[SIEMINT-69] DDS: Cisco Secure Endpoint: Crawler Integration v1.0.0 #17958
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
datadog-agent-integrations-bot
bot
added
documentation
changelog/no-changelog
dev/testing
dev/tooling
qa/skip-qa
ankitarajput-crest
changed the title
hestonhoffman
added
the
editorial review
dj0well
changed the title
ankitarajput-crest
changed the title
alai97
suggested changes
Jul 9, 2024
| @@ -0,0 +1,1949 @@ | |||
| { | |||
| "title": "Cisco Secure Endpoint - Event", | |||
| "description": " This dashboard provides detailed insights into the event logs generated by Cisco Secure Endpoint.", | |||
There was a problem hiding this comment.
Suggested change
| "description": " This dashboard provides detailed insights into the event logs generated by Cisco Secure Endpoint.", | |
| "description": "This dashboard provides detailed insights into the event logs generated by Cisco Secure Endpoint.", |
There was a problem hiding this comment.
Thanks for the comment. Have made the changes.
cisco_secure_endpoint/README.md
Outdated
| | API Host URL |The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC(Virtual Private Cloud), directly provide the API Host URL. | | ||
| | Client ID | Client ID from Cisco Secure Endpoint. | | ||
| | API Key | API Key from Cisco Secure Endpoint. | | ||
| | Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint Event Logs, otherwise "false". | |
There was a problem hiding this comment.
Suggested change
| | Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint Event Logs, otherwise "false". | | |
| | Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint Event Logs, otherwise "false". | |
There was a problem hiding this comment.
Thanks for the comment. Have made the changes.
cisco_secure_endpoint/README.md
Outdated
|
|
||
| | Cisco Secure Endpoint Parameters | Description | | ||
| | -------------------- | ------------ | | ||
| | API Host URL |The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC(Virtual Private Cloud), directly provide the API Host URL. | |
There was a problem hiding this comment.
Suggested change
| | API Host URL |The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC(Virtual Private Cloud), directly provide the API Host URL. | | |
| | API Host URL |The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Host URL. | |
cisco_secure_endpoint/README.md
Outdated
| @@ -0,0 +1,65 @@ | |||
| ## Overview | |||
|
|
|||
| [Cisco Secure Endpoint][1] is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. Using cutting-edge technology, it detects and neutralizes malicious activity in real-time, ensuring robust protection for your digital assets. | |||
There was a problem hiding this comment.
Suggested change
| [Cisco Secure Endpoint][1] is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. Using cutting-edge technology, it detects and neutralizes malicious activity in real-time, ensuring robust protection for your digital assets. | |
| [Cisco Secure Endpoint][1] is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. Cisco Secure Endpoint can detect and neutralize malicious activity in real time, ensuring robust protection of your digital assets. |
There was a problem hiding this comment.
Thanks for the comment. Have made the changes.
cisco_secure_endpoint/README.md
Outdated
| [Cisco Secure Endpoint][1] is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. Using cutting-edge technology, it detects and neutralizes malicious activity in real-time, ensuring robust protection for your digital assets. | ||
|
|
||
| This integration ingests the following logs: | ||
| - Audit: Audit logs provide activities performed by user in Cisco Secure Endpoint console. |
There was a problem hiding this comment.
Suggested change
| - Audit: Audit logs provide activities performed by user in Cisco Secure Endpoint console. | |
| - Audit: Audit logs provide activities performed by a user in the Cisco Secure Endpoint console. |
cisco_secure_endpoint/README.md
Outdated
| --> Refer the below Steps to create Client ID and API Key: | ||
| 1. Log in to your Cisco Secure Endpoint Console. Click on the Left side Menu Panel. | ||
| 2. Select `Administration`, Inside that select `Organization Settings`. | ||
| 3. Click `Configure API Credentials` under `Features` section, to generate the new API Credentials. |
There was a problem hiding this comment.
Suggested change
| 3. Click `Configure API Credentials` under `Features` section, to generate the new API Credentials. | |
| 3. Click `Configure API Credentials` under the `Features` section to generate new API credentials. |
There was a problem hiding this comment.
Thanks for the comment. Have made the changes.
cisco_secure_endpoint/README.md
Outdated
| 1. Log in to your Cisco Secure Endpoint Console. Click on the Left side Menu Panel. | ||
| 2. Select `Administration`, Inside that select `Organization Settings`. | ||
| 3. Click `Configure API Credentials` under `Features` section, to generate the new API Credentials. | ||
| 4. Click on the `New API Credentials` button located at the right side under section `Legacy API Credentials (version 0 and 1)`. |
There was a problem hiding this comment.
Suggested change
| 4. Click on the `New API Credentials` button located at the right side under section `Legacy API Credentials (version 0 and 1)`. | |
| 4. Click on the `New API Credentials` button located at the right side under the `Legacy API Credentials (version 0 and 1)` section. |
cisco_secure_endpoint/README.md
Outdated
| 2. Select `Administration`, Inside that select `Organization Settings`. | ||
| 3. Click `Configure API Credentials` under `Features` section, to generate the new API Credentials. | ||
| 4. Click on the `New API Credentials` button located at the right side under section `Legacy API Credentials (version 0 and 1)`. | ||
| 5. Add the below details in the pop-up: |
There was a problem hiding this comment.
Suggested change
| 5. Add the below details in the pop-up: | |
| 5. Add the following information in the pop-up modal: |
cisco_secure_endpoint/README.md
Outdated
Comment on lines
25
to
29
| - Application Name: Any preferable name | ||
| - Scope: Select `Read-only` | ||
| - Click on `Create`. | ||
| - Once you click on create, the redirected page will display the client ID(i.e: 3rd Party API client ID) and API Key values. | ||
| - NOTE: Please make a note of the API Key, as it will only be displayed once. |
There was a problem hiding this comment.
Suggested change
| - Application Name: Any preferable name | |
| - Scope: Select `Read-only` | |
| - Click on `Create`. | |
| - Once you click on create, the redirected page will display the client ID(i.e: 3rd Party API client ID) and API Key values. | |
| - NOTE: Please make a note of the API Key, as it will only be displayed once. | |
| - Application Name: Any preferable name. | |
| - Scope: Select `Read-only`. | |
| - Click `Create`. | |
| - Once you click **Create**, the redirected page will display the client ID (like a third party API client ID) and API Key values. | |
| - **Note:** Make a note of the API Key, as it will only be displayed once. |
There was a problem hiding this comment.
Thanks for the comment. Have made the changes.
cisco_secure_endpoint/README.md
Outdated
|
|
||
| ### Logs | ||
|
|
||
| The Cisco Secure Endpoint integration collects and forwards Cisco Secure Endpoint Audit and Event logs to Datadog. |
There was a problem hiding this comment.
Suggested change
| The Cisco Secure Endpoint integration collects and forwards Cisco Secure Endpoint Audit and Event logs to Datadog. | |
| The Cisco Secure Endpoint integration collects and forwards Cisco Secure Endpoint audit and event logs to Datadog. |
alai97
previously approved these changes
Jul 11, 2024
cisco_secure_endpoint/README.md
Outdated
| | API Host URL |The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Host URL. | | ||
| | Client ID | Client ID from Cisco Secure Endpoint. | | ||
| | API Key | API Key from Cisco Secure Endpoint. | | ||
| | Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint Event Logs, otherwise "false". | |
There was a problem hiding this comment.
Suggested change
| | Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint Event Logs, otherwise "false". | | |
| | Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint event logs, otherwise "false". | |
cisco_secure_endpoint/README.md
Outdated
|
|
||
| | Cisco Secure Endpoint Parameters | Description | | ||
| | -------------------- | ------------ | | ||
| | API Host URL |The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Host URL. | |
There was a problem hiding this comment.
Suggested change
| | API Host URL |The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Host URL. | | |
| | API Host URL | The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Host URL. | |
There was a problem hiding this comment.
Have made the changes.
madhavpandya-crest
dismissed stale reviews from jnhunsberger and alai97
via
46f6ee1
alai97
previously approved these changes
Sep 3, 2024
alai97
reviewed
Sep 3, 2024
alai97
previously approved these changes
Sep 3, 2024
nathanmadams
requested review from
thibaultkrebs
and removed request for
a team,
jnhunsberger and
alai97
alai97
approved these changes
Sep 16, 2024
ZacharyAnderson
approved these changes
Sep 17, 2024
thibaultkrebs
approved these changes
Sep 24, 2024
|
I rechecked the log file and it looks good for me, I have reapproved the PR 👍 |
github-actions bot
pushed a commit
that referenced
this pull request
Sep 24, 2024
…17958) * Cisco Secure Endpoint: Crawler Integration v1.0.0 * Made changes for validation checks failure * Changed images folder path * Updated dashboard * Renamed log files * Resolved validate log errors * Updated README and manifest * Updated as per PR review comments * Added changes as per PR comments * Updated title as per Cisco Secure Endpoint without Assets PR * Updated as per PR review * Updated test.yaml * made changes for event type in test.yaml * Added changes in test pipeline * Updated test pipeline file * Update: display_on_public_website from False to True * Update: Review comments for dashboards * Update: change dashboard images as per updated dashboards. * Update: dashboard and pipeline * Update: Add pipeline results * updated menifest.json file. * One More * Added disclaimer and changed title --------- Co-authored-by: manan-crest <[email protected]> Co-authored-by: madhavpandya-crest <[email protected]> Co-authored-by: Austin Lai <[email protected]> aa565a1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This is a initial release PR of Cisco Secure Endpoint integration including all the required assets.
Additional Notes
Review checklist (to be filled by reviewers)