DataDog · bgoldberg122 · Apr 26, 2023 · Oct 19, 2022 · Oct 19, 2022 · Oct 20, 2022
diff --git a/.azure-pipelines/all.yml b/.azure-pipelines/all.yml
@@ -53,6 +53,9 @@ jobs:
     - checkName: cloudsmith
       displayName: Cloudsmith
       os: linux
+    - checkName: cybersixgill_actionable_alerts
+      displayName: cybersixgill_actionable_alerts
+      os: linux
     - checkName: cyral
       displayName: Cyral
       os: linux

diff --git a/.codecov.yml b/.codecov.yml
@@ -215,6 +215,10 @@ coverage:
         target: 75
         flags:
         - cfssl
+      cybersixgill_actionable_alerts:
+        target: 75
+        flags:
+        - cybersixgill_actionable_alerts
       exim:
         target: 75
         flags:
@@ -285,6 +289,11 @@ flags:
     paths:
     - cloudsmith/datadog_checks/cloudsmith
     - cloudsmith/tests
+  cybersixgill_actionable_alerts:
+    carryforward: true
+    paths:
+    - cybersixgill_actionable_alerts/datadog_checks/cybersixgill_actionable_alerts
+    - cybersixgill_actionable_alerts/tests
   cyral:
     carryforward: true
     paths:

@@ -40,6 +40,7 @@
 /contrastsecurity/                       @kristianamitchellcontrastsecurity [email protected]
 /convox/                                 @DataDog/agent-integrations
 /cortex/                                 @cortexapps/engineering [email protected] @DataDog/marketplace-review
+/cybersixgill_actionable_alerts/         @shahul-loginsoft [email protected] @DataDog/marketplace-review
 /cyral/                                  @tyrannosaurus-becks [email protected] @DataDog/marketplace-review
 /data_runner/                            @DataDog/apps-sdk @DataDog/marketplace-review
 /datazoom/                               @DataDog/web-integrations
@@ -267,6 +268,9 @@
 /cortex/*metadata.csv                    @cortexapps/engineering [email protected] @DataDog/documentation
 /cortex/manifest.json                    @cortexapps/engineering [email protected] @DataDog/documentation
 /cortex/README.md                        @cortexapps/engineering [email protected] @DataDog/documentation
+/cybersixgill_actionable_alerts/*metadata.csv         @shahul-loginsoft [email protected] @DataDog/documentation @DataDog/marketplace-review
+/cybersixgill_actionable_alerts/manifest.json         @shahul-loginsoft [email protected] @DataDog/documentation @DataDog/marketplace-review
+/cybersixgill_actionable_alerts/README.md              @shahul-loginsoft [email protected] @DataDog/documentation @DataDog/marketplace-review
 /cyral/*metadata.csv                     @tyrannosaurus-becks [email protected] @DataDog/documentation
 /cyral/manifest.json                     @tyrannosaurus-becks [email protected] @DataDog/documentation
 /cyral/README.md                         @tyrannosaurus-becks [email protected] @DataDog/documentation
@@ -363,14 +367,11 @@
 /logzio/*metadata.csv                    @DataDog/agent-integrations @DataDog/documentation
 /logzio/manifest.json                    @DataDog/agent-integrations @DataDog/documentation
 /logzio/README.md                        @DataDog/agent-integrations @DataDog/documentation
-<<<<<<< HEAD
 /mendix/README.md                        @mendix/cloud @DataDog/agent-integrations @DataDog/documentation
 /mendix/manifest.json                    @mendix/cloud @DataDog/agent-integrations @DataDog/documentation
-=======
 /mergify/*metadata.csv                   @Mergifyio/oss-integrations @DataDog/documentation
 /mergify/manifest.json                   @Mergifyio/oss-integrations @DataDog/documentation
 /mergify/README.md                       @Mergifyio/oss-integrations @DataDog/documentation
->>>>>>> bfce30e1 (feat: add mergify integration)
 /n2ws/*metadata.csv                      @eliadeini [email protected] @DataDog/documentation
 /n2ws/manifest.json                      @eliadeini [email protected] @DataDog/documentation
 /n2ws/README.md                          @eliadeini [email protected] @DataDog/documentation

diff --git a/.github/workflows/test-all.yml b/.github/workflows/test-all.yml
@@ -144,6 +144,25 @@ jobs:
       test-py3: ${{ inputs.test-py3 }}
       setup-env-vars: "${{ inputs.setup-env-vars }}"
     secrets: inherit
+  ja669dc6:
+    uses: DataDog/integrations-core/.github/workflows/test-target.yml@master
+    with:
+      job-name: cybersixgill_actionable_alerts
+      target: cybersixgill_actionable_alerts
+      platform: linux
+      runner: '["ubuntu-22.04"]'
+      repo: "${{ inputs.repo }}"
+      python-version: "${{ inputs.python-version }}"
+      standard: ${{ inputs.standard }}
+      latest: ${{ inputs.latest }}
+      agent-image: "${{ inputs.agent-image }}"
+      agent-image-py2: "${{ inputs.agent-image-py2 }}"
+      agent-image-windows: "${{ inputs.agent-image-windows }}"
+      agent-image-windows-py2: "${{ inputs.agent-image-windows-py2 }}"
+      test-py2: ${{ inputs.test-py2 }}
+      test-py3: ${{ inputs.test-py3 }}
+      setup-env-vars: "${{ inputs.setup-env-vars }}"
+    secrets: inherit
   j3263e78:
     uses: DataDog/integrations-core/.github/workflows/test-target.yml@master
     with:

@@ -0,0 +1,5 @@
+# CHANGELOG - cybersixgill_actionable_alerts
+
+## 1.0.0 / 2023-04-04
+
+[FEATURE] Initial Cybersixgill Integration
@@ -0,0 +1,46 @@
+# Agent Check: cybersixgill_actionable_alerts
+
+## Overview
+The Cybersixgill actionable alerts check monitors critical assets across the deep, dark, and surface web such as IP addresses, domains, vulnerabilities, and VIPs. Receive alerts with context including severity, threat type, description, post snippet, recommendations, and assessments. This integration provides an out-of-the-box dashboard to prioritize and respond to threats.
+
+## Setup
+
+
+### Installation
+
+To install the Cybersixgill actionable alerts check on your host:
+1. Install the [developer tool][2] on any machine.
+2. To build the package, run the command: `ddev release build cybersixgill_actionable_alerts`.
+3. [Install the Datadog Agent][1] on your host.
+4. Once the Agent is installed, run the following command to install the integration:
+```
+datadog-agent integration install -t datadog-Cybersixgill Actionable Alerts==1.0.0
+```
+
+### Configuration
+5. Reach out to [Cybersixgill Support][4] and request access to the Cybersixgill Developer Platform.
+6. Receive the welcome email with access to the Cybersixgill developer platform.
+7. Within the Cybersixgill developer platform, create the Client ID and Client secret.
+8. Copy the Client ID and Client secret and paste them into the Configuration.yaml file.
+9. Provide the minimum collection interval in seconds. For example, `min_collection_interval: 3600`
+
+### Validation
+Verify that Cybersixgill events are generated in the [Datadog Events Explorer][3].
+
+## Data Collected
+
+### Service Checks
+See [service_checks.json][5] for a list of service checks provided by this integration.
+
+### Events
+This integration sends API-type events to Datadog.
+
+## Troubleshooting
+Need help? Contact [Cybersixgill support][4].
+
+[1]: https://app.datadoghq.com/account/settings#agent
+[2]: https://docs.datadoghq.com/developers/integrations/new_check_howto/?tab=configurationtemplate#configure-the-developer-tool
+[3]: https://app.datadoghq.com/event/explorer
+[4]: mailto:[email protected]
+[5]: https://github.com/DataDog/integrations-extras/blob/master/cybersixgill_actionable_alerts/assets/service_checks.json
+
@@ -0,0 +1,71 @@
+name: cybersixgill_actionable_alerts
+files:
+- name: cybersixgill_actionable_alerts.yaml
+  options:
+  - template: init_config
+    options:
+    - template: init_config/default
+  - template: instances
+    options:
+      - name: cl_id
+        required: true
+        description: The Client Id given by Cybersixgill
+        enabled:  true
+        value:
+          type: string
+          example:  clientid
+          display_default:  null
+      - name: cl_secret
+        required: true
+        description: The Client Secret given by Cybersixgill
+        enabled:  true
+        value:
+          type: string
+          display_default:  null
+          secret: true
+      - name: alerts_limit
+        required: false
+        description: The number of alerts to fetch on a single request default is 50
+        enabled:  false
+        value:
+          type: integer
+          example:  50
+          display_default:  null
+      - name: threat_type
+        required: false
+        description: Predefined types of threats alerts you would like to see like fraud, malware
+        enabled:  false
+        value:
+          type: string
+          example: compromised accounts, fraud
+          display_default:  null
+          enum:
+            - Brand Protection
+            - Data Leak
+            - Malware
+            - Phishing
+            - Fraud
+            - Vulnerability Exploit
+            - Insider Threat
+            - Defacement
+            - Compromised Accounts
+            - DDoS Attack
+            - Web Attack
+            - Trend Anomaly
+      - name: threat_level
+        required: false
+        description: Type of alerts which are either imminent or emerging
+        enabled:  false
+        value:
+          type: string
+          example: imminent
+          display_default:  null
+      - name: organization_id
+        required: false
+        description: The Organization Id provided by Cybersixgill
+        enabled:  false
+        value:
+          type: string
+          example: orgidexample
+          display_default: null
+  - template: instances/default
@@ -0,0 +1,180 @@
+{
+    "title": "Cybersixgill Actionable Alerts - Overview",
+    "description": "This Dashboard helps you to understand the Actionable alerts of your assets like the count of alerts, alert titles and count of imminent and emerging alerts.",
+    "widgets": [
+      {
+        "id": 8775317340528879,
+        "definition": {
+          "title": "Alerts Count",
+          "title_size": "16",
+          "title_align": "left",
+          "show_legend": false,
+          "legend_layout": "auto",
+          "legend_columns": [
+            "avg",
+            "min",
+            "max",
+            "value",
+            "sum"
+          ],
+          "time": {},
+          "type": "timeseries",
+          "requests": [
+            {
+              "formulas": [
+                {
+                  "formula": "query1"
+                }
+              ],
+              "response_format": "timeseries",
+              "queries": [
+                {
+                  "search": {
+                    "query": "source:my_apps"
+                  },
+                  "data_source": "events",
+                  "compute": {
+                    "aggregation": "count"
+                  },
+                  "name": "query1",
+                  "indexes": [
+                    "*"
+                  ],
+                  "group_by": []
+                }
+              ],
+              "style": {
+                "palette": "dog_classic"
+              },
+              "display_type": "bars"
+            }
+          ]
+        },
+        "layout": {
+          "x": 0,
+          "y": 0,
+          "width": 11,
+          "height": 3
+        }
+      },
+      {
+        "id": 6080537854801146,
+        "definition": {
+          "title": "Alerts Title",
+          "title_size": "16",
+          "title_align": "left",
+          "time": {},
+          "type": "event_stream",
+          "query": "source: my_apps",
+          "event_size": "s"
+        },
+        "layout": {
+          "x": 0,
+          "y": 3,
+          "width": 11,
+          "height": 5
+        }
+      },
+      {
+        "id": 2249705270211652,
+        "definition": {
+          "title": "Imminent Alerts",
+          "title_size": "16",
+          "title_align": "left",
+          "requests": [
+            {
+              "formulas": [
+                {
+                  "formula": "query2",
+                  "limit": {
+                    "order": "desc"
+                  }
+                }
+              ],
+              "response_format": "scalar",
+              "queries": [
+                {
+                  "search": {
+                    "query": "source:my_apps message:\"Threat Level: imminent\""
+                  },
+                  "data_source": "events",
+                  "compute": {
+                    "aggregation": "count"
+                  },
+                  "name": "query2",
+                  "indexes": [
+                    "*"
+                  ],
+                  "group_by": []
+                }
+              ]
+            }
+          ],
+          "type": "sunburst",
+          "legend": {
+            "type": "automatic"
+          }
+        },
+        "layout": {
+          "x": 0,
+          "y": 8,
+          "width": 4,
+          "height": 4
+        }
+      },
+      {
+        "id": 1434403194670864,
+        "definition": {
+          "title": "Emerging Alerts",
+          "title_size": "16",
+          "title_align": "left",
+          "requests": [
+            {
+              "formulas": [
+                {
+                  "formula": "query2",
+                  "limit": {
+                    "order": "desc"
+                  }
+                }
+              ],
+              "response_format": "scalar",
+              "queries": [
+                {
+                  "search": {
+                    "query": "source:my_apps message:\"Threat Level: emerging\""
+                  },
+                  "data_source": "events",
+                  "compute": {
+                    "aggregation": "count"
+                  },
+                  "name": "query2",
+                  "indexes": [
+                    "*"
+                  ],
+                  "group_by": []
+                }
+              ]
+            }
+          ],
+          "type": "sunburst",
+          "legend": {
+            "type": "automatic"
+          }
+        },
+        "layout": {
+          "x": 4,
+          "y": 8,
+          "width": 4,
+          "height": 4
+        }
+      }
+    ],
+    "template_variables": [],
+    "layout_type": "ordered",
+    "is_read_only": false,
+    "notify_list": [],
+    "reflow_type": "fixed",
+    "id": "tz2-pyd-932"
+  }
+