From d99cfac4a0ff1ca98b130186396eb446c05b16d4 Mon Sep 17 00:00:00 2001 From: surabhipatel_crest Date: Mon, 4 Nov 2024 14:59:58 +0530 Subject: [PATCH] Made changes in dashboard panels and in readme --- extrahop/README.md | 8 +- .../dashboards/extrahop_detections.json | 101 +++++++++--------- 2 files changed, 52 insertions(+), 57 deletions(-) diff --git a/extrahop/README.md b/extrahop/README.md index 7c65913c2e81b..1c1f73d830914 100644 --- a/extrahop/README.md +++ b/extrahop/README.md @@ -19,16 +19,14 @@ This integration seamlessly collects all the above listed logs, channeling them 2. Generate new Client ID and Client Secret. Click **Create Credentials** which is present at the bottom of the page under **Rest API Credentials** section. 3. On **System Settings** > **API Access** > **Rest API Credentials**, at the top right corner; Click **Create Credentials** Specify the settings of the new Client ID and Client Secret. - Name: A meaningful name that can help you identify the Client ID and Client Secret. - - System Access: The system access permission assigned to the ID and Secret. Select **System administration**. + - System Access: The system access permission assigned to the ID and Secret. Select **Full read-only**. - NDR Module Access: The NDR module access permission assigned to the ID and Secret. Select **Full Access**. - - NPM Module Access: The NPM module access permission assigned to the ID and Secret. Select **Full Access**. + - NPM Module Access: The NPM module access permission assigned to the ID and Secret. Select **No Access**. - Packet And Session Key Access: The packet and session key access permission assigned to the ID and Secret. Select **No Access**. 4. Click **Save**. 5. Copy and store **ID** and **Secret** in a secure location. -#### ExtraHop Datadog Integration Configuration - -Configure the Datadog endpoint to forward ExtraHop logs to Datadog. +#### Configure the Datadog endpoint to forward ExtraHop logs to Datadog 1. Navigate to `ExtraHop`. 2. Add your ExtraHop credentials. diff --git a/extrahop/assets/dashboards/extrahop_detections.json b/extrahop/assets/dashboards/extrahop_detections.json index 652a4c47d510e..14db3b93c05ac 100644 --- a/extrahop/assets/dashboards/extrahop_detections.json +++ b/extrahop/assets/dashboards/extrahop_detections.json @@ -758,18 +758,18 @@ "response_format": "scalar", "queries": [ { - "data_source": "logs", "name": "query1", + "data_source": "logs", + "search": { + "query": "source:extrahop service:detection @risk_status:critical" + }, "indexes": [ "*" ], - "compute": { - "aggregation": "cardinality", - "metric": "@id" - }, "group_by": [], - "search": { - "query": "source:extrahop service:detection @risk_status:critical" + "compute": { + "aggregation": "count", + "metric": "count" }, "storage": "hot" } @@ -811,18 +811,18 @@ "response_format": "scalar", "queries": [ { - "data_source": "logs", "name": "query1", + "data_source": "logs", + "search": { + "query": "source:extrahop service:detection @risk_status:warning" + }, "indexes": [ "*" ], - "compute": { - "aggregation": "cardinality", - "metric": "@id" - }, "group_by": [], - "search": { - "query": "source:extrahop service:detection @risk_status:warning" + "compute": { + "aggregation": "count", + "metric": "count" }, "storage": "hot" } @@ -863,18 +863,18 @@ "response_format": "scalar", "queries": [ { - "data_source": "logs", "name": "query1", + "data_source": "logs", + "search": { + "query": "source:extrahop service:detection @risk_status:info" + }, "indexes": [ "*" ], - "compute": { - "aggregation": "cardinality", - "metric": "@id" - }, "group_by": [], - "search": { - "query": "source:extrahop service:detection @risk_status:info" + "compute": { + "aggregation": "count", + "metric": "count" }, "storage": "hot" } @@ -1593,7 +1593,6 @@ "title": "Mitre Tactics Details", "title_size": "16", "title_align": "left", - "time": {}, "type": "query_table", "requests": [ { @@ -1753,7 +1752,6 @@ "title": "Mitre Techniques Details", "title_size": "16", "title_align": "left", - "time": {}, "type": "query_table", "requests": [ { @@ -2093,18 +2091,18 @@ "response_format": "scalar", "queries": [ { - "data_source": "logs", "name": "query1", + "data_source": "logs", + "search": { + "query": "source:extrahop service:investigation @status:open" + }, "indexes": [ "*" ], - "compute": { - "aggregation": "cardinality", - "metric": "@id" - }, "group_by": [], - "search": { - "query": "source:extrahop service:investigation @status:open" + "compute": { + "aggregation": "count", + "metric": "count" }, "storage": "hot" } @@ -2204,18 +2202,18 @@ "response_format": "scalar", "queries": [ { - "data_source": "logs", "name": "query1", + "data_source": "logs", + "search": { + "query": "source:extrahop service:investigation @status:in-progress" + }, "indexes": [ "*" ], - "compute": { - "aggregation": "cardinality", - "metric": "@id" - }, "group_by": [], - "search": { - "query": "source:extrahop service:investigation @status:in-progress" + "compute": { + "aggregation": "count", + "metric": "count" }, "storage": "hot" } @@ -2256,18 +2254,18 @@ "response_format": "scalar", "queries": [ { - "data_source": "logs", "name": "query1", + "data_source": "logs", + "search": { + "query": "source:extrahop service:investigation @status:closed" + }, "indexes": [ "*" ], - "compute": { - "aggregation": "cardinality", - "metric": "@id" - }, "group_by": [], - "search": { - "query": "source:extrahop service:investigation @status:closed" + "compute": { + "aggregation": "count", + "metric": "count" }, "storage": "hot" } @@ -2308,18 +2306,18 @@ "response_format": "scalar", "queries": [ { - "data_source": "logs", "name": "query1", + "data_source": "logs", + "search": { + "query": "source:extrahop service:investigation @is_user_created:true" + }, "indexes": [ "*" ], - "compute": { - "aggregation": "cardinality", - "metric": "@id" - }, "group_by": [], - "search": { - "query": "source:extrahop service:investigation @is_user_created:true" + "compute": { + "aggregation": "count", + "metric": "count" }, "storage": "hot" } @@ -2631,7 +2629,6 @@ "title": "Investigation Details", "title_size": "16", "title_align": "left", - "time": {}, "type": "query_table", "requests": [ {