[SIEMINT-69] DDS: Cisco Secure Endpoint: Crawler Integration v1.0.0 (#…

…17958) * Cisco Secure Endpoint: Crawler Integration v1.0.0 * Made changes for validation checks failure * Changed images folder path * Updated dashboard * Renamed log files * Resolved validate log errors * Updated README and manifest * Updated as per PR review comments * Added changes as per PR comments * Updated title as per Cisco Secure Endpoint without Assets PR * Updated as per PR review * Updated test.yaml * made changes for event type in test.yaml * Added changes in test pipeline * Updated test pipeline file * Update: display_on_public_website from False to True * Update: Review comments for dashboards * Update: change dashboard images as per updated dashboards. * Update: dashboard and pipeline * Update: Add pipeline results * updated menifest.json file. * One More * Added disclaimer and changed title --------- Co-authored-by: manan-crest <manan.goria@crestdata.ai> Co-authored-by: madhavpandya-crest <madhav.pandya@crestdata.ai> Co-authored-by: Austin Lai <76412946+alai97@users.noreply.github.com>
DataDog · Sep 24, 2024 · aa565a1 · aa565a1
1 parent bd4f89b
commit aa565a1
Show file tree

Hide file tree

Showing 9 changed files with 4,283 additions and 24 deletions.
diff --git a/cisco_secure_endpoint/README.md b/cisco_secure_endpoint/README.md
@@ -1,42 +1,66 @@
-# Agent Check: cisco_secure_endpoint
-
 ## Overview
 
-This check monitors [Cisco Secure Endpoint][1].
+[Cisco Secure Endpoint][1] is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. Cisco Secure Endpoint can detect and neutralize malicious activity in real time, ensuring robust protection of your digital assets.
 
-## Setup
+This integration ingests the following logs:
+- Audit: Audit logs provide activities performed by a user in the Cisco Secure Endpoint console.
+- Event: Event logs are essential for tracking security events, enabling quick detection, response, and analysis of potential threats.
 
-### Installation
+The Cisco Secure Endpoint integration provides out-of-the-box dashboards so you can gain insights into the Cisco Secure Endpoint's audit and event logs, enabling quick and necessary actions. Additionally, out-of-the-box detection rules are available to help you monitor and respond to potential security threats effectively.
 
-The Cisco Secure Endpoint check is included in the [Datadog Agent][2] package.
-No additional installation is needed on your server.
+**Disclaimer**: Your use of this integration, which may collect data that includes personal information, is subject to your agreements with Datadog. Cisco is not responsible for the privacy, security or integrity of any end-user information, including personal data, transmitted through your use of the integration.
+
+## Setup
 
 ### Configuration
 
-1. <List of steps to configure this integration>
+#### Get API Credentials for Cisco Secure Endpoint 
+
+
+Follow the steps below to create a Client ID and an API key:
+1. Log in to your Cisco Secure Endpoint Console and navigate to the Menu Panel on the left side.
+2. Select `Administration`, then select `Organization Settings`.
+3. Click `Configure API Credentials` under the `Features` section to generate new API credentials.
+4. Click on the `New API Credentials` button located at the right side under the `Legacy API Credentials (version 0 and 1)` section.
+5. Add the following information in the pop-up modal:
+    - Application Name: Any preferable name.
+    - Scope: Select `Read-only`.
+    - Click `Create`.
+    - Once you click **Create**, the redirected page will display the client ID (like a third party API client ID) and API Key values.
+        - **Note:** Make a note of the API Key, as it will only be displayed once.
+
+#### Cisco Secure Endpoint DataDog Integration Configuration
 
-### Validation
+Configure the Datadog endpoint to forward Cisco Secure Endpoint logs to Datadog.
+
+1. Navigate to `Cisco Secure Endpoint`.
+2. Add your Cisco Secure Endpoint credentials.
+
+| Cisco Secure Endpoint Parameters | Description  |
+| -------------------- | ------------ |
+| API Host URL                | The API Host URL for Cisco Secure Endpoint Cloud is "https://api.\<region\>.apm.cisco.com". Adjust the "region" part based on the region of the Cisco Secure Endpoint server. If Cisco Secure Endpoint is hosted on VPC (Virtual Private Cloud), directly provide the API Host URL. |
+| Client ID      | Client ID from Cisco Secure Endpoint.    |
+| API Key           | API Key from Cisco Secure Endpoint.         |
+| Get Endpoint Details    | Keep it "true" to collect endpoint metadata for Cisco Secure Endpoint event logs, otherwise "false". |
 
-<Steps to validate integration is functioning as expected>
 
 ## Data Collected
 
-### Metrics
+### Logs
 
-The Cisco Secure Endpoint integration does not include any metrics.
+The Cisco Secure Endpoint integration collects and forwards Cisco Secure Endpoint audit and event logs to Datadog.
 
-### Service Checks
+### Metrics
 
-The Cisco Secure Endpoint integration does not include any service checks.
+The Cisco Secure Endpoint integration does not include any metrics.
 
 ### Events
 
 The Cisco Secure Endpoint integration does not include any events.
 
-## Troubleshooting
+## Support
 
-Need help? Contact [Datadog support][3].
+For further assistance, contact [Datadog Support][2].
 
-[1]: **LINK_TO_INTEGRATION_SITE**
-[2]: https://app.datadoghq.com/account/settings#agent
-[3]: https://docs.datadoghq.com/help/
+[1]: https://www.cisco.com/site/in/en/products/security/endpoint-security/secure-endpoint/index.html
+[2]: https://docs.datadoghq.com/help/
diff --git a/cisco_secure_endpoint/assets/cisco_secure_endpoint.svg b/cisco_secure_endpoint/assets/cisco_secure_endpoint.svg