DataDog
[SIEMINT-71] DDS: OSSEC Integration
What does this PR do?
PR for a new integration OSSEC 1.0.0
Additional Notes
-- OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository . -- Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current datadog behavior. -- Currently, pipeline source is kept as ossec. After confirmation from datadog team, if required, will change source to ossec-security.
Review checklist (to be filled by reviewers)
- [ ] Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
- [ ] Changelog entries must be created for modifications to shipped code
- [ ] Add the
qa/skip-qalabel if the PR doesn't need to be tested during QA. - [ ] If you need to backport this PR to another branch, you can add the
backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged
I took an initial editorial pass of the files that were ready, mostly very minor style changes and improving the conciseness. When it's ready for another look, please ping me in a comment or request another review on the PR. Thank you!
@jhgilbert Thanks for the initial review! Changes have been made and the files are now ready for your review. Please check them at your convenience and let me know if anything else is needed.
Everything looks ok, except the dashboards need to be updated to align with the standard Datadog style.
Everything looks ok, except the dashboards need to be updated to align with the standard Datadog style.
@jnhunsberger Have updated the dashboards as per standard Datadog style.