additional analyst context or notes about the alert. |
+| `stix` | `object` | Full STIX 2 bundle describing the alert and its related objects. Only populated when `?stix=true` is passed. |
+| `created_by_type` | `string` | Type of the profile that created the alert (e.g. `application`, `avatar`). |
+| `entity` | `object` | Entity (asset group) targeted by the alert. |
+| `created_at` | `integer` | Unix timestamp in whole seconds when the alert was created. |
+| `updated_by_type` | `string` | Type of the profile that last updated the alert (e.g. `application`, `avatar`). |
+| `title` | `string` | Human-readable title of the alert. |
+| `target` | `string` | Target of the suspicious activity (e.g. an IP address or hostname). |
+| `cases` | `array` | Cases this alert has been grouped into. Only populated when `?cases=true` is passed. |
 
 ### [DEPRECATED] Get Asset (V2)
 
@@ -2204,4 +2204,4 @@ Update a rule
 
 ## Extra
 
-Module **`Sekoia.io` v2.71.0**
+Module **`Sekoia.io` v2.71.5**

mkdocs.yml

@@ -40,7 +40,7 @@ nav:
 - Getting started:
   - Overview: getting_started/index.md
   - Where to start: getting_started/concepts.md
-  - Trainings: 
+  - Trainings:
     - Training offer overview: getting_started/training_overview.md
     - Register for a training course: getting_started/register_training.md
   - Workspace setup:
@@ -88,11 +88,11 @@ nav:
       - Intelligence: cti/features/consume/intelligence.md
       - Observables: cti/features/consume/observables.md
       - Telemetry: cti/features/consume/telemetry.md
-      - Feeds: 
-          - Understand the feeds: cti/features/consume/feeds.md
-          - Create feeds: cti/features/consume/create_feed.md
-          - Manage feeds: cti/features/consume/manage_feeds.md
-          - Create a detection rule from a feed: cti/features/consume/create_detection_rule_from_feed.md
+      - Feeds:
+        - Understand the feeds: cti/features/consume/feeds.md
+        - Create feeds: cti/features/consume/create_feed.md
+        - Manage feeds: cti/features/consume/manage_feeds.md
+        - Create a detection rule from a feed: cti/features/consume/create_detection_rule_from_feed.md
       - Graph Explorations: cti/features/consume/graph_explorations.md
       - Export: cti/features/consume/export.md
       - IOCs Collections: cti/features/consume/ioccollections.md
@@ -107,7 +107,7 @@ nav:
       - MISP Feed: cti/features/integrations/misp.md
       - MISP - Import to IOC Collection: cti/features/integrations/misp_ids_to_ioc_collection.md
       - Microsoft Sentinel: cti/features/integrations/microsoft-sentinel.md
-      - OpenCTI Import Connector: cti/features/integrations/opencti.md     
+      - OpenCTI Import Connector: cti/features/integrations/opencti.md
       - OpenCTI Stream Connector: cti/features/integrations/opencti-stream-connector.md
       - Splunk: cti/features/integrations/splunk.md
       - Splunk SOAR: cti/features/integrations/splunk_soar.md
@@ -124,10 +124,10 @@ nav:
       - Intakes: xdr/features/collect/intakes.md
       - Entities: xdr/features/collect/entities.md
       - Assets: xdr/features/collect/assets.md
-      - Optimization rules: 
-         - Optimization rules overview: xdr/features/collect/optimization_rules_overview.md          
-         - Create an optimization rule: xdr/features/collect/create_optimization_rule.md
-         - Optimization rules technical references: xdr/features/collect/optimization_rules_reference.md
+      - Optimization rules:
+        - Optimization rules overview: xdr/features/collect/optimization_rules_overview.md
+        - Create an optimization rule: xdr/features/collect/create_optimization_rule.md
+        - Optimization rules technical references: xdr/features/collect/optimization_rules_reference.md
     - Detect:
       - IOCs Detection: xdr/features/detect/iocdetection.md
       - Rules Catalog: xdr/features/detect/rules_catalog.md
@@ -139,17 +139,17 @@ nav:
       - Alerts: xdr/features/investigate/alerts.md
       - Events page: xdr/features/investigate/events.md
       - Massive event export:
-        - Understand massive event export: xdr/features/investigate/event_export.md 
+        - Understand massive event export: xdr/features/investigate/event_export.md
         - Export events with CLI: xdr/features/investigate/export_event_cli.md
         - Export events with API: xdr/features/investigate/export_event_API.md
-        - Massive export technical specifications: xdr/features/investigate/export_reference.md 
+        - Massive export technical specifications: xdr/features/investigate/export_reference.md
         - Massive event export troubleshooting: xdr/features/investigate/export_event_bulk_troubleshooting.md
-      - Cases: 
+      - Cases:
         - Cases overview: xdr/features/investigate/cases.md
-        - Create and manage cases: 
+        - Create and manage cases:
           - Create a case: xdr/features/investigate/create_a_case.md
           - Manage cases: xdr/features/investigate/manage_cases.md
-        - Investigate cases: 
+        - Investigate cases:
           - Investigate case details: xdr/features/investigate/case_details.md
           - Graph investigation: xdr/features/investigate/graph_investigation.md
           - AI Cases: xdr/features/investigate/ai_cases.md
@@ -174,9 +174,9 @@ nav:
         - How-to guides: xdr/features/investigate/sol_how_to_guides.md
         - SOL Datasets: xdr/features/investigate/sol_datasets.md
         - Query examples: xdr/features/investigate/sol_query_examples.md
-        - "Reference: Datasources": xdr/features/investigate/sol_ref_datasources.md
-        - "Reference: Operators": xdr/features/investigate/sol_ref_operators.md
-        - "Reference: Functions": xdr/features/investigate/sol_ref_functions.md
+        - 'Reference: Datasources': xdr/features/investigate/sol_ref_datasources.md
+        - 'Reference: Operators': xdr/features/investigate/sol_ref_operators.md
+        - 'Reference: Functions': xdr/features/investigate/sol_ref_functions.md
       - Notebooks: xdr/features/investigate/notebooks.md
     - Report:
       - Dashboards:
@@ -203,14 +203,13 @@ nav:
       - Palo Alto Cortex XSOAR: xdr/features/integrations/interconnect_sekoia_with_xsoar.md
       - Swimlane Turbine: xdr/features/integrations/swimlane_turbine.md
   - Asset Intelligence (Reveal):
-      - Reveal overview: xdr/features/modules/reveal_index.md
-      - Get started with Reveal: xdr/features/modules/reveal_getting_started.md
-      - Explore assets context: xdr/features/modules/reveal_asset_context_panel.md
-      - Visualize attack paths: xdr/features/investigate/attack_path_visualization.md
-      - Discover Points of Interest: xdr/features/detect/points_of_interest.md
-      - Check asset connector health: xdr/features/collect/asset_connector_health.md
-      - Reveal enablement matrix: xdr/features/modules/reveal_feature_enablement.md
-
+    - Reveal overview: xdr/features/modules/reveal_index.md
+    - Get started with Reveal: xdr/features/modules/reveal_getting_started.md
+    - Explore assets context: xdr/features/modules/reveal_asset_context_panel.md
+    - Visualize attack paths: xdr/features/investigate/attack_path_visualization.md
+    - Discover Points of Interest: xdr/features/detect/points_of_interest.md
+    - Check asset connector health: xdr/features/collect/asset_connector_health.md
+    - Reveal enablement matrix: xdr/features/modules/reveal_feature_enablement.md
 - Usecases:
   - Export large volumes of events: xdr/usecases/massive_export.md
   - Implement a blocklist in Sekoia.io: xdr/usecases/playbook/implement_blocklist.md
@@ -236,13 +235,12 @@ nav:
   - Assets: xdr/FAQ/Assets_qa.md
   - Ingestion:
     - Delay with event ingestion or alert creation: xdr/FAQ/ingestion/ingestion_delay.md
-  - Subscriptions: 
+  - Subscriptions:
     - Allocate trial subscription: xdr/FAQ/subscriptions/allocate_trial_subscription.md
     - Subscriptions notifications: xdr/FAQ/subscriptions/subscriptions_notifications.md
   - Sekoia.io Endpoint agent: xdr/FAQ/SEKOIA_Endpoint_Agent.md
   - Datetime representation: xdr/FAQ/datetime.md
   - Reveal troubleshooting: xdr/features/modules/reveal_troubleshoot.md
-  
 - Integrations:
   - Introduction: integration/index.md
   - Ingestion methods:
@@ -508,7 +506,6 @@ nav:
     - Threat Intelligence:
       - Prodaft USTA: integration/categories/threat_intelligence/prodaft_usta.md
   - List of Playbooks Actions:
-    - Overview: integration/action_library/overview.md
     - Applicative:
       - ElasticSearch: integration/action_library/elasticsearch.md
       - Mandrill: integration/action_library/mandrill.md
@@ -547,6 +544,7 @@ nav:
       - OpenAI: integration/action_library/openai.md
       - RSS: integration/action_library/rss.md
       - Sekoia.io: integration/action_library/sekoia-io.md
+      - Sekoia.io: integration/action_library/sekoia-io.md
       - Utils: integration/action_library/utils.md
     - IAM:
       - Microsoft Active Directory: integration/action_library/microsoft-active-directory.md
@@ -555,6 +553,7 @@ nav:
       - Fortigate Firewalls: integration/action_library/fortigate-firewalls.md
       - Sophos: integration/action_library/sophos.md
       - Zscaler: integration/action_library/zscaler.md
+    - Overview: integration/action_library/overview.md
     - Threat Intelligence:
       - Censys: integration/action_library/censys.md
       - Certificate Transparency: integration/action_library/certificate-transparency.md
@@ -622,11 +621,11 @@ plugins:
 - search: null
 - redirects:
     redirect_maps:
-      xdr/features/investigate/sekoia_operating_language.md: xdr/features/investigate/sol_overview.md
       getting_started/2fa.md: getting_started/account_security.md
       getting_started/apikey_creation.md: getting_started/manage_api_keys.md
       getting_started/first_steps.md: getting_started/index.md
       getting_started/inviting_users_to_join_your_community.md: getting_started/invite_users.md
+      integration/categories/network/beyondtrust_pra_sessions.md: integration/categories/iam/beyondtrust_pra_sessions.md
       intelligence_center.md: cti/index.md
       intelligence_center/dashboard.md: cti/features/monitor/dashboard.md
       intelligence_center/data_export.md: cti/features/consume/export.md
@@ -839,7 +838,7 @@ plugins:
       xdr/features/collect/integrations/network/wallix.md: integration/categories/iam/wallix.md
       xdr/features/collect/integrations/network/watchguard_firebox.md: integration/categories/network_security/watchguard_firebox.md
       xdr/features/investigate/dork_language.md: xdr/features/investigate/events_query_language.md
-      integration/categories/network/beyondtrust_pra_sessions.md: integration/categories/iam/beyondtrust_pra_sessions.md
+      xdr/features/investigate/sekoia_operating_language.md: xdr/features/investigate/sol_overview.md
 - integration_by_uuid
 - sass
 repo_url: https://github.com/SEKOIA-IO/documentation