Skip to content

Commit

Permalink
[INTPLAT-158] [SIEMINT-88] DDS: Palo Alto Cortex XDR: Crawler Integra…
Browse files Browse the repository at this point in the history
…tion v1.0.0 (#18084)

* Added Palo Alto Cortex XDR integration with assets

* Added date in CHANGELOG file

* Fixed pipeline suggestions

* Fixed pipeline suggestions

* Fixing log pipeline suggestions

* Reodered Groups for facets

* Added log pipeline result

* Fixing pipeline for log result

* Enhanced log pipeline result

* Fixing the log pipeline result

* Adding log output.

* Adding log pipeline result

* Updated log pipeline

* Updated README.md file with suggested changes

* Drop explain plan failures to debug level (#17974)

* Drop explain plan errors to debug logs.

* Changelog entry

* [mongo] Support auto-discover available databases for the monitored mongodb instance (#17959)

* autodiscover mongodb databases

* Add database autodiscovery support

* remove print

* only list authorized collections not views

* ignore collections from config when database autodiscovery is enabled

* add changelog

* update changelog

* fix license header

* update include list with deprecated dbnames

* fix test

* update comments

* update changelog

* return databases and count

* update readme

* update config description to dbnames

* Add collect of metrics for buffer cache usage (#17960)

The pg_buffercache extension provides a pg_buffercache view that give
a detailed report the usage of shared buffer: which relation is using
it, whether it's dirty and how many backends are pinning this buffer.

This patch adds the capacity to collect data from pg_buffercache to
provide visibility on shared buffer usage.

* [mongo] deprecate collStats command and use $collStats aggregation stage to collect collection metrics (#17961)

* use collStats aggregation pipeline to collect collection metrics

* add changelog

* sort metadata

* remove commented code

* update test results with new metrics

* Add ssl path option when building the librdkafka dependency  (#17957)

* add the prefix path

* commit

* commit

* commit

* add debug

* enable ssl

* enable ssl in prefix folder

* enable ssl in prefix folder

* set default ssl path

* set default ssl path

* set default ssl path

* set default ssl path

* set default ssl path

* linter

* linter

* Update dependency resolution (#17971)

Co-authored-by: iliakur <[email protected]>

* Fix format issue with master pipeline flaky test management pr17910 (#17979)

* Add manual trigger for flaky test suite

* Mark envoy tests as flaky (#17985)

* [Release] Bumped vllm version to 1.0.0 (#17988)

* Switch back to the intial database while collecting schemas (#17978)

* Switch back to the intial database while collecting schemas

* Used finally

* Applied linter

* Port 7.56 releases to master (#17991)

* [Release] Bumped active_directory version to 2.1.1

* [Release] Bumped aerospike version to 2.2.2

* [Release] Bumped amazon_msk version to 4.9.0

* [Release] Bumped arangodb version to 2.2.2

* [Release] Bumped argo_rollouts version to 1.0.2

* [Release] Bumped argo_workflows version to 1.0.2

* [Release] Bumped argocd version to 2.4.2

* [Release] Bumped aspdotnet version to 2.1.1

* [Release] Bumped avi_vantage version to 4.2.2

* [Release] Bumped boundary version to 2.2.3

* [Release] Bumped calico version to 2.2.2

* [Release] Bumped cert_manager version to 4.1.2

* [Release] Bumped cilium version to 3.5.1

* [Release] Bumped cisco_aci version to 2.9.0

* [Release] Bumped clickhouse version to 3.6.0

* [Release] Bumped cockroachdb version to 3.3.2

* [Release] Bumped coredns version to 3.2.3

* [Release] Bumped datadog_checks_base version to 36.9.0

* [Release] Bumped datadog_checks_downloader version to 4.7.0

* [Release] Bumped dcgm version to 2.3.2

* [Release] Bumped dotnetclr version to 2.1.1

* [Release] Bumped envoy version to 3.5.1

* [Release] Bumped esxi version to 1.2.0

* [Release] Bumped etcd version to 6.2.2

* [Release] Bumped exchange_server version to 2.1.1

* [Release] Bumped fluxcd version to 1.2.2

* [Release] Bumped gitlab version to 7.3.2

* [Release] Bumped haproxy version to 5.2.2

* [Release] Bumped http_check version to 9.7.0

* [Release] Bumped hyperv version to 1.11.1

* [Release] Bumped iis version to 3.1.1

* [Release] Bumped impala version to 2.2.2

* [Release] Bumped istio version to 6.1.2

* [Release] Bumped kafka_consumer version to 4.5.0

* [Release] Bumped karpenter version to 1.4.1

* [Release] Bumped kong version to 3.2.2

* [Release] Bumped kubernetes_cluster_autoscaler version to 1.0.1

* [Release] Bumped linkerd version to 4.2.2

* [Release] Bumped mongo version to 6.7.0

* [Release] Bumped mysql version to 12.6.0

* [Release] Bumped nvidia_triton version to 1.2.2

* [Release] Bumped openmetrics version to 4.2.2

* [Release] Bumped postgres version to 19.0.0

* [Release] Bumped process version to 3.4.0

* [Release] Bumped pulsar version to 2.2.2

* [Release] Bumped rabbitmq version to 5.3.2

* [Release] Bumped ray version to 1.2.2

* [Release] Bumped redisdb version to 5.6.0

* [Release] Bumped scylla version to 2.7.2

* [Release] Bumped snowflake version to 5.7.0

* [Release] Bumped sqlserver version to 17.4.0

* [Release] Bumped strimzi version to 2.2.2

* [Release] Bumped tcp_check version to 4.9.0

* [Release] Bumped teamcity version to 4.3.0

* [Release] Bumped tekton version to 1.0.2

* [Release] Bumped temporal version to 2.2.2

* [Release] Bumped teradata version to 2.2.1

* [Release] Bumped tls version to 2.18.0

* [Release] Bumped torchserve version to 2.2.2

* [Release] Bumped traefik_mesh version to 1.0.1

* [Release] Bumped vault version to 4.2.1

* [Release] Bumped vsphere version to 7.6.0

* [Release] Bumped weaviate version to 2.3.3

* [Release] Bumped windows_performance_counters version to 2.1.1

* [Release] Bumped windows_service version to 4.9.1

* Allow pytest to return success when no tests are collected for flaky test suite (#17990)

* Manage no tests collected exit code 5 from pytest for flaky test suite
* Manage passing additional -m arguments to pytest in e2e test
* Avoid passing `all` to pytest (revert to initial state)

* Revert "Allow pytest to return success when no tests are collected for flaky test suite (#17990)"

This reverts commit dd5dd64.

* Update Logs Parsing rules for the Teleport Pipeline (#17955)

* make component name optional in the log prefix

* add two samples for missing component name logs

* update sample results

* [NDM][Cisco SD-WAN] Bold Cisco sdwan beta banner (#17941)

* Add Cisco sdwan beta banner

* trying smth

* bold

* Fixed the heat endpoint for the Openstack Controller (#17996)

* fixing the heat endpoint

* added a changelog

* addressed comments

* addressed comments

* lint

* kyverno setup (#17757)

* kyverno setup

* added python tests

* add tests

* ci sync

* validations

* changelog

* service checks

* validation

* validation

* sync ci

* lint

* ci sync

* classifier tags

* manifests

* clean up

---------

Co-authored-by: sguillen18 <[email protected]>

* Enable manual triggering of dependency build & resolution (#17995)

* Enable manual triggering of dependency build & resolution

* Use default_branch instead of hardcoded branch name

Co-authored-by: Hugo Beauzée-Luyssen <[email protected]>

---------

Co-authored-by: Hugo Beauzée-Luyssen <[email protected]>

* Fix build-deps workflow yaml (#18002)

* Kyverno starting version should be 0.0.1 (#18001)

* [mongo] Properly handle the null value of waiting_for_latch in operation sampling (#17997)

* Release v1 of kyverno (#18005)

* [Release] Bumped kyverno version to 1.0.0

* [Release] Update metadata

* Emit dead/live toast rows as gauge (#18009)

* remove invalid filters (#18010)

* Sy/istio assets (#17998)

* WIP assets

* rec monitors

* rec monitors

* dash nits

* Update istio/assets/dashboards/overview.json

Co-authored-by: domalessi <[email protected]>

* Update istio/assets/dashboards/overview.json

Co-authored-by: domalessi <[email protected]>

* Update istio/assets/dashboards/overview.json

Co-authored-by: domalessi <[email protected]>

---------

Co-authored-by: domalessi <[email protected]>

* add default monitor for wincrashdetect (#18011)

* add default monitor for wincrashdetect

* review feedback

* missing field

* Update wincrashdetect/assets/monitors/windows_crash.json

Co-authored-by: May Lee <[email protected]>

---------

Co-authored-by: May Lee <[email protected]>

* Code Formatting Nit (#18012)

* Add tests for openmetrics counters (#18014)

- Confirm that we don't collect metrics that don't end in _total
- Confirm that forcing untyped metrics into counters works (see prev point tho)

* Remove SIT as code owners of checks downloader (#17992)

* remove SIT as code owners of checks downloader

the SIT team is not a core contributor to this software anymore

* remove Trishank as code owner

See #17992 (comment)

* Wrap pytest exit code to 0 when no tests are collected (#18003)

* Wrap pytest exit code to 0 when no tests are collected for flaky test suite as well as master
* Manage passing additional -m arguments to pytest in e2e test
* Pass `all` to pytest for e2e tests. 

By default e2e tests are checked for None as environment provided in command line args to set it to `all`. With additional args for pytest passed with `-m` flag, ddev cli misinterprets this as an environment name whereas it should be selecting `all` environments

* Rename classes to avoid pytest warnings (#18015)

Pytest tries to treat classes that start with 'Test' as tests. Helper class
names shouldn't start with 'Test' to avoid pytest complaining about them.

* [NDM] Add NDM metadata support for Cisco ACI (#17735)

* Add support for sending device metadata

* Add unit test for device metadata, update fixture

* Add license header, changelogs

* Lint

* First pass at submitting interface metadata, cleanup for test fixtures

* Fix for py2.7 support

* Try to fix imports

* Deal with pydantic stuff py2.7

* Allow namespace for Cisco ACI devices, static var for vendor

* Update device metadata to use the correct fieldname, add pydantic model for EvP intake

* Sync the conf.yaml example

* Add device type and integration to device metadata, fix ID field name

* Update interface statuses

* Deal with device status (use fabricSt)

* Update get_eth_list to get operStatus, update all tests and fixtures

* Amend docs for namespace

* Batch events sent to EvP

* Add interface status metric

* Only add to list for >py3.0

* Update default value for vendor, yield for batch events, use device type other

* Add source field to device metadata tags

* Add enums for interface status

* Use correct track type for NDM metadata

* Amend device id tag, collect timestamp ms -> s

* Add interface integration field

* More generic method to send EvP event

* Add docstring for the EvP method

* Update interface tagging, remove system_ip tag

* Fix linting for submit event platform event

* Use interface ID tags

* [LOGSC-1794] Change Logs assets file ownership to only Logs-backend (#17906)

* Move logs backend as only owner for logs asset files following incident 27749

* Make sure ownership is logs backend by being last item

* Remove use of python from process signatures (#18021)

* appset metric fix (#18018)

* appset metric fix

* changelogs

* Release base check (#18025)

* [Release] Bumped datadog_checks_base version to 36.10.0

* [Release] Update metadata

* Bump minimum base check version required. (#18028)

* [NDM] [Cisco ACI] Update dashboard (#17943)

* First pass to update Cisco ACI dashboard

* Add doc update suggestion to description

* Separate egress/ingress graphs, fix wrong metrics used

* add missing offering integration classifier tag to all listings (#18023)

* Add explanation to logs-only template (#18027)

* Finalize Agent release 7.55.0 (#18022)

Co-authored-by: steveny91 <[email protected]>

* [datadog_cluster_agent] Add tagger and workloadmeta metrics (#18030)

* Add process signatures for vLLM (#17980)

* Add process signatures for vLLM

* fix manifest json

* feedback from processes team

* process sig as suggested by processes team

* enable public display for Traefik Mesh (#18032)

* [ecos 1459] Move all marketplace further reading readme sections to the manifest (#17721)

* Move all marketplace further reading readme sections to the manifest

* rerun script

* Update kafka/manifest.json

* Apply suggestions from code review

* Update openai/manifest.json

* Update snmp/manifest.json

* Update kafka/manifest.json

* Update spark/manifest.json

* re-run script

* Apply suggestions from code review

* Update voltdb/manifest.json

* Apply suggestions from code review

* Update voltdb/manifest.json

* Update snmp_f5/manifest.json

* Modify the indents of yaml in README.md (#17977)

* Add Network Path integration metadata (#17984)

Co-authored-by: Alicia Scott <[email protected]>

* Add network_path to codeowners (#18035)

* remove macOS support for network_path (#18034)

* [dbm] Handles group replication metrics for MySQL version < 8.0.2 (#18024)

* handle mysql group replication metrics for ver < 8.0.2

* updates tests

* renames vars, fixes tests

* adds changelog

* Add NDM as codeowners for Cisco ACI integration (#18036)

* Finalize Agent release 7.55.1 (#18040)

Co-authored-by: steveny91 <[email protected]>

* vault ootb update (#18045)

* vault ootb update

* vault ootb update manifest

* Update vault_overview.json

* [mongo] Continue coll/index stats collection if user is not authorized to perform aggregation (#18044)

* Continue collection of coll stats if user is not authorized to perform collStats aggregation

* add changelog

* fix lint

* continue on index stats collection if user is not authorized

* update changelog

* Fix postgres extension settings collection (#18043)

* Improve log error for invalid ssl option in postgres config (#18047)

* minor fix (#18049)

* Sy/temporal fix (#18050)

* test fix

* changelog

* [NDM] [Cisco ACI] Add common NDM tags to metrics (#18017)

* Update interface status metric name to be more consistent with other metrics

* Add common NDM metric tags

* Add changelog

* Add missing common tags (device_id, device_hostname)

* [mongo] collect additional wiredtiger cache metrics (#18052)

* collect additional wiredtiger cache metrics

* add changelog

* Show descriptions of templates in ddev create help (#18039)

* Show descriptions of templates in ddev create help

* add changelog

* add more template descriptions

* Apply suggestions from code review

Co-authored-by: Bryce Eadie <[email protected]>

* Update datadog_checks_dev/datadog_checks/dev/tooling/templates/integration/tile/README.md

Co-authored-by: Bryce Eadie <[email protected]>

---------

Co-authored-by: Bryce Eadie <[email protected]>

* Add overview dashboard for vLLM (#17967)

* Add overview dashboard for vLLM

* Apply suggestions from code review

Co-authored-by: Heston Hoffman <[email protected]>

* Dashboard changes based on review

---------

Co-authored-by: Heston Hoffman <[email protected]>

* [NDM] [Cisco ACI] Update metrics metadata (#17981)

* Update metrics that have per second unit, update incorrect units

* Add new metric for interface status

* Update the port status metric to correspond to new name

* [Release] Bumped mongo version to 6.7.1 (#18061)

* Update vault_overview.json (#18055)

* Sy/om type override (#18054)

* Fix tests for openmetrics counter transformer

* Try dropping the '_total' restriction on metric samples

* add type override examples

* add test for type_override

* stricter test

* changelog

* remove f string

* remove f string

* spacing

* lint

* Update datadog_checks_base/changelog.d/18054.added

Co-authored-by: Ilia Kurenkov <[email protected]>

* Update datadog_checks_base/tests/base/checks/openmetrics/test_v2/test_transformers/test_type_override.py

Co-authored-by: Ilia Kurenkov <[email protected]>

* Update datadog_checks_base/tests/base/checks/openmetrics/test_v2/test_transformers/test_type_override.py

Co-authored-by: Ilia Kurenkov <[email protected]>

* Update datadog_checks_base/tests/base/checks/openmetrics/test_v2/test_transformers/test_type_override.py

Co-authored-by: Ilia Kurenkov <[email protected]>

* Update test_type_override.py

* lint

---------

Co-authored-by: Ilia Kurenkov <[email protected]>

* update cURL from 8.4.0 to 8.7.1 (#18064)

* [NDM] Pin pysmi version for breaking generate traps DB tests (#18066)

* Pin pysmi version for integration tests

* Add changelog

* Fix misspelled database name (#18068)

* [mongo] rename dbms from mongodb to mongo (#18067)

* rename dbms to mongo

* add changelog

* fix test

* rename ootb dashboard (#18051)

* rename ootb dashboard

* rename json

* rename json

* rename json

* Add validation for versions in __about__.py and CHANGELOG (#18063)

* Add validation for versions in __about__.py and CHANGELOG

* add changelog

* try fix for windows path

* fix the other paths for windows tests

* Update dependency resolution (#18065)

Co-authored-by: chouquette <[email protected]>

* [Release] Bumped mongo version to 6.7.2 (#18076)

* make windows crash detection docs publi (#18074)

* Start validating version in CI (#18077)

* Start validating version in CI

* Fix changelogs and ignore ddev

* [AGENT-11701] Fix TeamCity Integration (#18041)

* Handle project without builds

* Add changelog

* Refactor code

* Add comment

* Fix

* Update teamcity/changelog.d/18041.fixed

Co-authored-by: Ilia Kurenkov <[email protected]>

---------

Co-authored-by: Ilia Kurenkov <[email protected]>

* Sy/kyverno patch (#18088)

* rename metric

* changelog

* tests

* [SIEMINT-42] DDS: Mimecast: Crawler Integration Without Assets (#17864)

* Add mimecast crawler integration with no assets

* corrected description.

* Adding stanza in CODEOWNERS for mimecast integration and minor fix.

* Adding integration in labeler.yml

* [mysql] revert default read_timeout (#18097)

* revert default read_timeout

* add changelog

* Add global custom queries feature for postgres (#17993)

* Add global custom queries for postgres

* Add changelog entry

* Update config models

* Update instance config model

* [Release] Bumped kyverno version to 1.0.1 (#18095)

* process signature (#18092)

* Add schema collection to mysql (#17916)

* Add schema collection to mysql

* add schemas

* Added test dbs and tables

* Added indexes

* Adding foreign keys

* Fix submitter

* add test change

* Added the main test

* revert typos

* fixed indexes

* Add params to queries

* added unit tests

* added flavor field

* Changed index_name to name

* Changed fkeys query

* Changed partition query

* Normalise f_keys columns

* Applied linter

* Fixed comments

* Applied linter

* Fixed example

* Added a changelog

* Moved changelog

* synced data model

* Added a test for enabled logic

* Renamed to database data

* Add databases data

* added the changelog

* Added fields to columns query

* added subpartitions as separate fields

* Add fields to the table query

* Improved columns query

* Added table name to the FK key query

* Removed cardinality from index query as its dynamic

* Improved exception handling

* Added the base table condition

* ordered columns in f_key

* Added index schema

* improved partitions data

* fixed columns

* Applied linter

* Normalized tests

* Applied linter

* Fix tests for group

* Fixed for MariaDB

* Fixed tests for mariaDB

* update cisco sdwan monitor tags (#18102)

* [SIEMINT-69] DDS: Cisco Secure Endpoint: Crawler Integration Without Assets (#17865)

* Add Cisco Secure Endpoint Crawler Code with no assets

* Updated manifest.json

* Updated source_type_name in manifest

* Added CODEOWNERS for cisco secure endpoint

* Updated labeler.yml

* Updated as per PR comment

* Made changes in changelog file

---------

Co-authored-by: Ankita Rajput <[email protected]>
Co-authored-by: Nathan Adams <[email protected]>

* SDBM-1074: Update sqlserver_db_not_sync.json (#18103)

* SDBM-1074: Update sqlserver_db_not_sync.json

Adjusting the description based on customer feedback

* Update sqlserver/assets/monitors/sqlserver_db_not_sync.json

Co-authored-by: Seth Samuel <[email protected]>

---------

Co-authored-by: Seth Samuel <[email protected]>

* Add Further Reading links (#18096)

* Add Further Reading link

* Add links

* Fix crash when no pg_stat_statements (#18081)

* recommended monitor (#18089)

* recommended monitor

* Update kyverno/assets/monitors/controller_drops.json

Co-authored-by: Esther Kim <[email protected]>

* Update kyverno/assets/monitors/controller_drops.json

Co-authored-by: Esther Kim <[email protected]>

---------

Co-authored-by: Esther Kim <[email protected]>

* [DOCS-7701] readme improvements for Istio and Aerospike (#18013)

* ad updates

* Apply suggestions from code review

Co-authored-by: Bryce Eadie <[email protected]>

* Update README.md

---------

Co-authored-by: Bryce Eadie <[email protected]>

* saved views (#18100)

* Update README.md (#18110)

* Initial feedback for vLLM dashboard (#18105)

* Initial feedback for vLLM dashboard

* Apply suggestions from code review

Co-authored-by: May Lee <[email protected]>

* add description for process section

---------

Co-authored-by: May Lee <[email protected]>

* Port releases for rc7 of 7.56 to master (#18114)

* [Release] Bumped mysql version to 12.6.1

* [Release] Bumped openstack_controller version to 6.8.1

* Update README.md (#18115)

* [SIEMINT-40] DDS: Sophos Central Cloud: Crawler Integration Without Assets (#17866)

* Add sophos central cloud crawler integration with no assets

* Adding description in menifest file.

* Adding stanza in CODEOWNERS.

* Fix source type name suggestion

* Update README.md (#18116)

* Update ECS Fargate about potential billing impact related to setting DD_HOSTNAME (#18031)

* added section to enable default metrics through jmxfetch

* update dd_hostname warning to include note about billing impact

* Update ecs_fargate/README.md

Co-authored-by: Alicia Scott <[email protected]>

---------

Co-authored-by: Alicia Scott <[email protected]>

* Fix integration dashboard json file name (cisco_secure_firewall/assets/dashboards/cisco_secure_firewall_threat_detection.json) (#18124)

* fixing space in file name

* modifying manifest

* Readd the API Key installation instructions (#18106)

* Readd the API Key installation instructions

* Remove links inside tabs

* Apply suggestions from code review

Co-authored-by: May Lee <[email protected]>

---------

Co-authored-by: May Lee <[email protected]>

* DDS: Palo Alto Cortex XDR: Crawler Integration Without Assets (#18107)

* Add palo alto cortex xdr integration with no asset

* Updated manifest file

* Made changes in title

* Removed angle brackets

---------

Co-authored-by: surabhipatel_crest <[email protected]>
Co-authored-by: ravindrasojitra-crest <[email protected]>

* Minor change

* change logo of the integration.

* remove angle braces to fix integration sync issues (#18109)

* Finalize Agent release 7.55.2 (#18079)

Co-authored-by: steveny91 <[email protected]>

* Log warning when failing to parse openmetrics response (#17514)

* Include input line in openmetrics parsing error

* Add changelog entry

---------

Co-authored-by: Ilia Kurenkov <[email protected]>

* [NDM] [Cisco ACI] Add config flag for enabling sending metadata to NDM (#18099)

* Add the enable_ndm flag

* Check the flag is true before creating metadata and sending to NDM intake

* Always forget the changelog

* Rename config flag to send_ndm_metadata

* Refactor to use new flag name, helper fn to check to send NDM metadata

* Updated Dashboards

* Resolve Merge Conflicts.

* Resolve merge conflicts.

* Adding offering tag.

* Resolve merge conflicts.

* Updated dashboard design

* Updated new dashboard images

* Addressed minor review comment

---------

Co-authored-by: surabhipatel_crest <[email protected]>
Co-authored-by: Alex Weisberger <[email protected]>
Co-authored-by: Zhengda Lu <[email protected]>
Co-authored-by: Anthonin Bonnefoy <[email protected]>
Co-authored-by: HadhemiDD <[email protected]>
Co-authored-by: agent-platform-auto-pr[bot] <153269286+agent-platform-auto-pr[bot]@users.noreply.github.com>
Co-authored-by: iliakur <[email protected]>
Co-authored-by: vivek-datadog <[email protected]>
Co-authored-by: Vivekanand Ilango <[email protected]>
Co-authored-by: Ilia Kurenkov <[email protected]>
Co-authored-by: Boris Kozlov <[email protected]>
Co-authored-by: NouemanKHAL <[email protected]>
Co-authored-by: Thibaud Cheruy <[email protected]>
Co-authored-by: rahulkaukuntla <[email protected]>
Co-authored-by: Steven Yuen <[email protected]>
Co-authored-by: sguillen18 <[email protected]>
Co-authored-by: Alex Lopez <[email protected]>
Co-authored-by: Hugo Beauzée-Luyssen <[email protected]>
Co-authored-by: domalessi <[email protected]>
Co-authored-by: Derek Brown <[email protected]>
Co-authored-by: May Lee <[email protected]>
Co-authored-by: Austin Lai <[email protected]>
Co-authored-by: Cédric Van Rompay <[email protected]>
Co-authored-by: zoe ✨ <[email protected]>
Co-authored-by: Thibault Krebs <[email protected]>
Co-authored-by: Daniel Tafoya <[email protected]>
Co-authored-by: bgoldberg122 <[email protected]>
Co-authored-by: datadog-agent-integrations-bot[bot] <159767151+datadog-agent-integrations-bot[bot]@users.noreply.github.com>
Co-authored-by: steveny91 <[email protected]>
Co-authored-by: David Ortiz <[email protected]>
Co-authored-by: Kyle Neale <[email protected]>
Co-authored-by: taromn <[email protected]>
Co-authored-by: Alexandre Yang <[email protected]>
Co-authored-by: Alicia Scott <[email protected]>
Co-authored-by: Alex Torres <[email protected]>
Co-authored-by: Seth Samuel <[email protected]>
Co-authored-by: Bryce Eadie <[email protected]>
Co-authored-by: Heston Hoffman <[email protected]>
Co-authored-by: Jen Gilbert <[email protected]>
Co-authored-by: chouquette <[email protected]>
Co-authored-by: Shanel Huang <[email protected]>
Co-authored-by: dkirov-dd <[email protected]>
Co-authored-by: ravindrasojitra-crest <[email protected]>
Co-authored-by: Raj Madhaiyan <[email protected]>
Co-authored-by: ankitarajput-crest <[email protected]>
Co-authored-by: Ankita Rajput <[email protected]>
Co-authored-by: Nathan Adams <[email protected]>
Co-authored-by: pierreln-dd <[email protected]>
Co-authored-by: Esther Kim <[email protected]>
Co-authored-by: cecilia saixue watt <[email protected]>
Co-authored-by: Heather Dinh <[email protected]>
Co-authored-by: Kirolos Shahat <[email protected]>
Co-authored-by: Tommy Brunn <[email protected]>
  • Loading branch information
Show file tree
Hide file tree
Showing 10 changed files with 5,061 additions and 23 deletions.
69 changes: 51 additions & 18 deletions palo_alto_cortex_xdr/README.md
Original file line number Diff line number Diff line change
@@ -1,42 +1,75 @@
# Agent Check: palo_alto_cortex_xdr
# Palo Alto Cortex XDR Integration For Datadog

## Overview

This check monitors [Palo Alto Cortex XDR][1].
[Palo Alto Cortex XDR][1] is a comprehensive detection and response platform that provides advanced threat protection across endpoints, networks, and cloud environments. It integrates endpoint protection, network security, and analytics to offer real-time visibility and response capabilities and combat sophisticated cyber threats effectively.

## Setup
This integration ingests the following logs:

- Incident
- Alert

### Installation
The Palo Alto Cortex XDR integration seamlessly collect the data of Palo Alto Cortex XDR logs using REST APIs.
Before ingesting the data, it normalizes and enriches the logs, ensuring a consistent data format and enhancing information content for downstream processing and analysis. The integration provides insights into incidents and alerts using out-of-the-box dashboards.

The Palo Alto Cortex XDR check is included in the [Datadog Agent][2] package.
No additional installation is needed on your server.
## Setup

### Configuration

1. List of steps to configure this integration
#### Get Credentials of Palo Alto Cortex XDR

#### Steps to create API key

1. Sign into your **Palo Alto Cortex XDR** instance.
2. Navigate to **Settings** > **Configurations** > **Integrations** > **API Keys**.
3. Click on **New Key**.
4. Choose the type of API key based on your desired security level, **Advanced** or **Standard**.
5. If you want to define a time limit on the API key authentication, check **Enable Expiration Date**, and then select the **expiration date and time**. Navigate to **Settings** > **Configurations** > **Integrations** > **API Keys** to track the **Expiration Time** setting for each API key.
6. Provide a comment that describes the purpose for the API key, if desired.
7. Select the desired level of access for this key from existing **Roles**, or you can select **Custom** to set the permissions granularly.
8. Click **Generate** to generate the API key.
9. Copy the API key, and then click **Done**. This value represents your unique **Authorization:{key}**

#### Steps to get Cortex XDR API Key ID

1. In the API Keys table, locate the ID field.
2. Note your corresponding ID number. This value represents the **x-xdr-auth-id:{key_id}** token.

#### Steps to get FQDN

### Validation
1. Right-click your API key and select **View Examples**.
2. Copy the **CURL Example** URL. The example contains your unique **FQDN**.

Steps to validate integration is functioning as expected
#### Palo Alto Cortex XDR DataDog Integration Configuration

Configure the Datadog endpoint to forward Palo Alto Cortex XDR logs to Datadog.

1. Navigate to `Palo Alto Cortex XDR`.
2. Add your Palo Alto Cortex XDR credentials.

| Palo Alto Cortex XDR Parameters | Description |
| ------------------------------- | ------------ |
| API key | The API key from Palo Alto Cortex XDR. |
| API Key ID | The auth id from Palo Alto Cortex XDR. |
| FQDN | The FQDN from Palo Alto Cortex XDR. It is the `baseUrl` part of `baseUrl/public_api/v1/{name of api}/{name of call}/` |

## Data Collected

### Metrics
### Logs

The Palo Alto Cortex XDR integration does not include any metrics.
The Palo Alto Cortex XDR integration collects and forwards Palo Alto Cortex XDR Incident and alert logs to Datadog.

### Service Checks
### Metrics

The Palo Alto Cortex XDR integration does not include any service checks.
The Palo Alto Cortex XDR integration does not include any metrics.

### Events

The Palo Alto Cortex XDR integration does not include any events.

## Troubleshooting
## Support

Need help? Contact [Datadog support][3].
For further assistance, contact [Datadog Support][2].

[1]: **LINK_TO_INTEGRATION_SITE**
[2]: https://app.datadoghq.com/account/settings#agent
[3]: https://docs.datadoghq.com/help/
[1]: https://docs-cortex.paloaltonetworks.com/p/XDR
[2]: https://docs.datadoghq.com/help/
Loading

0 comments on commit 387d0d7

Please sign in to comment.