Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEMINT-69] DDS: Cisco Secure Endpoint: Crawler Integration v1.0.0 #17958

Merged
merged 32 commits into from
Sep 24, 2024
Merged

[SIEMINT-69] DDS: Cisco Secure Endpoint: Crawler Integration v1.0.0 #17958

Show file tree
Hide file tree
Changes from 30 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
bd43556
Cisco Secure Endpoint: Crawler Integration v1.0.0
ankitarajput-crest Jul 1, 2024
c540dba
Made changes for validation checks failure
ankitarajput-crest Jul 2, 2024
097c269
Changed images folder path
ankitarajput-crest Jul 2, 2024
ef82dec
Updated dashboard
ankitarajput-crest Jul 2, 2024
5726779
Renamed log files
ankitarajput-crest Jul 2, 2024
9ba30e7
Resolved validate log errors
ankitarajput-crest Jul 2, 2024
f3ef628
Updated README and manifest
ankitarajput-crest Jul 8, 2024
532c075
Updated as per PR review comments
ankitarajput-crest Jul 10, 2024
95df342
Added changes as per PR comments
ankitarajput-crest Jul 12, 2024
19d8ef0
Updated title as per Cisco Secure Endpoint without Assets PR
ankitarajput-crest Jul 19, 2024
ecef4c1
Updated as per PR review
ankitarajput-crest Jul 23, 2024
c425379
Updated test.yaml
ankitarajput-crest Jul 23, 2024
1750445
made changes for event type in test.yaml
ankitarajput-crest Jul 23, 2024
f579b32
Added changes in test pipeline
ankitarajput-crest Jul 23, 2024
d45aaba
Updated test pipeline file
ankitarajput-crest Jul 23, 2024
e59c1c5
Merge branch 'master' into cisco-secure-endpoint-assets-v1.0.0
ankitarajput-crest Jul 23, 2024
e8d2bb9
Update: display_on_public_website from False to True
manan-crest Jul 26, 2024
49dae89
Merge branch 'master' into cisco-secure-endpoint-assets-v1.0.0
ankitarajput-crest Aug 6, 2024
e5c44f3
Merge branch 'master' into cisco-secure-endpoint-assets-v1.0.0
ankitarajput-crest Aug 7, 2024
1d445d9
Merge branch 'master' into cisco-secure-endpoint-assets-v1.0.0
ankitarajput-crest Aug 8, 2024
8644b0f
Update: Review comments for dashboards
manan-crest Aug 8, 2024
ffea282
Merge branch 'cisco-secure-endpoint-assets-v1.0.0' of github.com:bhar…
manan-crest Aug 8, 2024
6701d54
Update: change dashboard images as per updated dashboards.
manan-crest Aug 12, 2024
db88d08
Merge branch 'master' into cisco-secure-endpoint-assets-v1.0.0
ankitarajput-crest Aug 14, 2024
533dc0c
Update: dashboard and pipeline
manan-crest Aug 16, 2024
dfaf003
Merge branch 'cisco-secure-endpoint-assets-v1.0.0' of github.com:bhar…
manan-crest Aug 16, 2024
4453830
Update: Add pipeline results
manan-crest Aug 16, 2024
46f6ee1
updated menifest.json file.
madhavpandya-crest Aug 29, 2024
ef875e6
One More
alai97 Sep 3, 2024
979c0c1
Merge branch 'master' into cisco-secure-endpoint-assets-v1.0.0
ankitarajput-crest Sep 4, 2024
38520e8
Added disclaimer and changed title
ankitarajput-crest Sep 6, 2024
bc40f86
Merge branch 'master' into cisco-secure-endpoint-assets-v1.0.0
ankitarajput-crest Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 42 additions & 19 deletions cisco_secure_endpoint/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,42 +1,65 @@
# Agent Check: cisco_secure_endpoint

## Overview

This check monitors [Cisco Secure Endpoint][1].
[Cisco Secure Endpoint][1] is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. Cisco Secure Endpoint can detect and neutralize malicious activity in real time, ensuring robust protection of your digital assets.

## Setup
This integration ingests the following logs:
- Audit: Audit logs provide activities performed by a user in the Cisco Secure Endpoint console.
- Event: Event logs are essential for tracking security events, enabling quick detection, response, and analysis of potential threats.

### Installation
The Cisco Secure Endpoint integration provides out-of-the-box dashboards so you can gain insights into the Cisco Secure Endpoint's audit and event logs, enabling quick and necessary actions. Additionally, out-of-the-box detection rules are available to help you monitor and respond to potential security threats effectively.

The Cisco Secure Endpoint check is included in the [Datadog Agent][2] package.
No additional installation is needed on your server.

## Setup

### Configuration

1. <List of steps to configure this integration>
#### Get API Credentials for Cisco Secure Endpoint


Follow the steps below to create a Client ID and an API key:
1. Log in to your Cisco Secure Endpoint Console and navigate to the Menu Panel on the left side.
2. Select `Administration`, then select `Organization Settings`.
3. Click `Configure API Credentials` under the `Features` section to generate new API credentials.
4. Click on the `New API Credentials` button located at the right side under the `Legacy API Credentials (version 0 and 1)` section.
5. Add the following information in the pop-up modal:
- Application Name: Any preferable name.
- Scope: Select `Read-only`.
- Click `Create`.
- Once you click **Create**, the redirected page will display the client ID (like a third party API client ID) and API Key values.
- **Note:** Make a note of the API Key, as it will only be displayed once.

#### Cisco Secure Endpoint DataDog Integration Configuration

### Validation
Configure the Datadog endpoint to forward Cisco Secure Endpoint logs to Datadog.

1. Navigate to `Cisco Secure Endpoint`.
2. Add your Cisco Secure Endpoint credentials.

| Cisco Secure Endpoint Parameters | Description |
| -------------------- | ------------ |
| API Host URL | The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Host URL. |
| Client ID | Client ID from Cisco Secure Endpoint. |
| API Key | API Key from Cisco Secure Endpoint. |
| Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint event logs, otherwise "false". |

<Steps to validate integration is functioning as expected>

## Data Collected

### Metrics
### Logs

The Cisco Secure Endpoint integration does not include any metrics.
The Cisco Secure Endpoint integration collects and forwards Cisco Secure Endpoint audit and event logs to Datadog.

### Service Checks
### Metrics

The Cisco Secure Endpoint integration does not include any service checks.
The Cisco Secure Endpoint integration does not include any metrics.

### Events

The Cisco Secure Endpoint integration does not include any events.

## Troubleshooting
## Support

Need help? Contact [Datadog support][3].
For further assistance, contact [Datadog Support][2].

[1]: **LINK_TO_INTEGRATION_SITE**
[2]: https://app.datadoghq.com/account/settings#agent
[3]: https://docs.datadoghq.com/help/
[1]: https://www.cisco.com/site/in/en/products/security/endpoint-security/secure-endpoint/index.html
[2]: https://docs.datadoghq.com/help/
18 changes: 18 additions & 0 deletions cisco_secure_endpoint/assets/cisco_secure_endpoint.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Loading