Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AI-4769] DDS: Delinea Privilege Manager Integration V1.0.0 #19223

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

manan-crest
Copy link
Contributor

What does this PR do?

PR for a new integration Deliena Privilege Manager 1.0.0

Additional Notes

-- OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository .
-- Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current datadog behavior.

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Changelog entries must be created for modifications to shipped code
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@manan-crest manan-crest marked this pull request as ready for review December 11, 2024 06:04
@manan-crest manan-crest requested review from a team as code owners December 11, 2024 06:04
@torosmassa torosmassa changed the title DDS: Delinea Privilege Manager Integration V1.0.0 [AI-4769] DDS: Delinea Privilege Manager Integration V1.0.0 Dec 11, 2024
@drichards-87 drichards-87 self-assigned this Dec 11, 2024
@drichards-87
Copy link
Contributor

Created a Jira card for Docs Team editorial review.

@drichards-87 drichards-87 added the editorial review Waiting on a more in-depth review from a docs team editor label Dec 11, 2024
@drichards-87 drichards-87 removed their assignment Dec 11, 2024
@manan-crest
Copy link
Contributor Author

We have set the version to 7.60.0. If this is intended for any future release, please let us know, as an update will be necessary for this PR.

@drichards-87
Copy link
Contributor

@manan-crest Just checking to see if this is ready to be reviewed by the Docs Team.

@manan-crest
Copy link
Contributor Author

@manan-crest Just checking to see if this is ready to be reviewed by the Docs Team.

Yes

drichards-87
drichards-87 previously approved these changes Dec 20, 2024
Copy link
Contributor

@drichards-87 drichards-87 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some feedback from Docs and approved the PR.

This integration supports the following types of logs:
- **Application Action Events** : Application Action Events contain generic information about the application that ran, the policy that was triggered, the date and time stamp, the computer, and the user.
- **Application Justification Events** : Application Justification Events are generated when an application requiring a justification workflow is run by a user.
- **Bad Rated Application Action Events** : Bad Rated Application Action Events are generated when an application is being installed or executed, that is identified with a bad security rating.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- **Bad Rated Application Action Events** : Bad Rated Application Action Events are generated when an application is being installed or executed, that is identified with a bad security rating.
- **Bad Rated Application Action Events** : Bad Rated Application Action Events are generated when an application with a poor security rating is being installed or is executed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.

- **Newly Discovered File Events** : Newly Discovered File Events contain information about newly discovered files on the system.
- **Change History Events** : Change History Events contain information about any changes made in Delinea Privilege Manager.

Visualize detailed insights into these logs through the out-of-the-box dashboards. Additionally, it includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Visualize detailed insights into these logs through the out-of-the-box dashboards. Additionally, it includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security.
View detailed insights into these logs using the out-of-the-box dashboards. The integration also includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.


### Installation

To install the Delinea Privilege Manager integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management][4] documentation.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
To install the Delinea Privilege Manager integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management][4] documentation.
To install the Delinea Privilege Manager integration, run the following Agent installation command followed by the steps below. For more information, see the [Integration Management][4] documentation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.


To install the Delinea Privilege Manager integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management][4] documentation.

**Note**: This step is not necessary for Agent version >= 7.60.0.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
**Note**: This step is not necessary for Agent version >= 7.60.0.
**Note**: This step is not required for Agent version >= 7.60.0.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.


#### Log collection

1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the`datadog.yaml`:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the`datadog.yaml`:
1. By default, log collection is disabled in the Datadog Agent. To enable it, modify the `datadog.yaml` file:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.

1. After adding a new Syslog connection, to send logs to your Syslog Server, go to **Admin** > **Tasks**.
2. Expand the **Server Tasks** folder, then **Foreign Systems**, select **SysLog** and click **Create**.
3. From the **Template** drop-down, select the **Send Application Action Events to Syslog** template.
4. Add a **Name** for this task (set to **Application Action Events**) and **Event Name** (set to **Application Action Events**), and specify the **Event Severity**(0-Lowest, 10-Highest) or keep it as is.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
4. Add a **Name** for this task (set to **Application Action Events**) and **Event Name** (set to **Application Action Events**), and specify the **Event Severity**(0-Lowest, 10-Highest) or keep it as is.
4. Add a **Name** for this task (set to **Application Action Events**) and **Event Name** (set to **Application Action Events**), and specify the **Event Severity** (0-Lowest, 10-Highest), or keep it as is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.


**Note**: Do not alter the **Data source**, and ensure the **Replace spaces** toggle is disabled, as any changes to these parameters will directly impact the functionality of the Delinea Privilege Manager integration.

8. Once created, scroll down to the Schedule section, click on the **New Schedule** button. Provide below details:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
8. Once created, scroll down to the Schedule section, click on the **New Schedule** button. Provide below details:
8. Once created, scroll down to the Schedule section and click on the **New Schedule** button. Provide the following details:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.

1. Schedule Details:
- Provide **Schedule Name**.
2. Schedule:
1. For **Schedule Type** select **Shared Schedule** from the drop down.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. For **Schedule Type** select **Shared Schedule** from the drop down.
1. For **Schedule Type**, select **Shared Schedule** from the drop down.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.

- Provide **Schedule Name**.
2. Schedule:
1. For **Schedule Type** select **Shared Schedule** from the drop down.
2. For **Shared Schedule** select **Quarter-Hour** from the drop down.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. For **Shared Schedule** select **Quarter-Hour** from the drop down.
2. For **Shared Schedule**, select **Quarter-Hour** from the drop down.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.

2. Schedule:
1. For **Schedule Type** select **Shared Schedule** from the drop down.
2. For **Shared Schedule** select **Quarter-Hour** from the drop down.
9. Click on the **Save Changes** button available on the top right corner.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
9. Click on the **Save Changes** button available on the top right corner.
9. Click on the **Save Changes** button available on the upper-right corner of the page.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have updated as per suggestion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants