-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SIEMINT-118] DDS: Trellix Endpoint Security: Crawler Integration v1.…
…0.0 (#18673) * Add Trellix Endpoint Security integration with assets * Resolve CI failures * Update log pipeline sample * Update log pipeline sample * Resolve CI Failures * Update log pipeline * Update log pipeline * Update Dashboard * Update dashboard widget * Update readme and dashboard * Update screenshot * Address review comments * Update setup section of readme * Update setup section of README
- Loading branch information
1 parent
47b0180
commit d196b77
Showing
7 changed files
with
3,751 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,43 +1,57 @@ | ||
| # Agent Check: trellix_endpoint_security | ||
|
|
||
| ## Overview | ||
|
|
||
| This check monitors [trellix_endpoint_security][1]. | ||
| [Trellix Endpoint Security (ENS)][1] protects servers, computer systems, laptops, and tablets against known and unknown threats. These threats include malware, suspicious communications, unsafe websites, and downloaded files. Trellix Endpoint Security enables multiple defense technologies to communicate in real time to analyze and protect against threats. | ||
|
|
||
| ## Setup | ||
| This integration ingests the following logs: | ||
|
|
||
| - **Threat Events**: This endpoint provides details about threat events triggered by Trellix Endpoint Security, including threat prevention, web control, firewall, and adaptive threat protection. | ||
|
|
||
| This integration provides enrichment and visualization for above mentioned event types. It helps to visualize detailed insights into security trends, threats, and policy violations through the out-of-the-box dashboards. Also, This integration provides out of the box detection rules. | ||
|
|
||
| ### Installation | ||
| ## Setup | ||
|
|
||
| The trellix_endpoint_security check is included in the [Datadog Agent][2] package. | ||
| No additional installation is needed on your server. | ||
| ### Generate API Credentials in Trellix Endpoint Security | ||
|
|
||
| ### Configuration | ||
| 1. Log in to the Trellix ePO Saas. | ||
| 2. Navigate to the **[Trellix Developer Portal][2]**. | ||
| 3. Under **Self-Service**, select **API Access Management**. | ||
| 4. In the **Credential Configurations** section, provide the following details: | ||
| - **Client Type**: Enter a descriptive and identifiable name. | ||
| - **APIs**: Choose **Events** from the dropdown. | ||
| - **Method Types**: Select **GET**. | ||
| 5. Click **Request** to submit the request. It typically takes 2-3 days to process. You will be notified once your credentials are ready. | ||
| 6. When your credentials are available, generate your Client credentials by clicking **Generate** under **Create Client Credentials**. | ||
| 7. Copy the API key from **Access Management**, along with the Client ID and Client Secret, from **Create Client Credentials**. | ||
|
|
||
| !!! Add list of steps to set up this integration !!! | ||
| ### Connect your Trellix Endpoint Security Account to Datadog | ||
|
|
||
| ### Validation | ||
| 1. Add your Client ID, Client Secret, and API Key. | ||
| | Parameters | Description | | ||
| | ------------- | -------------------------------------- | | ||
| | Client ID | The Client ID of Trellix ePO SaaS. | | ||
| | Client Secret | The Client Secret of Trellix ePO SaaS. | | ||
| | API Key | The API Key of Trellix ePO SaaS. | | ||
|
|
||
| !!! Add steps to validate integration is functioning as expected !!! | ||
| 2. Click the Save button to save your settings. | ||
|
|
||
| ## Data Collected | ||
|
|
||
| ### Metrics | ||
| ### Logs | ||
|
|
||
| trellix_endpoint_security does not include any metrics. | ||
| The Trellix Endpoint Security integration collects and forwards events related to threat prevention, web control, firewall, and adaptive threat protection to Datadog. | ||
|
|
||
| ### Service Checks | ||
| ### Metrics | ||
|
|
||
| trellix_endpoint_security does not include any service checks. | ||
| The Trellix Endpoint Security integration does not include any metrics. | ||
|
|
||
| ### Events | ||
|
|
||
| trellix_endpoint_security does not include any events. | ||
| The Trellix Endpoint Security integration does not include any events. | ||
|
|
||
| ## Troubleshooting | ||
| ## Support | ||
|
|
||
| Need help? Contact [Datadog support][3]. | ||
| For additional assistance, contact [Datadog support][3]. | ||
|
|
||
| [1]: **LINK_TO_INTEGRATION_SITE** | ||
| [2]: https://app.datadoghq.com/account/settings/agent/latest | ||
| [1]: https://www.trellix.com/products/endpoint-security/ | ||
| [2]: https://developer.manage.trellix.com/mvision/selfservice/home | ||
| [3]: https://docs.datadoghq.com/help/ | ||
|
|
Oops, something went wrong.