-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEMINT-120] DDS: Sonicwall Firewall Integration #18667
base: master
Are you sure you want to change the base?
[SIEMINT-120] DDS: Sonicwall Firewall Integration #18667
Conversation
Created a Jira card for Docs Team editorial review. |
19206e8
to
9b57041
Compare
9b57041
to
64db290
Compare
64db290
to
33d9451
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some feedback and a couple of questions. Let me know if I changed the meaning of anything.
sonicwall_firewall/README.md
Outdated
|
||
To install the Sonicwall Firewall integration, run the following Agent installation command and the steps below. | ||
|
||
For more information, see the [Integration Management][2] documentation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest moving this sentence to after the command.
{ | ||
"id": 7820565410491022, | ||
"definition": { | ||
"title": "High Security Signals", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"title": "High Security Signals", | |
"title": "High Severity Security Signals", |
{ | ||
"id": 3620809096696840, | ||
"definition": { | ||
"title": "Medium Security Signals", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"title": "Medium Security Signals", | |
"title": "Medium Severity Security Signals", |
"id": 4284048486660124, | ||
"definition": { | ||
"type": "note", | ||
"content": "## Overview\n- This dashboard gives insights about Security Services logs, includes track of various attacks detected with their source and destination IP addresses. It also includes information such as allowed and blocked websites.\n- SonicWall Security Services logs capture information about traffic that is monitored and controlled by various security services, such as content filtering, intrusion prevention, anti-virus scanning, and anti-spyware\n", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"content": "## Overview\n- This dashboard gives insights about Security Services logs, includes track of various attacks detected with their source and destination IP addresses. It also includes information such as allowed and blocked websites.\n- SonicWall Security Services logs capture information about traffic that is monitored and controlled by various security services, such as content filtering, intrusion prevention, anti-virus scanning, and anti-spyware\n", | |
"content": "## Overview\n- This dashboard provides insights on Security Services logs, including the various attacks detected and their source and destination IP addresses. It also includes information such as allowed and blocked websites.\n- SonicWall Security Services logs capture information about traffic that is monitored and controlled by various security services, such as content filtering, intrusion prevention, anti-virus scanning, and anti-spyware\n", |
@@ -0,0 +1,1019 @@ | |||
{ | |||
"title": "SonicWall Firewall - User", | |||
"description": "This dashboard provides information about the User logs generated in SonicWall Firewall.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"description": "This dashboard provides information about the User logs generated in SonicWall Firewall.", | |
"description": "This dashboard provides information about user logs generated in SonicWall Firewall.", |
"id": 6474031660100888, | ||
"definition": { | ||
"type": "note", | ||
"content": "## Overview\n- The Users Dashboard provides comprehensive insights into user authentication activities across various access methods, ensuring effective monitoring of login attempts, failures, and overall authentication performance. \n- This dashboard is designed to help administrators track and analyze user authentication patterns, troubleshoot authentication issues, and enhance security measures.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"content": "## Overview\n- The Users Dashboard provides comprehensive insights into user authentication activities across various access methods, ensuring effective monitoring of login attempts, failures, and overall authentication performance. \n- This dashboard is designed to help administrators track and analyze user authentication patterns, troubleshoot authentication issues, and enhance security measures.", | |
"content": "## Overview\n- The Users Dashboard provides insights into user authentication activities across various access methods and monitoring of login attempts, failures, and overall authentication performance. \n- This dashboard helps administrators track and analyze user authentication patterns, troubleshoot authentication issues, and enhance security measures.", |
Co-authored-by: May Lee <[email protected]>
1100336
to
f65330c
Compare
sonicwall_firewall/README.md
Outdated
rule %{date("yyyy-MM-dd HH:mm:ss", "Asia/Calcutta"):timestamp} | ||
``` | ||
|
||
- Additional step |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @Kaustubhtandel-crest. I clarified it in the below suggestion, does that work?
Updated suggested changes for README.md Co-authored-by: May Lee <[email protected]>
What does this PR do?
PR for a new integration Sonicwall Firewall 1.0.0
Additional Notes
-- OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository .
-- Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current datadog behaviour.
Review checklist (to be filled by reviewers)
qa/skip-qa
label if the PR doesn't need to be tested during QA.backport/<branch-name>
label to the PR and it will automatically open a backport PR once this one is merged