Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SAASINT-3541] DDS: Tanium: Crawler Integration v1.0.0 #19343

Merged
merged 15 commits into from
Mar 7, 2025
Merged

[SAASINT-3541] DDS: Tanium: Crawler Integration v1.0.0 #19343

merged 15 commits into from
Mar 7, 2025

Conversation

shubhamvekariya-crest
Copy link
Contributor

What does this PR do?

This is a initial release PR of Tanium integration including all the required assets.

Additional Notes

  • Crawler code for this integration has been committed in its respective repo
  • Pipeline and Facet group created for this integration are available in our sandbox and would be shared separately with the required teams.
  • Samples for the pipeline review would also be shared separately with the required teams.
  • OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository.
  • Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current Datadog behaviour.

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Changelog entries must be created for modifications to shipped code
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@shubhamvekariya-crest shubhamvekariya-crest changed the title [SAASINT-3541] DDS: Tanium: Crawler Integration v1.0.0 DDS: Tanium: Crawler Integration v1.0.0 Jan 6, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 6, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.19%. Comparing base (724567b) to head (00c2994).
Report is 59 commits behind head on master.

Additional details and impacted files
Flag Coverage Δ
activemq ?
cassandra ?
hive ?
hivemq ?
hudi ?
ignite ?
jboss_wildfly ?
kafka ?
presto ?
solr ?

Flags with carried forward coverage won't be shown. Click here to find out more.

@shubhamvekariya-crest shubhamvekariya-crest marked this pull request as ready for review February 5, 2025 05:32
@shubhamvekariya-crest shubhamvekariya-crest requested review from a team as code owners February 5, 2025 05:32
@shubhamvekariya-crest shubhamvekariya-crest requested a review from a team February 5, 2025 05:32
@shubhamvekariya-crest shubhamvekariya-crest requested review from a team as code owners February 5, 2025 05:32
@shubhamvekariya-crest shubhamvekariya-crest changed the title DDS: Tanium: Crawler Integration v1.0.0 [SAASINT-3541] DDS: Tanium: Crawler Integration v1.0.0 Feb 5, 2025
ZacharyAnderson
ZacharyAnderson previously approved these changes Feb 5, 2025
View reviewed changes
@drichards-87
Copy link
Contributor

Created Jira card for Docs Team editorial review.

@drichards-87 drichards-87 added the editorial review Waiting on a more in-depth review from a docs team editor label Feb 5, 2025
aliciascott
aliciascott requested changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@aliciascott aliciascott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @shubhamvekariya-crest just a few suggestions for wording and flow thanks!

tanium/README.md Outdated
## Overview

This check monitors [tanium][1].
[Tanium][1] is an enterprise platform that's primarily used as an endpoint management tool. It empowers security and IT operations teams with quick visibility and control to secure and manage every endpoint on the network.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
[Tanium][1] is an enterprise platform that's primarily used as an endpoint management tool. It empowers security and IT operations teams with quick visibility and control to secure and manage every endpoint on the network.
[Tanium][1] is an enterprise platform designed for endpoint management. It provides security and IT operations teams with rapid visibility and control to secure and manage all network endpoints.

Suggest to reword this slightly

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 👍

tanium/README.md Outdated
- **Threat Response Audit**: This endpoint contains information about the centralized view of audit events generated by the Tanium Threat Response.
- **Platform Audit**: This endpoint contains information about the authentication, API token usage, local settings, persona changes, user settings, and system settings information.

This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products
This integration collects logs from the sources listed above and transmits them to Datadog for analysis in [Log Explorer][3] and [Cloud SIEM][4].

would be better to just provide the links here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 👍

tanium/README.md Outdated
- **Platform Audit**: This endpoint contains information about the authentication, API token usage, local settings, persona changes, user settings, and system settings information.

This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products
* [Log Explorer][3]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [Log Explorer][3]

delete

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 👍

tanium/README.md Outdated

This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products
* [Log Explorer][3]
* [Cloud SIEM][4]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [Cloud SIEM][4]

delete

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 👍

tanium/README.md Outdated

### Configuration
1. Login into Tanium.
2. From the Main menu, go to **Administration** > **Permissions** > **API Tokens**.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. From the Main menu, go to **Administration** > **Permissions** > **API Tokens**.
2. From the main menu, navigate to **Administration** > **Permissions** > **API Tokens**.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 👍

@BoyangHuang BoyangHuang added the assets/deploy-logs-staging ONLY USED BY Logs Backend - Validates that a PR is OK to go to staging label Mar 3, 2025
BoyangHuang
BoyangHuang previously approved these changes Mar 3, 2025
View reviewed changes
@ZacharyAnderson ZacharyAnderson requested a review from a team as a code owner March 5, 2025 19:13
@temporal-github-worker-1 temporal-github-worker-1 bot dismissed stale reviews from ZacharyAnderson and BoyangHuang March 5, 2025 19:13

Review from ZacharyAnderson is dismissed.
Related teams and files:

  • saas-integrations
    • .github/CODEOWNERS
      Review from BoyangHuang is dismissed.
      Related teams and files:
  • saas-integrations
    • .github/CODEOWNERS
BoyangHuang
BoyangHuang previously approved these changes Mar 5, 2025
View reviewed changes
ZacharyAnderson
ZacharyAnderson previously approved these changes Mar 5, 2025
View reviewed changes
Kyle-Neale
Kyle-Neale previously approved these changes Mar 6, 2025
View reviewed changes
@temporal-github-worker-1 temporal-github-worker-1 bot dismissed stale reviews from BoyangHuang, ZacharyAnderson, and Kyle-Neale March 6, 2025 20:30

Review from BoyangHuang is dismissed.
Related teams and files:

  • saas-integrations
    • .github/CODEOWNERS
      Review from ZacharyAnderson is dismissed.
      Related teams and files:
  • saas-integrations
    • .github/CODEOWNERS
      Review from Kyle-Neale is dismissed.
      Related teams and files:
  • agent-integrations
    • .github/CODEOWNERS
@ZacharyAnderson ZacharyAnderson added this pull request to the merge queue Mar 7, 2025
Merged via the queue into DataDog:master with commit a2994d0 Mar 7, 2025
44 of 47 checks passed
github-actions bot pushed a commit that referenced this pull request Mar 7, 2025
@github-merge-queue
[SAASINT-3541] DDS: Tanium: Crawler Integration v1.0.0 (#19343)
7fbda23 
* Add Tanium crawler integration without assets

* Add Tanium integration with assets

* Resolve CI failure

* Update log pipeline sample

* Resolve CI failure

* Update grok parser

* Update README and Pipeline

* Resolve CI Failure

* Update dashboard, pipeline and image

* Update README

* Address review comments

---------

Co-authored-by: Zach Anderson <[email protected]> a2994d0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nubtron nubtron nubtron approved these changes

@gunterd gunterd gunterd approved these changes

@aliciascott aliciascott aliciascott approved these changes

@lli-datadog lli-datadog lli-datadog approved these changes

@BoyangHuang BoyangHuang BoyangHuang left review comments

@ZacharyAnderson ZacharyAnderson ZacharyAnderson left review comments

@Kyle-Neale Kyle-Neale Kyle-Neale left review comments

Assignees
No one assigned
Labels
agent/approved assets/deploy-logs-staging ONLY USED BY Logs Backend - Validates that a PR is OK to go to staging changelog/no-changelog docs/approved documentation ecosystems/review-requested editorial review Waiting on a more in-depth review from a docs team editor integration/tanium product/review-requested team/agent-integrations team/logs-backend team/Logs-Core
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@shubhamvekariya-crest @drichards-87 @nubtron @gunterd @BoyangHuang @ZacharyAnderson @aliciascott @Kyle-Neale @lli-datadog