Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Common readme update for multiple integrations as per new format #19280

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion cisco_secure_email_threat_defense/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ The Cisco Secure Email Threat Defense integration provides out-of-the-box dashbo

## Setup

### Configuration
### Generate API credentials in Cisco Secure Email Threat Defense

1. Log in to the Cisco Secure Email Threat Defense UI.
2. Navigate to **Administration** and select the **API Clients** tab.
Expand All @@ -20,6 +20,22 @@ The Cisco Secure Email Threat Defense integration provides out-of-the-box dashbo
5. Click on **Submit**. This generates your **Client ID** and **Client Password**.
6. Retrieve the API key from the **API Key** section.

### Connect your Cisco Secure Email Threat Defense Account to Datadog

1. Add your Cisco Secure Email Threat Defense credentials

| Parameters | Description |
| ---------- | ----------- |
| Host Name | Host name is based on the region where your Cisco Secure Email Threat Defense server is located. For details, please reach out to your system administrator. |
| Client ID | Client ID from Cisco Secure Email Threat Defense Account |
| Client Password | Client password from your Cisco Secure Email Threat Defense Account. |
| API Key | API key from your Cisco Secure Email Threat Defense Account. |
| Verdict Delay | Events are fetched with a delay according to the time(in minute) specified in the Verdict Delay. |


2. Click the **Save** button to save your settings.


## Data Collected

### Logs
Expand Down
27 changes: 10 additions & 17 deletions cisco_secure_endpoint/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,8 @@ The Cisco Secure Endpoint integration provides out-of-the-box dashboards so you

## Setup

### Configuration
### Generate API credentials in Cisco Secure Endpoint

#### Get API Credentials for Cisco Secure Endpoint


Follow the steps below to create a Client ID and an API key:
1. Log in to your Cisco Secure Endpoint Console and navigate to the Menu Panel on the left side.
2. Select `Administration`, then select `Organization Settings`.
3. Click `Configure API Credentials` under the `Features` section to generate new API credentials.
Expand All @@ -27,22 +23,19 @@ Follow the steps below to create a Client ID and an API key:
- Scope: Select `Read-only`.
- Click `Create`.
- Once you click **Create**, the redirected page will display the client ID (like a third party API client ID) and API Key values.
- **Note:** Make a note of the API Key, as it will only be displayed once.

#### Cisco Secure Endpoint DataDog Integration Configuration

Configure the Datadog endpoint to forward Cisco Secure Endpoint logs to Datadog.
### Connect your Cisco Secure Endpoint account to Datadog

1. Navigate to `Cisco Secure Endpoint`.
2. Add your Cisco Secure Endpoint credentials.
1. Add your Cisco Secure Endpoint credentials.

| Cisco Secure Endpoint Parameters | Description |
| -------------------- | ------------ |
| API Domain Name | The API Domain Name for Cisco Secure Endpoint Cloud is "api.\<region\>.amp.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Domain Name. |
| Client ID | Client ID from Cisco Secure Endpoint. |
| API Key | API Key from Cisco Secure Endpoint. |
| Get Endpoint Details | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint event logs, otherwise "false". Default value is "true". |
| Parameters | Description |
| ---------- | ------------ |
| API Domain Name | The API domain name for Cisco Secure Endpoint Cloud is "api.\<region\>.amp.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API domain name. |
| Client ID | Client ID from Cisco Secure Endpoint. |
| API Key | API key from Cisco Secure Endpoint. |
| Get Endpoint Details | Keep the default value of "true" to collect endpoint metadata for Cisco Secure Endpoint event logs. Otherwise, set this to "false". |

2. Click the Save button to save your settings.

## Data Collected

Expand Down
2 changes: 2 additions & 0 deletions contentful/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# Contentful

## Overview

[Contentful][1] is a content (articles, photos, and videos) management platform that allows businesses to create, manage, and deliver digital content across various channels like websites and mobile apps through its intuitive interface and robust APIs or SDKs.
Expand Down
19 changes: 11 additions & 8 deletions hubspot_content_hub/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,7 @@ The integration includes dashboards that show and analyze both Activity Logs and

## Setup

### Configuration

#### Get HubSpot Content Hub Credentials
### Generate API credentials in HubSpot Content Hub

1. Log in to [HubSpot Content Hub][2]
2. Navigate to **Settings > Integrations > Private Apps**.
Expand All @@ -27,20 +25,25 @@ The integration includes dashboards that show and analyze both Activity Logs and
7. Review the details in the dialog box and click **Continue creating**.
8. In the success popup, click **Show Token**.

#### Add HubSpot Credentials

- HubSpot Access Token
### Connect your HubSpot Content Hub Account to Datadog

1. Add your Access Token
|Parameters|Description|
|--------------------|--------------------|
|Access Token|Access token for your HubSpot private app.|
2. Click the Save button to save your settings.

## Data Collected

### Logs

The HubSpot Content Hub integration collects and forward Activity logs to Datadog.
The HubSpot Content Hub integration collects and forwards Activity logs to Datadog.

### Metrics

The HubSpot Content Hub integration collects and forward Analytics metrics to Datadog.
The HubSpot Content Hub integration collects and forwards Analytics metrics to Datadog.

{{< get-metrics-from-git "hubspot-content-hub" >}}

### Service Checks

Expand Down
2 changes: 2 additions & 0 deletions incident_io/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# Incident IO

## Overview

[incident.io][1] helps companies declare, collaborate, communicate around, and learn from events that disturb their normal course of business-from critical infrastructure being down, to data breaches and security incidents. It is a service that helps teams manage incidents and outages effectively. It typically provides features like incident reporting, tracking, and resolution workflows.
Expand Down
36 changes: 14 additions & 22 deletions lastpass/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# LastPass

## Overview

[LastPass][1] is a password management solution that securely stores and manages passwords and other sensitive
Expand All @@ -10,23 +12,13 @@ reporting events, while out-of-the-box detection rules enhance detection and res

## Setup

### Configuration

#### Get config parameters of LastPass

##### Account number
### Generate API credentials in LastPass

1. Log in to the [Admin Console](https://admin.lastpass.com/) with your email address and master password.
2. On the **Dashboard** tab, click the profile email located in the top right corner to find the account number.
3. Alternatively, you can find the account number by navigating to **Advanced** > **Enterprise API**.

##### Provisioning hash

1. Log in to the [Admin Console](https://admin.lastpass.com) with your email address and master password.
2. Navigate to **Advanced** > **Enterprise API**.
3. From there, you can create or reset a provisioning hash if you forgot it.
3. Locate the account number and can create a provisioning hash.

##### Time zone
### Get Timezone of LastPass

1. The options in the **Time Zone** dropdown menu are based on LastPass' time zone values.
2. You must select the time zone that is configured in your LastPass account.
Expand All @@ -36,18 +28,18 @@ reporting events, while out-of-the-box detection rules enhance detection and res
- Navigate to **Account Settings**.
- Find the selected time zone under the **Account Information** section.

#### Configure the LastPass and Datadog integration

Configure the Datadog endpoint to forward LastPass logs to Datadog.
### Connect your LastPass account to Datadog

1. Add your account number, provisioning hash and time zone.
|Parameters|Description|
|--------------------|--------------------|
|Account number|The account number of your registered LastPass account.|
|Provisioning hash|The provisioning hash secret of your registered account on LastPass.|
|Time zone|The time zone of your registered account on LastPass.|

1. Navigate to `LastPass` integration on Datadog platform.
2. Add your LastPass credentials.
2. Click the **Save** button to save your settings.

| LastPass Parameters | Description |
|---------------------|----------------------------------------------------------------------|
| Account number | The account number of your registered LastPass account. |
| Provisioning hash | The provisioning hash secret of your registered account on LastPass. |
| Time zone | The time zone of your registered account on LastPass |

## Data Collected

Expand Down
33 changes: 15 additions & 18 deletions mimecast/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# Mimecast

## Overview

[Mimecast][1] is a cloud-based solution designed to protect organizations from a wide range of email-based threats. The product offers a comprehensive set of security features that help to safeguard against advanced threats, such as phishing, malware, spam, and targeted attacks, while also providing data leak prevention and email continuity services.
Expand All @@ -15,13 +17,9 @@ The Mimecast integration seamlessly collects all the above listed logs, channeli

## Setup

### Configuration

#### Get Credentials of Mimecast

To find your application's details in Mimecast Email Security:
### Generate API credentials in Mimecast

1. Sign into Mimecast Email Security with your credentials.
1. Log into your **Mimecast account**.
2. Navigate to the **Administration Console**, select **Services**, and then choose the **API and Platform Integrations** section.
3. Proceed to Your **API 2.0 Applications**.
4. Search for your application in the list provided.
Expand All @@ -30,27 +28,26 @@ To find your application's details in Mimecast Email Security:
- Click the **Generate keys** button of Mimecast API 2.0 tile.
- Check the **I accept** checkbox, click on **Next**.
- In **Application Details** step, fill out the following details according to the instructions:
- Application Name: Enter the application name of your choice
- Application Name: Enter a meaningful name of application
- Category: Select **SIEM Integration**
- Products: Click **Select all** option
- Application Role: Select **Basic Administrator**
- Description: Enter the description of your choice
- In **Notifications**, provide the contact details of your technical administrator and click on **Next**
- After clicking on **Add and Generate Keys** there will be pop up window showing Client ID and Client Secret. Please copy those keys to a safe place as they won't be displayed again.
- Click on **Add and Generate Keys**. A pop up window appears, showing the client ID and client secret.
6. If the application is present, click on its name.
7. Click the **Manage API 2.0 credentials** button and click **Generate**. This generates a new Client ID and Client Secret. Please copy those keys to a safe place as they won't be displayed again.
7. Click the **Manage API 2.0 credentials** button and click **Generate**. This generates a new Client ID and Client Secret.

#### Mimecast DataDog Integration Configuration
### Connect your Mimecast account to Datadog

Configure the Datadog endpoint to forward Mimecast logs to Datadog.
1. Add your Mimecast credentials.

1. Navigate to `Mimecast`.
2. Add your Mimecast credentials.
| Parameters | Description |
| ------------------- | ------------------------------------------------------------ |
| Client ID | The client ID of your registered application on Mimecast. |
| Client Secret | The client secret of your registered application on Mimecast. |

| Mimecast Parameters | Description |
| ------------------- | ------------------------------------------------------------ |
| Client ID | The Client ID of your registered application on mimecast |
| Client Secret | The Client Secret of your registered application on mimecast |
2. Click the Save button to save your settings.

## Data Collected

Expand All @@ -72,7 +69,7 @@ The Mimecast integration does not include any events.

## Support

For further assistance, contact [Datadog Support][2].
Need help? Contact [Datadog Support][2].

[1]: https://www.mimecast.com/
[2]: https://docs.datadoghq.com/help/
22 changes: 14 additions & 8 deletions mux/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,28 @@ Integrate Mux with Datadog to gain insights into mux video performance data.

## Setup

### Get config parameters from Mux
### Generate Access Token ID and Secret Key in Mux

#### Find your Access Token ID and Secret Key from Mux
1. Login to [MUX account][2].
2. In the sidebar, click on **Settings**.
3. Click on **Access Tokens**.
4. Select **Generate new token**.
5. Choose the environment.
6. Under the **permission** section, select **Mux Data(read-only)**.
7. Enter the access token name.
8. Click on **Generate Token**.
9. Save the Access Token ID and Secret Key from the **Here's your new Access Token** tab.
8. Click on **Generate Token** to find the access token ID and secret key.


### Connect your Mux account to Datadog

1. Add your access token ID and secret key.
|Parameters|Description|
|--------------------|--------------------|
|Access Token ID|Access token ID of your MUX account.|
|Secret Key|Secret key of your MUX account.|

2. Click the **Save** button to save your settings.

### Add your Mux credentials
- Access token ID
- Secret key

## Data Collected

Expand All @@ -43,7 +49,7 @@ The Mux integration does not include any service checks.

The Mux integration does not include any events.

## Troubleshooting
## Support

Need help? Contact [Datadog support][3].

Expand Down
43 changes: 18 additions & 25 deletions palo_alto_cortex_xdr/README.md
Original file line number Diff line number Diff line change
@@ -1,63 +1,56 @@
# Palo Alto Cortex XDR Integration For Datadog
# Palo Alto Cortex XDR

## Overview

[Palo Alto Cortex XDR][1] is a comprehensive detection and response platform that provides advanced threat protection across endpoints, networks, and cloud environments. It integrates endpoint protection, network security, and analytics to offer real-time visibility and response capabilities and combat sophisticated cyber threats effectively.

This integration ingests the following logs:

- Incident
- Alert
- Incident: Represents information of artifacts, assets, and alerts from a threat event, including their severity, status, and the users who handle them.
- Alert: Represents real-time analysis of alerts, including their severity, frequency, and source.

The Palo Alto Cortex XDR integration seamlessly collect the data of Palo Alto Cortex XDR logs using REST APIs.
Before ingesting the data, it normalizes and enriches the logs, ensuring a consistent data format and enhancing information content for downstream processing and analysis. The integration provides insights into incidents and alerts using out-of-the-box dashboards.
The Palo Alto Cortex XDR integration seamlessly collects the data of Palo Alto Cortex XDR logs using REST APIs. Before ingesting the data, it normalizes and enriches the logs, ensuring a consistent data format and enhancing information content for downstream processing and analysis. The integration provides insights into incidents and alerts using out-of-the-box dashboards.

## Setup

### Configuration
### Generate API credentials in Palo Alto Cortex XDR

#### Get Credentials of Palo Alto Cortex XDR

#### Steps to create API key

1. Sign into your **Palo Alto Cortex XDR** instance.
1. Log into your **Palo Alto Cortex XDR account**.
2. Navigate to **Settings** > **Configurations** > **Integrations** > **API Keys**.
3. Click on **New Key**.
4. Choose the type of API key based on your desired security level, **Advanced** or **Standard**.
5. If you want to define a time limit on the API key authentication, check **Enable Expiration Date**, and then select the **expiration date and time**. Navigate to **Settings** > **Configurations** > **Integrations** > **API Keys** to track the **Expiration Time** setting for each API key.
6. Provide a comment that describes the purpose for the API key, if desired.
7. Select the desired level of access for this key from existing **Roles**, or you can select **Custom** to set the permissions granularly.
8. Click **Generate** to generate the API key.
9. Copy the API key, and then click **Done**. This value represents your unique **Authorization:{key}**

#### Steps to get Cortex XDR API Key ID
### Get API key ID of Palo Alto Cortex XDR

1. In the API Keys table, locate the ID field.
2. Note your corresponding ID number. This value represents the **x-xdr-auth-id:{key_id}** token.

#### Steps to get FQDN
### Get FQDN of Palo Alto Cortex XDR

1. Right-click your API key and select **View Examples**.
2. Copy the **CURL Example** URL. The example contains your unique **FQDN**.

#### Palo Alto Cortex XDR DataDog Integration Configuration
### Connect your Palo Alto Cortex XDR account to Datadog

Configure the Datadog endpoint to forward Palo Alto Cortex XDR logs to Datadog.
1. Add your Palo Alto Cortex XDR credentials.

1. Navigate to `Palo Alto Cortex XDR`.
2. Add your Palo Alto Cortex XDR credentials.
| Parameters | Description |
| -------------| ------------ |
| API key | The API key from Palo Alto Cortex XDR. |
| API Key ID | The auth ID from Palo Alto Cortex XDR. |
| FQDN | The FQDN from Palo Alto Cortex XDR. It is the `baseUrl` part of `baseUrl/public_api/v1/{name of api}/{name of call}/` |

| Palo Alto Cortex XDR Parameters | Description |
| ------------------------------- | ------------ |
| API key | The API key from Palo Alto Cortex XDR. |
| API Key ID | The auth id from Palo Alto Cortex XDR. |
| FQDN | The FQDN from Palo Alto Cortex XDR. It is the `baseUrl` part of `baseUrl/public_api/v1/{name of api}/{name of call}/` |
2. Click the **Save** button to save your settings.

## Data Collected

### Logs

The Palo Alto Cortex XDR integration collects and forwards Palo Alto Cortex XDR Incident and alert logs to Datadog.
The Palo Alto Cortex XDR integration collects and forwards Palo Alto Cortex XDR incident and alert logs to Datadog.

### Metrics

Expand All @@ -69,7 +62,7 @@ The Palo Alto Cortex XDR integration does not include any events.

## Support

For further assistance, contact [Datadog Support][2].
Need help? Contact [Datadog Support][2].

[1]: https://docs-cortex.paloaltonetworks.com/p/XDR
[2]: https://docs.datadoghq.com/help/
Loading
Loading