integrations-core icon indicating copy to clipboard operation
integrations-core copied to clipboard
verified publisher icon DataDog

[SIEMINT-85] DDS: Trend Micro Vision One XDR: Crawler Integration v1.0.0

Open tirthrajchaudhari-crest opened this issue 1 year ago • 3 comments

What does this PR do?

This is a initial release PR of Trend Micro Vision One XDR integration including all the required assets.

Additional Notes

  • Crawler code for this integration has been committed in its respective repo
  • Pipeline and Facet group created for this integration are available in our sandbox and would be shared separately with the required teams.
  • Samples for the pipeline review would also be shared separately with the required teams.
  • OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository.
  • Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current Datadog behaviour
  • We have live data for Workbench Alerts, endpointActivity, and Detections from the OAT event type. However, for activities like cloudActivity, networkActivity, mobileActivity, containerActivity, emailActivity, and identityActivity, we do not have live data. Therefore, we have created data samples from the API documentation.

Review checklist (to be filled by reviewers)

  • [ ] Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • [ ] Changelog entries must be created for modifications to shipped code
  • [ ] Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • [ ] If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

tirthrajchaudhari-crest avatar Aug 06 '24 09:08 tirthrajchaudhari-crest

Thanks, created DOCS-8655 to review

buraizu avatar Aug 07 '24 19:08 buraizu

Docs are approved, looks like there's a merge conflict to resolve though

@cswatt, I have resolved the merge conflicts

tirthrajchaudhari-crest avatar Aug 12 '24 06:08 tirthrajchaudhari-crest

The test samples allow to test nested pipelines, the only non standard facet is correctly namespaced, and the remappers look ok. I move it to testing in staging. One question, is it intentional that the service tag is preset by the log source in this integration ?

Yes, It will be preset as it's a crawler based integration and it will be added in code only.

tirthrajchaudhari-crest avatar Aug 14 '24 10:08 tirthrajchaudhari-crest