integrations-core icon indicating copy to clipboard operation
integrations-core copied to clipboard
verified publisher icon DataDog

[SIEMINT-69] DDS: Cisco Secure Endpoint: Crawler Integration v1.0.0

Open ankitarajput-crest opened this issue 1 year ago • 7 comments

What does this PR do?

This is a initial release PR of Cisco Secure Endpoint integration including all the required assets.

Additional Notes

  • Crawler code for this integration has been committed in its respective repo
  • Pipeline and Facet group created for this integration are available in our sandbox and would be shared separately with the required teams.
  • Samples for the pipeline review would also be shared separately with the required teams.
  • OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository.
  • Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current Datadog behaviour.
  • According to the Cisco Secure Endpoint Documentation, it also supports Private Cloud deployment. As there are no additional requirements mentioned in its documentation, the integration should work for private cloud deployment. But we won’t be able to test since our lab is cloud only.

Review checklist (to be filled by reviewers)

  • [ ] Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • [ ] Changelog entries must be created for modifications to shipped code
  • [ ] Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • [ ] If you need to backport this PR to another branch, you can add the backport/ label to the PR and it will automatically open a backport PR once this one is merged.

ankitarajput-crest avatar Jul 01 '24 13:07 ankitarajput-crest

@ankitarajput-crest this PR needs to be rebased

nathanmadams avatar Jul 23 '24 12:07 nathanmadams

@ankitarajput-crest this PR needs to be rebased

@nathanmadams Have rebased the PR

ankitarajput-crest avatar Jul 23 '24 18:07 ankitarajput-crest

Looks quite good for me about the logs files. I will push this in our test environment and run a test tomorrow. I will keep you posted by then!

thibaultkrebs avatar Jul 25 '24 14:07 thibaultkrebs

All good for me on logs. I am approving the PR.

image

thibaultkrebs avatar Jul 26 '24 12:07 thibaultkrebs

Looks good pending the merge conflict on the manifest.json file.

@alai97 Have resolved the conflict.

ankitarajput-crest avatar Aug 07 '24 06:08 ankitarajput-crest

We will update the pipelines and dashboards changes as changes suggested by nathan in crawler PR

madhavpandya-crest avatar Aug 14 '24 14:08 madhavpandya-crest

We will update the pipelines and dashboards changes as changes suggested by nathan in crawler PR

This changes have been completed.

manan-crest avatar Aug 27 '24 13:08 manan-crest

I rechecked the log file and it looks good for me, I have reapproved the PR 👍

thibaultkrebs avatar Sep 24 '24 09:09 thibaultkrebs