-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AI-4769] DDS: Delinea Privilege Manager Integration V1.0.0 #19223
base: master
Are you sure you want to change the base?
[AI-4769] DDS: Delinea Privilege Manager Integration V1.0.0 #19223
Conversation
Created a Jira card for Docs Team editorial review. |
We have set the version to 7.60.0. If this is intended for any future release, please let us know, as an update will be necessary for this PR. |
@manan-crest Just checking to see if this is ready to be reviewed by the Docs Team. |
Yes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some feedback from Docs and approved the PR.
delinea_privilege_manager/README.md
Outdated
This integration supports the following types of logs: | ||
- **Application Action Events** : Application Action Events contain generic information about the application that ran, the policy that was triggered, the date and time stamp, the computer, and the user. | ||
- **Application Justification Events** : Application Justification Events are generated when an application requiring a justification workflow is run by a user. | ||
- **Bad Rated Application Action Events** : Bad Rated Application Action Events are generated when an application is being installed or executed, that is identified with a bad security rating. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- **Bad Rated Application Action Events** : Bad Rated Application Action Events are generated when an application is being installed or executed, that is identified with a bad security rating. | |
- **Bad Rated Application Action Events** : Bad Rated Application Action Events are generated when an application with a poor security rating is being installed or is executed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
- **Newly Discovered File Events** : Newly Discovered File Events contain information about newly discovered files on the system. | ||
- **Change History Events** : Change History Events contain information about any changes made in Delinea Privilege Manager. | ||
|
||
Visualize detailed insights into these logs through the out-of-the-box dashboards. Additionally, it includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Visualize detailed insights into these logs through the out-of-the-box dashboards. Additionally, it includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security. | |
View detailed insights into these logs using the out-of-the-box dashboards. The integration also includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
|
||
### Installation | ||
|
||
To install the Delinea Privilege Manager integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management][4] documentation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To install the Delinea Privilege Manager integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management][4] documentation. | |
To install the Delinea Privilege Manager integration, run the following Agent installation command followed by the steps below. For more information, see the [Integration Management][4] documentation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
|
||
To install the Delinea Privilege Manager integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management][4] documentation. | ||
|
||
**Note**: This step is not necessary for Agent version >= 7.60.0. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**Note**: This step is not necessary for Agent version >= 7.60.0. | |
**Note**: This step is not required for Agent version >= 7.60.0. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
|
||
#### Log collection | ||
|
||
1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the`datadog.yaml`: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the`datadog.yaml`: | |
1. By default, log collection is disabled in the Datadog Agent. To enable it, modify the `datadog.yaml` file: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
1. After adding a new Syslog connection, to send logs to your Syslog Server, go to **Admin** > **Tasks**. | ||
2. Expand the **Server Tasks** folder, then **Foreign Systems**, select **SysLog** and click **Create**. | ||
3. From the **Template** drop-down, select the **Send Application Action Events to Syslog** template. | ||
4. Add a **Name** for this task (set to **Application Action Events**) and **Event Name** (set to **Application Action Events**), and specify the **Event Severity**(0-Lowest, 10-Highest) or keep it as is. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
4. Add a **Name** for this task (set to **Application Action Events**) and **Event Name** (set to **Application Action Events**), and specify the **Event Severity**(0-Lowest, 10-Highest) or keep it as is. | |
4. Add a **Name** for this task (set to **Application Action Events**) and **Event Name** (set to **Application Action Events**), and specify the **Event Severity** (0-Lowest, 10-Highest), or keep it as is. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
|
||
**Note**: Do not alter the **Data source**, and ensure the **Replace spaces** toggle is disabled, as any changes to these parameters will directly impact the functionality of the Delinea Privilege Manager integration. | ||
|
||
8. Once created, scroll down to the Schedule section, click on the **New Schedule** button. Provide below details: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
8. Once created, scroll down to the Schedule section, click on the **New Schedule** button. Provide below details: | |
8. Once created, scroll down to the Schedule section and click on the **New Schedule** button. Provide the following details: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
1. Schedule Details: | ||
- Provide **Schedule Name**. | ||
2. Schedule: | ||
1. For **Schedule Type** select **Shared Schedule** from the drop down. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. For **Schedule Type** select **Shared Schedule** from the drop down. | |
1. For **Schedule Type**, select **Shared Schedule** from the drop down. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
- Provide **Schedule Name**. | ||
2. Schedule: | ||
1. For **Schedule Type** select **Shared Schedule** from the drop down. | ||
2. For **Shared Schedule** select **Quarter-Hour** from the drop down. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. For **Shared Schedule** select **Quarter-Hour** from the drop down. | |
2. For **Shared Schedule**, select **Quarter-Hour** from the drop down. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
delinea_privilege_manager/README.md
Outdated
2. Schedule: | ||
1. For **Schedule Type** select **Shared Schedule** from the drop down. | ||
2. For **Shared Schedule** select **Quarter-Hour** from the drop down. | ||
9. Click on the **Save Changes** button available on the top right corner. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
9. Click on the **Save Changes** button available on the top right corner. | |
9. Click on the **Save Changes** button available on the upper-right corner of the page. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have updated as per suggestion.
What does this PR do?
PR for a new integration Deliena Privilege Manager 1.0.0
Additional Notes
-- OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository .
-- Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current datadog behavior.
Review checklist (to be filled by reviewers)
qa/skip-qa
label if the PR doesn't need to be tested during QA.backport/<branch-name>
label to the PR and it will automatically open a backport PR once this one is merged