Skip to content

Commit

Permalink
Cybersixgill Actionable Alerts (#1576)
Browse files Browse the repository at this point in the history 
* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Submitted with changes requested in check.py

* Cybersixgill Actionable Alerts Validate command fix

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* resolved review comments

* resolved review comments

* CyberSixgill Actionable Alerts

* Cybersixgill Actionable Alerts

* changelog date updated

* comments are addressed

* addressed review comments

* review comments are addressed

* review comments addressed

* review comments are reverted

* review comments are addressed

* Cybersixgill Actionable Alerts

* cybersixgill actionable alerts

* conflicts resolved

* updated codeowners file

* updated code owner file

* added test case

* test cases updated for test coverage

* fixed test coverage

* added test case for test coverage

* json file formatted

* json formatted

* added test cases for test coverage

---------

Co-authored-by: shahul-loginsoft <[email protected]>
Co-authored-by: bgoldberg122 <[email protected]>
  • Loading branch information
@fshaik3494 @shahul-loginsoft @bgoldberg122
3 people authored Apr 26, 2023
1 parent c9151e0 commit ac614b3
Show file tree
Hide file tree
Showing 37 changed files with 1,305 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .azure-pipelines/all.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@ jobs:
- checkName: cloudsmith
displayName: Cloudsmith
os: linux
- checkName: cybersixgill_actionable_alerts
displayName: cybersixgill_actionable_alerts
os: linux
- checkName: cyral
displayName: Cyral
os: linux
Expand Down
9 changes: 9 additions & 0 deletions .codecov.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,10 @@ coverage:
target: 75
flags:
- cfssl
cybersixgill_actionable_alerts:
target: 75
flags:
- cybersixgill_actionable_alerts
exim:
target: 75
flags:
Expand Down Expand Up @@ -285,6 +289,11 @@ flags:
paths:
- cloudsmith/datadog_checks/cloudsmith
- cloudsmith/tests
cybersixgill_actionable_alerts:
carryforward: true
paths:
- cybersixgill_actionable_alerts/datadog_checks/cybersixgill_actionable_alerts
- cybersixgill_actionable_alerts/tests
cyral:
carryforward: true
paths:
Expand Down
4 changes: 4 additions & 0 deletions .github/CODEOWNERS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
/contrastsecurity/ @kristianamitchellcontrastsecurity [email protected]
/convox/ @DataDog/agent-integrations
/cortex/ @cortexapps/engineering [email protected] @DataDog/marketplace-review
/cybersixgill_actionable_alerts/ @shahul-loginsoft [email protected] @DataDog/marketplace-review
/cyral/ @tyrannosaurus-becks [email protected] @DataDog/marketplace-review
/data_runner/ @DataDog/apps-sdk @DataDog/marketplace-review
/datazoom/ @DataDog/web-integrations
Expand Down Expand Up @@ -267,6 +268,9 @@
/cortex/*metadata.csv @cortexapps/engineering [email protected] @DataDog/documentation
/cortex/manifest.json @cortexapps/engineering [email protected] @DataDog/documentation
/cortex/README.md @cortexapps/engineering [email protected] @DataDog/documentation
/cybersixgill_actionable_alerts/*metadata.csv @shahul-loginsoft [email protected] @DataDog/documentation @DataDog/marketplace-review
/cybersixgill_actionable_alerts/manifest.json @shahul-loginsoft [email protected] @DataDog/documentation @DataDog/marketplace-review
/cybersixgill_actionable_alerts/README.md @shahul-loginsoft [email protected] @DataDog/documentation @DataDog/marketplace-review
/cyral/*metadata.csv @tyrannosaurus-becks [email protected] @DataDog/documentation
/cyral/manifest.json @tyrannosaurus-becks [email protected] @DataDog/documentation
/cyral/README.md @tyrannosaurus-becks [email protected] @DataDog/documentation
Expand Down
19 changes: 19 additions & 0 deletions .github/workflows/test-all.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,25 @@ jobs:
test-py3: ${{ inputs.test-py3 }}
setup-env-vars: "${{ inputs.setup-env-vars }}"
secrets: inherit
ja669dc6:
uses: DataDog/integrations-core/.github/workflows/test-target.yml@master
with:
job-name: cybersixgill_actionable_alerts
target: cybersixgill_actionable_alerts
platform: linux
runner: '["ubuntu-22.04"]'
repo: "${{ inputs.repo }}"
python-version: "${{ inputs.python-version }}"
standard: ${{ inputs.standard }}
latest: ${{ inputs.latest }}
agent-image: "${{ inputs.agent-image }}"
agent-image-py2: "${{ inputs.agent-image-py2 }}"
agent-image-windows: "${{ inputs.agent-image-windows }}"
agent-image-windows-py2: "${{ inputs.agent-image-windows-py2 }}"
test-py2: ${{ inputs.test-py2 }}
test-py3: ${{ inputs.test-py3 }}
setup-env-vars: "${{ inputs.setup-env-vars }}"
secrets: inherit
j3263e78:
uses: DataDog/integrations-core/.github/workflows/test-target.yml@master
with:
Expand Down
5 changes: 5 additions & 0 deletions cybersixgill_actionable_alerts/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# CHANGELOG - cybersixgill_actionable_alerts

## 1.0.0 / 2023-04-04

[FEATURE] Initial Cybersixgill Integration
46 changes: 46 additions & 0 deletions cybersixgill_actionable_alerts/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Agent Check: cybersixgill_actionable_alerts

## Overview
The Cybersixgill actionable alerts check monitors critical assets across the deep, dark, and surface web such as IP addresses, domains, vulnerabilities, and VIPs. Receive alerts with context including severity, threat type, description, post snippet, recommendations, and assessments. This integration provides an out-of-the-box dashboard to prioritize and respond to threats.

## Setup


### Installation

To install the Cybersixgill actionable alerts check on your host:
1. Install the [developer tool][2] on any machine.
2. To build the package, run the command: `ddev release build cybersixgill_actionable_alerts`.
3. [Install the Datadog Agent][1] on your host.
4. Once the Agent is installed, run the following command to install the integration:
```
datadog-agent integration install -t datadog-Cybersixgill Actionable Alerts==1.0.0
```

### Configuration
5. Reach out to [Cybersixgill Support][4] and request access to the Cybersixgill Developer Platform.
6. Receive the welcome email with access to the Cybersixgill developer platform.
7. Within the Cybersixgill developer platform, create the Client ID and Client secret.
8. Copy the Client ID and Client secret and paste them into the Configuration.yaml file.
9. Provide the minimum collection interval in seconds. For example, `min_collection_interval: 3600`

### Validation
Verify that Cybersixgill events are generated in the [Datadog Events Explorer][3].

## Data Collected

### Service Checks
See [service_checks.json][5] for a list of service checks provided by this integration.

### Events
This integration sends API-type events to Datadog.

## Troubleshooting
Need help? Contact [Cybersixgill support][4].

[1]: https://app.datadoghq.com/account/settings#agent
[2]: https://docs.datadoghq.com/developers/integrations/new_check_howto/?tab=configurationtemplate#configure-the-developer-tool
[3]: https://app.datadoghq.com/event/explorer
[4]: mailto:[email protected]
[5]: https://github.com/DataDog/integrations-extras/blob/master/cybersixgill_actionable_alerts/assets/service_checks.json

71 changes: 71 additions & 0 deletions cybersixgill_actionable_alerts/assets/configuration/spec.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: cybersixgill_actionable_alerts
files:
- name: cybersixgill_actionable_alerts.yaml
options:
- template: init_config
options:
- template: init_config/default
- template: instances
options:
- name: cl_id
required: true
description: The Client Id given by Cybersixgill
enabled: true
value:
type: string
example: clientid
display_default: null
- name: cl_secret
required: true
description: The Client Secret given by Cybersixgill
enabled: true
value:
type: string
display_default: null
secret: true
- name: alerts_limit
required: false
description: The number of alerts to fetch on a single request default is 50
enabled: false
value:
type: integer
example: 50
display_default: null
- name: threat_type
required: false
description: Predefined types of threats alerts you would like to see like fraud, malware
enabled: false
value:
type: string
example: compromised accounts, fraud
display_default: null
enum:
- Brand Protection
- Data Leak
- Malware
- Phishing
- Fraud
- Vulnerability Exploit
- Insider Threat
- Defacement
- Compromised Accounts
- DDoS Attack
- Web Attack
- Trend Anomaly
- name: threat_level
required: false
description: Type of alerts which are either imminent or emerging
enabled: false
value:
type: string
example: imminent
display_default: null
- name: organization_id
required: false
description: The Organization Id provided by Cybersixgill
enabled: false
value:
type: string
example: orgidexample
display_default: null
- template: instances/default
180 changes: 180 additions & 0 deletions ...rsixgill_actionable_alerts/assets/dashboards/cybersixgill_actionable_alerts_overview.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,180 @@
{
"title": "Cybersixgill Actionable Alerts - Overview",
"description": "This Dashboard helps you to understand the Actionable alerts of your assets like the count of alerts, alert titles and count of imminent and emerging alerts.",
"widgets": [
{
"id": 8775317340528879,
"definition": {
"title": "Alerts Count",
"title_size": "16",
"title_align": "left",
"show_legend": false,
"legend_layout": "auto",
"legend_columns": [
"avg",
"min",
"max",
"value",
"sum"
],
"time": {},
"type": "timeseries",
"requests": [
{
"formulas": [
{
"formula": "query1"
}
],
"response_format": "timeseries",
"queries": [
{
"search": {
"query": "source:my_apps"
},
"data_source": "events",
"compute": {
"aggregation": "count"
},
"name": "query1",
"indexes": [
"*"
],
"group_by": []
}
],
"style": {
"palette": "dog_classic"
},
"display_type": "bars"
}
]
},
"layout": {
"x": 0,
"y": 0,
"width": 11,
"height": 3
}
},
{
"id": 6080537854801146,
"definition": {
"title": "Alerts Title",
"title_size": "16",
"title_align": "left",
"time": {},
"type": "event_stream",
"query": "source: my_apps",
"event_size": "s"
},
"layout": {
"x": 0,
"y": 3,
"width": 11,
"height": 5
}
},
{
"id": 2249705270211652,
"definition": {
"title": "Imminent Alerts",
"title_size": "16",
"title_align": "left",
"requests": [
{
"formulas": [
{
"formula": "query2",
"limit": {
"order": "desc"
}
}
],
"response_format": "scalar",
"queries": [
{
"search": {
"query": "source:my_apps message:\"Threat Level: imminent\""
},
"data_source": "events",
"compute": {
"aggregation": "count"
},
"name": "query2",
"indexes": [
"*"
],
"group_by": []
}
]
}
],
"type": "sunburst",
"legend": {
"type": "automatic"
}
},
"layout": {
"x": 0,
"y": 8,
"width": 4,
"height": 4
}
},
{
"id": 1434403194670864,
"definition": {
"title": "Emerging Alerts",
"title_size": "16",
"title_align": "left",
"requests": [
{
"formulas": [
{
"formula": "query2",
"limit": {
"order": "desc"
}
}
],
"response_format": "scalar",
"queries": [
{
"search": {
"query": "source:my_apps message:\"Threat Level: emerging\""
},
"data_source": "events",
"compute": {
"aggregation": "count"
},
"name": "query2",
"indexes": [
"*"
],
"group_by": []
}
]
}
],
"type": "sunburst",
"legend": {
"type": "automatic"
}
},
"layout": {
"x": 4,
"y": 8,
"width": 4,
"height": 4
}
}
],
"template_variables": [],
"layout_type": "ordered",
"is_read_only": false,
"notify_list": [],
"reflow_type": "fixed",
"id": "tz2-pyd-932"
}

Loading

0 comments on commit ac614b3

Please sign in to comment.