From 8fbb76557e64a22d918ff46304c3c81cd87c7d67 Mon Sep 17 00:00:00 2001 From: akaila-crest Date: Fri, 6 Dec 2024 19:23:38 +0530 Subject: [PATCH] updated vanta assets and sample logs --- vanta/README.md | 11 +- .../dashboards/vanta_framework_analytics.json | 2 +- .../vanta_vulnerability_overview.json | 2 +- vanta/assets/logs/vanta_tests.yaml | 175 +----------------- 4 files changed, 15 insertions(+), 175 deletions(-) diff --git a/vanta/README.md b/vanta/README.md index 349d7010b277e..c5681d40c503e 100644 --- a/vanta/README.md +++ b/vanta/README.md @@ -31,9 +31,10 @@ Vanta integration requires a Vanta account and its Client Id, and Client Secret. 4. Specify the following details for the new application and click on **Create**. * **Name**: Enter a descriptive name for your application. * **Description**: Provide a brief overview of your application. - * **App Type**: Select `Manage Vanta` type. -5. From the **Application Info**, Click on **Generate client secret** button to obtain the client secret. -6. Copy **Client ID** and **Client secret** for configuration. + * **App Type**: Select **Manage Vanta** +5. Navigate to the **Application Info** section for the Client ID. +6. Click on **Generate client secret** for the Client secret. + #### Add Vanta Credentials @@ -44,11 +45,11 @@ Vanta integration requires a Vanta account and its Client Id, and Client Secret. ### Logs -The Vanta integration collects and forward Vulnerabilities logs to Datadog. +The Vanta integration collects and forwards Vulnerabilities logs to Datadog. ### Metrics -The Vanta integration collects and forward Frameworks metrics to Datadog. +The Vanta integration collects and forwards Frameworks metrics to Datadog. {{< get-metrics-from-git "vanta" >}} diff --git a/vanta/assets/dashboards/vanta_framework_analytics.json b/vanta/assets/dashboards/vanta_framework_analytics.json index c28de784f8032..c68c38b7f54f4 100644 --- a/vanta/assets/dashboards/vanta_framework_analytics.json +++ b/vanta/assets/dashboards/vanta_framework_analytics.json @@ -25,7 +25,7 @@ "id": 6093292215781214, "definition": { "type": "note", - "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard offers insights into different framework analytics such as completed controls, passing documents, and successful tests.\n\n**Note**:\n- The dashboard widgets display the latest analytics collected for the frameworks.\n\n**Tips:**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).", + "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard offers insights into different framework analytics such as completed controls, passing documents, and successful tests.\n\n**Note**:\n- The dashboard widgets display the latest analytics collected for the frameworks.\n\n**Tip:**\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).", "background_color": "purple", "font_size": "14", "text_align": "left", diff --git a/vanta/assets/dashboards/vanta_vulnerability_overview.json b/vanta/assets/dashboards/vanta_vulnerability_overview.json index c8dcdfcd2c4ea..5037ce2b510d8 100644 --- a/vanta/assets/dashboards/vanta_vulnerability_overview.json +++ b/vanta/assets/dashboards/vanta_vulnerability_overview.json @@ -25,7 +25,7 @@ "id": 5400480088967578, "definition": { "type": "note", - "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard provides insights into vulnerabilities that have not been remediated and have exceeded their SLA deadlines\n\n**Tips:**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).", + "content": "[Vanta](https://www.vanta.com/) is a compliance automation tool that assists businesses in obtaining security certifications and identifying vulnerabilities. It streamlines compliance processes through automation, making monitoring and documentation easier to establish solid security practices.\n\nThis dashboard provides insights into vulnerabilities that have not been remediated and have exceeded their SLA deadlines\n\n**Tips:**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n\n\nFor more information, see the [Vanta Integration Documentation](https://docs.datadoghq.com/integrations/vanta/).", "background_color": "purple", "font_size": "14", "text_align": "left", diff --git a/vanta/assets/logs/vanta_tests.yaml b/vanta/assets/logs/vanta_tests.yaml index 6b161fdab10d9..171ad162b37db 100644 --- a/vanta/assets/logs/vanta_tests.yaml +++ b/vanta/assets/logs/vanta_tests.yaml @@ -1,169 +1,8 @@ -id: "vanta" +id: vanta tests: - - - sample: |- - { - "asset_info" : { - "hasBeenScanned" : true, - "name" : "clw238-test: Windows11", - "id" : "67123809af3911111135aa26", - "assetType" : "WORKSTATION" - }, - "vulnerability_info" : { - "severity" : "CRITICAL", - "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", - "targetId" : "67123809af3911111135aa26", - "isFixable" : true, - "remediateByDate" : "2024-10-22T08:14:27.181Z", - "description" : "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system.", - "integrationId" : "microsoft_365_defender", - "firstDetectedDate" : "2024-10-18T10:27:45.642Z", - "scanSource" : "Not provided", - "cvssSeverityScore" : 9, - "deactivateMetadata" : { - "deactivationReason" : "test", - "deactivatedOnDate" : "2024-10-23T10:26:42.880Z", - "isVulnDeactivatedIndefinitely" : true, - "deactivatedBy" : "671220f0d70mbve18c0ebca8" - }, - "name" : "CVE-2019-2699", - "packageIdentifier" : "jre:8.0.2020.8", - "id" : "671238azxf205f2660bfa438", - "vulnerabilityType" : "COMMON" - } - } - result: - custom: - asset_info: - assetType: "WORKSTATION" - hasBeenScanned: true - id: "67123809af3911111135aa26" - name: "clw238-test: Windows11" - vulnerability_info: - cvssSeverityScore: 9 - deactivateMetadata: - deactivatedBy: "671220f0d70mbve18c0ebca8" - deactivatedOnDate: "2024-10-23T10:26:42.880Z" - deactivationReason: "test" - isVulnDeactivatedIndefinitely: true - description: "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system." - externalURL: "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities" - firstDetectedDate: "2024-10-18T10:27:45.642Z" - id: "671238azxf205f2660bfa438" - integrationId: "microsoft_365_defender" - isFixable: true - name: "CVE-2019-2699" - packageIdentifier: "jre:8.0.2020.8" - remediateByDate: "2024-10-22T08:14:27.181Z" - scanSource: "Not provided" - severity: "CRITICAL" - targetId: "67123809af3911111135aa26" - vulnerabilityType: "COMMON" - message: |- - { - "asset_info" : { - "hasBeenScanned" : true, - "name" : "clw238-test: Windows11", - "id" : "67123809af3911111135aa26", - "assetType" : "WORKSTATION" - }, - "vulnerability_info" : { - "severity" : "CRITICAL", - "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", - "targetId" : "67123809af3911111135aa26", - "isFixable" : true, - "remediateByDate" : "2024-10-22T08:14:27.181Z", - "description" : "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system.", - "integrationId" : "microsoft_365_defender", - "firstDetectedDate" : "2024-10-18T10:27:45.642Z", - "scanSource" : "Not provided", - "cvssSeverityScore" : 9, - "deactivateMetadata" : { - "deactivationReason" : "test", - "deactivatedOnDate" : "2024-10-23T10:26:42.880Z", - "isVulnDeactivatedIndefinitely" : true, - "deactivatedBy" : "671220f0d70mbve18c0ebca8" - }, - "name" : "CVE-2019-2699", - "packageIdentifier" : "jre:8.0.2020.8", - "id" : "671238azxf205f2660bfa438", - "vulnerabilityType" : "COMMON" - } - } - tags: - - "source:LOGS_SOURCE" - - - sample: |- - { - "asset_info" : { - "hasBeenScanned" : true, - "name" : "clw238-test: Windows11", - "id" : "67123809af3911111135aa26", - "assetType" : "WORKSTATION" - }, - "vulnerability_info" : { - "severity" : "HIGH", - "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", - "targetId" : "67123809af3911111135aa26", - "isFixable" : true, - "remediateByDate" : "2024-10-22T08:20:08.076Z", - "description" : "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems.", - "integrationId" : "microsoft_365_defender", - "firstDetectedDate" : "2024-10-18T10:27:44.738Z", - "scanSource" : "Not provided", - "cvssSeverityScore" : 8.8, - "name" : "CVE-2023-42950", - "packageIdentifier" : "jre:8.0.2020.8", - "id" : "671238plof205f2660bf7f87", - "vulnerabilityType" : "COMMON" - } - } - result: - custom: - asset_info: - assetType: "WORKSTATION" - hasBeenScanned: true - id: "67123809af3911111135aa26" - name: "clw238-test: Windows11" - vulnerability_info: - cvssSeverityScore: 8.8 - description: "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems." - externalURL: "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities" - firstDetectedDate: "2024-10-18T10:27:44.738Z" - id: "671238plof205f2660bf7f87" - integrationId: "microsoft_365_defender" - isFixable: true - name: "CVE-2023-42950" - packageIdentifier: "jre:8.0.2020.8" - remediateByDate: "2024-10-22T08:20:08.076Z" - scanSource: "Not provided" - severity: "HIGH" - targetId: "67123809af3911111135aa26" - vulnerabilityType: "COMMON" - message: |- - { - "asset_info" : { - "hasBeenScanned" : true, - "name" : "clw238-test: Windows11", - "id" : "67123809af3911111135aa26", - "assetType" : "WORKSTATION" - }, - "vulnerability_info" : { - "severity" : "HIGH", - "externalURL" : "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", - "targetId" : "67123809af3911111135aa26", - "isFixable" : true, - "remediateByDate" : "2024-10-22T08:20:08.076Z", - "description" : "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems.", - "integrationId" : "microsoft_365_defender", - "firstDetectedDate" : "2024-10-18T10:27:44.738Z", - "scanSource" : "Not provided", - "cvssSeverityScore" : 8.8, - "name" : "CVE-2023-42950", - "packageIdentifier" : "jre:8.0.2020.8", - "id" : "671238plof205f2660bf7f87", - "vulnerabilityType" : "COMMON" - } - } - tags: - - "source:LOGS_SOURCE" \ No newline at end of file + - sample: '{ "vulnerability_info": { "id": "671238azxf205f2660bfa438", "name": "CVE-2019-2699", "description": "If this vulnerability is exploited, it can lead to the takeover of Java SE, compromising the confidentiality, integrity, and availability of the system. Attackers can potentially gain unauthorized access and control over the affected system.", "integrationId": "microsoft_365_defender", "packageIdentifier": "jre:8.0.2020.8", "vulnerabilityType": "COMMON", "targetId": "67123809af3911111135aa26", "firstDetectedDate": "2024-10-18T10:27:45.642Z", "sourceDetectedDate": null, "lastDetectedDate": null, "severity": "CRITICAL", "cvssSeverityScore": 9, "scannerScore": null, "isFixable": true, "remediateByDate": "2024-10-22T08:14:27.181Z", "relatedVulns": [], "relatedUrls": [], "externalURL": "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", "scanSource": "Not provided", "deactivateMetadata": { "deactivatedBy": "671220f0d70mbve18c0ebca8", "deactivatedOnDate": "2024-10-23T10:26:42.880Z", "deactivationReason": "test", "deactivatedUntilDate": null, "isVulnDeactivatedIndefinitely": true } }, "asset_info": { "id": "67123809af3911111135aa26", "name": "clw238-test: Windows11", "assetType": "WORKSTATION", "hasBeenScanned": true } }' + service: "vulnerability" + result: null + - sample: '{ "vulnerability_info": { "id": "671238plof205f2660bf7f87", "name": "CVE-2023-42950", "description": "If these vulnerabilities are exploited, remote attackers could execute arbitrary code on the affected systems. This could lead to various consequences, including unauthorized access, data theft, system compromise, and potential takeover of the affected systems.", "integrationId": "microsoft_365_defender", "packageIdentifier": "jre:8.0.2020.8", "vulnerabilityType": "COMMON", "targetId": "67123809af3911111135aa26", "firstDetectedDate": "2024-10-18T10:27:44.738Z", "sourceDetectedDate": null, "lastDetectedDate": null, "severity": "HIGH", "cvssSeverityScore": 8.8, "scannerScore": null, "isFixable": true, "remediateByDate": "2024-10-22T08:20:08.076Z", "relatedVulns": [], "relatedUrls": [], "externalURL": "https://security.microsoft.com/machines/v2/ababamnbfresd23aasdf/vulnerabilities", "scanSource": "Not provided", "deactivateMetadata": null }, "asset_info": { "id": "67123809af3911111135aa26", "name": "clw238-test: Windows11", "assetType": "WORKSTATION", "hasBeenScanned": true } }' + service: "vulnerability" + result: null \ No newline at end of file