Skip to content

Commit

Permalink
DDSaaS: LastPass: Dashboard Image & Log Pipeline modified (#18780)
Browse files Browse the repository at this point in the history 
* Lastpass Crawler integration without Assets

* README file modified

* Lastpass Crawler integration with assets

* Resolved assets error by adding results

* Images resolution corrected

* Dummy commit to re-run checks

* Pipeline re-formatted and dashboard links removed.

* Updated pipeline results to resolve logs

* Pipeline test comments removed & SVG file added

* Review feedbacks incorporated

* Typo corrected

* Added grok parser for vault item activity logs and related tests

* Resolved pipeline tests check failures

* Corrected a grok parser query

* title and source_type_name changed to natural case

* Updated dashboard images

* display on public website set to false

* modified dashboard image

* quote added in matchrules.

* sample added

* test result added

---------

Co-authored-by: Thibault Krebs <[email protected]>
Co-authored-by: Mauneel Sorathia <[email protected]>
Co-authored-by: Raj Shah <[email protected]>
  • Loading branch information
@bparmar-crest @thibaultkrebs
@mauneelsorathia-crest @rajshah-crest
4 people authored Oct 17, 2024
1 parent 725e35e commit 4a76ba6
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 11 deletions.
16 changes: 8 additions & 8 deletions .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -284,10 +284,10 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi
/mailchimp/*.md @DataDog/saas-integrations @DataDog/documentation
/mailchimp/manifest.json @DataDog/saas-integrations @DataDog/documentation

/mimecast/ @DataDog/saas-integrations
/mimecast/*.md @DataDog/saas-integrations @DataDog/documentation
/mimecast/manifest.json @DataDog/saas-integrations @DataDog/documentation
/mimecast/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend
/mimecast/ @DataDog/saas-integrations
/mimecast/*.md @DataDog/saas-integrations @DataDog/documentation
/mimecast/manifest.json @DataDog/saas-integrations @DataDog/documentation
/mimecast/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend

/palo_alto_cortex_xdr/ @DataDog/saas-integrations
/palo_alto_cortex_xdr/*.md @DataDog/saas-integrations @DataDog/documentation
Expand Down Expand Up @@ -329,10 +329,10 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi
/ringcentral/metadata.csv @DataDog/saas-integrations @DataDog/documentation
/ringcentral/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend

/trend_micro_email_security/ @DataDog/saas-integrations
/trend_micro_email_security/*.md @DataDog/saas-integrations @DataDog/documentation
/trend_micro_email_security/manifest.json @DataDog/saas-integrations @DataDog/documentation
/trend_micro_email_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend
/trend_micro_email_security/ @DataDog/saas-integrations
/trend_micro_email_security/*.md @DataDog/saas-integrations @DataDog/documentation
/trend_micro_email_security/manifest.json @DataDog/saas-integrations @DataDog/documentation
/trend_micro_email_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend

/trellix_endpoint_security/ @DataDog/saas-integrations
/trellix_endpoint_security/*.md @DataDog/saas-integrations @DataDog/documentation
Expand Down
4 changes: 2 additions & 2 deletions lastpass/assets/logs/lastpass.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ pipeline:
samples:
- Testing_data
- "VID: 8931324857103585383 to Testing_data"
- "'Testing_data' '[email protected]' 'Read only:no Admin:yes Hide PW:yes"
- "'Testing_data' '[email protected]' 'Read only:no Admin:yes Hide PW:yes'"
- "'Testing_data' '[email protected]'"
- "VID: 4364210409355695795"
grok:
Expand All @@ -149,7 +149,7 @@ pipeline:
\'%{notSpace:shared_folder.modified_user}\' \'Read
only\:%{word:shared_folder.permissions.read_only}
Admin\:%{word:shared_folder.permissions.is_admin} Hide
PW\:%{word:shared_folder.permissions.hide_password}
PW\:%{word:shared_folder.permissions.hide_password}\'
move_to VID\: %{numberStr:shared_folder.VID} to %{greedyData:shared_folder.name}
Expand Down
42 changes: 41 additions & 1 deletion lastpass/assets/logs/lastpass_tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,4 +526,44 @@ tests:
"timestamp" : 1.722921377E12
}
tags:
- "source:LOGS_SOURCE"
- "source:LOGS_SOURCE"
- sample: |-
{
"Action" : "Update folder permissions",
"Username" : "[email protected]",
"Time" : "2024-08-06 05:16:17",
"Data" : "'SF5' '[email protected]' 'Read only:yes Admin:yes Hide PW:yes'",
"IP_Address" : "10.10.10.10",
"timestamp" : 1.722921377E12
}
result:
custom:
Data: "'SF5' '[email protected]' 'Read only:yes Admin:yes Hide PW:yes'"
Time: "2024-08-06 05:16:17"
evt:
name: "Update folder permissions"
network:
client:
geoip: {}
ip: "10.10.10.10"
shared_folder:
modified_user: "[email protected]"
name: "SF5"
permissions:
hide_password: "yes"
is_admin: "yes"
read_only: "yes"
timestamp: 1.722921377E12
usr:
name: "[email protected]"
message: |-
{
"Action" : "Update folder permissions",
"Username" : "[email protected]",
"Time" : "2024-08-06 05:16:17",
"Data" : "'SF5' '[email protected]' 'Read only:yes Admin:yes Hide PW:yes'",
"IP_Address" : "10.10.10.10",
"timestamp" : 1.722921377E12
}
tags:
- "source:LOGS_SOURCE"
Binary file modified lastpass/images/lastpass_reporting_events_3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 4a76ba6

Please sign in to comment.