-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[INTPLAT-216] [SIEMINT-87] DDS: Cisco Secure Email Threat Defense v1.…
…0.0 (#18190) * Add: cisco secure email threat defense assets * Update: dashboard * Update: readme overview * Update: Address review comments. * Add: Disclaimer in Overview section of README * Update: Readme for delay parameter * Updated as per PR changes * Updated README * updated README as per PR comment * Update: readme for Verdict delay note * Update: readme for configuration steps * Update: remove Note from configuration steps. --------- Co-authored-by: ankitarajput-crest <[email protected]>
- Loading branch information
1 parent
5467e26
commit 0aab549
Showing
7 changed files
with
3,591 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,43 +1,44 @@ | ||
| # Agent Check: cisco_secure_email_threat_defense | ||
|
|
||
| ## Overview | ||
|
|
||
| This check monitors [cisco_secure_email_threat_defense][1]. | ||
| [Cisco Secure Email Threat Defense][1] is an integrated cloud-native security solution for Microsoft 365. It focuses on simple deployment, easy attack remediation, and providing superior visibility into inbound, outbound, and internal user-to-user messages. | ||
|
|
||
| ## Setup | ||
| This integration ingests the following logs: | ||
| - Message: Message logs provide detailed information about email communications, including sender, recipient, timestamps, subject, and threat-related data for analysis and monitoring. | ||
|
|
||
| ### Installation | ||
| The Cisco Secure Email Threat Defense integration provides out-of-the-box dashboards so you can gain insights into Cisco Secure Email Threat Defense's message logs, enabling you to take necessary action. Additionally, out-of-the-box detection rules are available to help you monitor and respond to potential security threats effectively. | ||
|
|
||
| The Cisco Secure Email Threat Defense check is included in the [Datadog Agent][2] package. | ||
| No additional installation is needed on your server. | ||
| **Disclaimer**: Your use of this integration, which may collect data that includes personal information, is subject to your agreements with Datadog. Cisco is not responsible for the privacy, security or integrity of any end-user information, including personal data, transmitted through your use of the integration. | ||
|
|
||
| ### Configuration | ||
|
|
||
| !!! Add list of steps to set up this integration !!! | ||
| ## Setup | ||
|
|
||
| ### Validation | ||
| ### Configuration | ||
|
|
||
| !!! Add steps to validate integration is functioning as expected !!! | ||
| 1. Log in to the Cisco Secure Email Threat Defense UI. | ||
| 2. Navigate to **Administration** and select the **API Clients** tab. | ||
| 3. Click on **Add New Client**. | ||
| 4. Enter a **Client Name** and an optional description. | ||
| 5. Click on **Submit**. This generates your **Client ID** and **Client Password**. | ||
| 6. Retrieve the API key from the **API Key** section. | ||
|
|
||
| ## Data Collected | ||
|
|
||
| ### Metrics | ||
| ### Logs | ||
|
|
||
| The Cisco Secure Email Threat Defense does not include any metrics. | ||
| The Cisco Secure Email Threat Defense integration collects and forwards Cisco Secure Email Threat Defense message logs to Datadog. This integration will ingest messages with verdict values of scam, malicious, phishing, BEC, spam, graymail, and neutral. | ||
|
|
||
| ### Service Checks | ||
| **Note**: Events are fetched with a delay according to the time specified in the Verdict Delay. This delay is necessary to ensure that the logs include retrospective verdicts. However, this does not guarantee that all retrospective verdicts are captured within this timeframe, as the time required for updates can vary. For complete verdict information, please log in to your Cisco Secure Email Threat Defense system. | ||
|
|
||
| The Cisco Secure Email Threat Defense does not include any service checks. | ||
| ### Metrics | ||
|
|
||
| ### Events | ||
| The Cisco Secure Email Threat Defense integration does not include any metrics. | ||
|
|
||
| The Cisco Secure Email Threat Defense does not include any events. | ||
| ### Events | ||
|
|
||
| ## Troubleshooting | ||
| The Cisco Secure Email Threat Defense integration does not include any events. | ||
|
|
||
| Need help? Contact [Datadog support][3]. | ||
| ## Support | ||
|
|
||
| [1]: **LINK_TO_INTEGRATION_SITE** | ||
| [2]: https://app.datadoghq.com/account/settings/agent/latest | ||
| [3]: https://docs.datadoghq.com/help/ | ||
| For further assistance, contact [Datadog Support][2]. | ||
|
|
||
| [1]: https://www.cisco.com/site/us/en/products/security/secure-email/index.html?dtid=osscdc000283 | ||
| [2]: https://docs.datadoghq.com/help/ |
6 changes: 6 additions & 0 deletions
6
cisco_secure_email_threat_defense/assets/cisco_secure_email_threat_defense.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.