updated vanta assets and sample logs

bhargavnariyanicrest · Dec 6, 2024 · 8fbb765 · 8fbb765
1 parent 9fc7cd4
commit 8fbb765
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 175 deletions.
diff --git a/vanta/README.md b/vanta/README.md
@@ -31,9 +31,10 @@ Vanta integration requires a Vanta account and its Client Id, and Client Secret.
 4. Specify the following details for the new application and click on **Create**.
     * **Name**: Enter a descriptive name for your application.
     * **Description**: Provide a brief overview of your application.
-    * **App Type**: Select `Manage Vanta` type.
-5. From the **Application Info**, Click on **Generate client secret** button to obtain the client secret.
-6. Copy **Client ID** and **Client secret** for configuration.
+    * **App Type**: Select **Manage Vanta** 
+5. Navigate to the **Application Info** section for the Client ID.
+6. Click on **Generate client secret** for the Client secret.
+
 
 #### Add Vanta Credentials
 
@@ -44,11 +45,11 @@ Vanta integration requires a Vanta account and its Client Id, and Client Secret.
 
 ### Logs 
 
-The Vanta integration collects and forward Vulnerabilities logs to Datadog.
+The Vanta integration collects and forwards Vulnerabilities logs to Datadog.
 
 ### Metrics
 
-The Vanta integration collects and forward Frameworks metrics to Datadog.
+The Vanta integration collects and forwards Frameworks metrics to Datadog.
 
 {{< get-metrics-from-git "vanta" >}}
 

diff --git a/vanta/assets/dashboards/vanta_framework_analytics.json b/vanta/assets/dashboards/vanta_framework_analytics.json
@@ -25,7 +25,7 @@
             "id": 6093292215781214,
             "definition": {
                 "type": "note",
-                "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard offers insights into different framework analytics such as completed controls, passing documents, and successful tests.\n\n**Note**:\n- The dashboard widgets display the latest analytics collected for the frameworks.\n\n**Tips:**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).",
+                "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard offers insights into different framework analytics such as completed controls, passing documents, and successful tests.\n\n**Note**:\n- The dashboard widgets display the latest analytics collected for the frameworks.\n\n**Tip:**\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).",
                 "background_color": "purple",
                 "font_size": "14",
                 "text_align": "left",

diff --git a/vanta/assets/dashboards/vanta_vulnerability_overview.json b/vanta/assets/dashboards/vanta_vulnerability_overview.json
@@ -25,7 +25,7 @@
             "id": 5400480088967578,
             "definition": {
                 "type": "note",
-                "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard provides insights into vulnerabilities that have not been remediated and have exceeded their SLA deadlines\n\n**Tips:**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).",
+                "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard provides insights into vulnerabilities that have not been remediated and have exceeded their SLA deadlines\n\n**Tips:**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).",
                 "background_color": "purple",
                 "font_size": "14",
                 "text_align": "left",

diff --git a/vanta/assets/logs/vanta_tests.yaml b/vanta/assets/logs/vanta_tests.yaml
@@ -1,169 +1,8 @@
-id: "vanta"
+id: vanta
 tests:
- -
-  sample: |-
-    {
-      "asset_info" : {
-        "hasBeenScanned" : true,
-        "name" : "clw238-test: Windows11",
-        "id" : "67123809af3911111135aa26",
-        "assetType" : "WORKSTATION"
-      },
-      "vulnerability_info" : {
-        "severity" : "CRITICAL",
-        "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities",
-        "targetId" : "67123809af3911111135aa26",
-        "isFixable" : true,
-        "remediateByDate" : "2024-10-22T08:14:27.181Z",
-        "description" : "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system.",
-        "integrationId" : "microsoft_365_defender",
-        "firstDetectedDate" : "2024-10-18T10:27:45.642Z",
-        "scanSource" : "Not provided",
-        "cvssSeverityScore" : 9,
-        "deactivateMetadata" : {
-          "deactivationReason" : "test",
-          "deactivatedOnDate" : "2024-10-23T10:26:42.880Z",
-          "isVulnDeactivatedIndefinitely" : true,
-          "deactivatedBy" : "671220f0d70mbve18c0ebca8"
-        },
-        "name" : "CVE-2019-2699",
-        "packageIdentifier" : "jre:8.0.2020.8",
-        "id" : "671238azxf205f2660bfa438",
-        "vulnerabilityType" : "COMMON"
-      }
-    }
-  result:
-    custom:
-      asset_info:
-        assetType: "WORKSTATION"
-        hasBeenScanned: true
-        id: "67123809af3911111135aa26"
-        name: "clw238-test: Windows11"
-      vulnerability_info:
-        cvssSeverityScore: 9
-        deactivateMetadata:
-          deactivatedBy: "671220f0d70mbve18c0ebca8"
-          deactivatedOnDate: "2024-10-23T10:26:42.880Z"
-          deactivationReason: "test"
-          isVulnDeactivatedIndefinitely: true
-        description: "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system."
-        externalURL: "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities"
-        firstDetectedDate: "2024-10-18T10:27:45.642Z"
-        id: "671238azxf205f2660bfa438"
-        integrationId: "microsoft_365_defender"
-        isFixable: true
-        name: "CVE-2019-2699"
-        packageIdentifier: "jre:8.0.2020.8"
-        remediateByDate: "2024-10-22T08:14:27.181Z"
-        scanSource: "Not provided"
-        severity: "CRITICAL"
-        targetId: "67123809af3911111135aa26"
-        vulnerabilityType: "COMMON"
-    message: |-
-      {
-        "asset_info" : {
-          "hasBeenScanned" : true,
-          "name" : "clw238-test: Windows11",
-          "id" : "67123809af3911111135aa26",
-          "assetType" : "WORKSTATION"
-        },
-        "vulnerability_info" : {
-          "severity" : "CRITICAL",
-          "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities",
-          "targetId" : "67123809af3911111135aa26",
-          "isFixable" : true,
-          "remediateByDate" : "2024-10-22T08:14:27.181Z",
-          "description" : "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system.",
-          "integrationId" : "microsoft_365_defender",
-          "firstDetectedDate" : "2024-10-18T10:27:45.642Z",
-          "scanSource" : "Not provided",
-          "cvssSeverityScore" : 9,
-          "deactivateMetadata" : {
-            "deactivationReason" : "test",
-            "deactivatedOnDate" : "2024-10-23T10:26:42.880Z",
-            "isVulnDeactivatedIndefinitely" : true,
-            "deactivatedBy" : "671220f0d70mbve18c0ebca8"
-          },
-          "name" : "CVE-2019-2699",
-          "packageIdentifier" : "jre:8.0.2020.8",
-          "id" : "671238azxf205f2660bfa438",
-          "vulnerabilityType" : "COMMON"
-        }
-      }
-    tags:
-     - "source:LOGS_SOURCE"
- -
-  sample: |-
-    {
-      "asset_info" : {
-        "hasBeenScanned" : true,
-        "name" : "clw238-test: Windows11",
-        "id" : "67123809af3911111135aa26",
-        "assetType" : "WORKSTATION"
-      },
-      "vulnerability_info" : {
-        "severity" : "HIGH",
-        "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities",
-        "targetId" : "67123809af3911111135aa26",
-        "isFixable" : true,
-        "remediateByDate" : "2024-10-22T08:20:08.076Z",
-        "description" : "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems.",
-        "integrationId" : "microsoft_365_defender",
-        "firstDetectedDate" : "2024-10-18T10:27:44.738Z",
-        "scanSource" : "Not provided",
-        "cvssSeverityScore" : 8.8,
-        "name" : "CVE-2023-42950",
-        "packageIdentifier" : "jre:8.0.2020.8",
-        "id" : "671238plof205f2660bf7f87",
-        "vulnerabilityType" : "COMMON"
-      }
-    }
-  result:
-    custom:
-      asset_info:
-        assetType: "WORKSTATION"
-        hasBeenScanned: true
-        id: "67123809af3911111135aa26"
-        name: "clw238-test: Windows11"
-      vulnerability_info:
-        cvssSeverityScore: 8.8
-        description: "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems."
-        externalURL: "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities"
-        firstDetectedDate: "2024-10-18T10:27:44.738Z"
-        id: "671238plof205f2660bf7f87"
-        integrationId: "microsoft_365_defender"
-        isFixable: true
-        name: "CVE-2023-42950"
-        packageIdentifier: "jre:8.0.2020.8"
-        remediateByDate: "2024-10-22T08:20:08.076Z"
-        scanSource: "Not provided"
-        severity: "HIGH"
-        targetId: "67123809af3911111135aa26"
-        vulnerabilityType: "COMMON"
-    message: |-
-      {
-        "asset_info" : {
-          "hasBeenScanned" : true,
-          "name" : "clw238-test: Windows11",
-          "id" : "67123809af3911111135aa26",
-          "assetType" : "WORKSTATION"
-        },
-        "vulnerability_info" : {
-          "severity" : "HIGH",
-          "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities",
-          "targetId" : "67123809af3911111135aa26",
-          "isFixable" : true,
-          "remediateByDate" : "2024-10-22T08:20:08.076Z",
-          "description" : "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems.",
-          "integrationId" : "microsoft_365_defender",
-          "firstDetectedDate" : "2024-10-18T10:27:44.738Z",
-          "scanSource" : "Not provided",
-          "cvssSeverityScore" : 8.8,
-          "name" : "CVE-2023-42950",
-          "packageIdentifier" : "jre:8.0.2020.8",
-          "id" : "671238plof205f2660bf7f87",
-          "vulnerabilityType" : "COMMON"
-        }
-      }
-    tags:
-     - "source:LOGS_SOURCE"
+  - sample: '{ "vulnerability_info": { "id": "671238azxf205f2660bfa438", "name": "CVE-2019-2699", "description": "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system.", "integrationId": "microsoft_365_defender", "packageIdentifier": "jre:8.0.2020.8", "vulnerabilityType": "COMMON", "targetId": "67123809af3911111135aa26", "firstDetectedDate": "2024-10-18T10:27:45.642Z", "sourceDetectedDate": null, "lastDetectedDate": null, "severity": "CRITICAL", "cvssSeverityScore": 9, "scannerScore": null, "isFixable": true, "remediateByDate": "2024-10-22T08:14:27.181Z", "relatedVulns": [], "relatedUrls": [], "externalURL": "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", "scanSource": "Not provided", "deactivateMetadata": { "deactivatedBy": "671220f0d70mbve18c0ebca8", "deactivatedOnDate": "2024-10-23T10:26:42.880Z", "deactivationReason": "test", "deactivatedUntilDate": null, "isVulnDeactivatedIndefinitely": true } }, "asset_info": { "id": "67123809af3911111135aa26", "name": "clw238-test: Windows11", "assetType": "WORKSTATION", "hasBeenScanned": true } }'
+    service: "vulnerability"
+    result: null
+  - sample: '{ "vulnerability_info": { "id": "671238plof205f2660bf7f87", "name": "CVE-2023-42950", "description": "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems.", "integrationId": "microsoft_365_defender", "packageIdentifier": "jre:8.0.2020.8", "vulnerabilityType": "COMMON", "targetId": "67123809af3911111135aa26", "firstDetectedDate": "2024-10-18T10:27:44.738Z", "sourceDetectedDate": null, "lastDetectedDate": null, "severity": "HIGH", "cvssSeverityScore": 8.8, "scannerScore": null, "isFixable": true, "remediateByDate": "2024-10-22T08:20:08.076Z", "relatedVulns": [], "relatedUrls": [], "externalURL": "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", "scanSource": "Not provided", "deactivateMetadata": null }, "asset_info": { "id": "67123809af3911111135aa26", "name": "clw238-test: Windows11", "assetType": "WORKSTATION", "hasBeenScanned": true } }'
+    service: "vulnerability"
+    result: null