[SAASINT-4304] DDS: BeyondTrust Identity Security Insights v1.0.0 #20642
Conversation
datadog-agent-integrations-bot
bot
added
documentation
dev/testing
dev/tooling
qa/skip-qa
tirthrajchaudhari-crest
changed the title
|
Created DOCS-11399 for review |
maycmlee
added
the
editorial review
|
|
||
| [BeyondTrust Identity Security Insights][1] is a web-based application designed to enhance identity protection. It connects BeyondTrust products and third-party services to automatically scan for associated accounts and track your organization's identities. | ||
|
|
||
| Integrate BeyondTrust Identity Security Insights with Datadog to gain insights into Detections Logs using pre-built dashboard visualizations. Datadog leverages its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. Additionally, integration includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security which in turn can also be used with [Datadog Workflow Automation][5] leveraging OOTB Workflow Blueprints to orchestrate and automate your end-to-end processes. |
There was a problem hiding this comment.
| Integrate BeyondTrust Identity Security Insights with Datadog to gain insights into Detections Logs using pre-built dashboard visualizations. Datadog leverages its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. Additionally, integration includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security which in turn can also be used with [Datadog Workflow Automation][5] leveraging OOTB Workflow Blueprints to orchestrate and automate your end-to-end processes. | |
| Integrate BeyondTrust Identity Security Insights with Datadog's pre-built dashboard visualizations to gain insights into detection logs. With Datadog's built-in log pipelines, you can parse and enrich these logs to facilitate easy search and detailed insights. | |
| This integration also includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security. These Cloud SIEM rules can be used with [Datadog Workflow Automation][5] to orchestrate and automate your end-to-end processes with OOTB Workflow Blueprints. |
Are Detection Logs something specific that may be linked? If they are not, using the sentence case here should suffice.
Do these edits keep the meaning?
There was a problem hiding this comment.
Done
|
|
||
| ### Configuration | ||
|
|
||
| #### Webhook Configuration |
There was a problem hiding this comment.
| #### Webhook Configuration |
The set up seems slightly different here: https://docs.beyondtrust.com/entitle/docs/datadog. Are there other types of set up or configuration to be added to this section?
If not, I'd recommend removing the configuration and `webhook configuration headings as everything below is simply the set-up step. Let me know what you think.
There was a problem hiding this comment.
The document you are referring to is for a different BeyondTrust product, which is Entitle. Hence, we need to keep this configuration section.
There was a problem hiding this comment.
Hi @tirthrajchaudhari-crest, thanks for this information and apologies for my confusing the two products.
Thanks also for the clarification on the nested headers. From a documentation structure and usability standpoint, minimizing header depth tends to improve readability and scannability — especially when there's just one configuration type under Setup.
Right now, having both ### Configuration and #### Webhook Configuration introduces extra layers that may not be necessary. Flattening everything under a single ## Setup heading could make the content easier to follow and reduce visual noise — particularly in the table of contents or for readers skimming the page.
Could you share a bit more about the rationale for the extra levels? Are we planning for more configuration types in the future, or is there another reason the structure felt necessary? Thanks so much in advance.
There was a problem hiding this comment.
This has been a standard format for all our integrations, some references of released integrations of the past:
https://docs.datadoghq.com/integrations/adyen/#configuration
https://docs.datadoghq.com/integrations/contentful/#setup
Are we changing the standard format going ahead?
There was a problem hiding this comment.
Hi @tirthrajchaudhari-crest , thanks for these examples you've shared. I am discussing this standard format with the team and will keep you updated in a different PR if we plan on modifying it. If we do plan on modifying it, we will open a PR to modify the format for this and the other integrations.
I will go ahead and approve this PR now.
Thank you so much for your patience here and a fruitful discussion.
| "link": "%%link%%" | ||
| } | ||
| ``` | ||
| - **Send detections automatically?**: Select the checkbox. |
There was a problem hiding this comment.
| - **Send detections automatically?**: Select the checkbox. | |
| - **Send detections automatically (optional)**: Select the checkbox to send detections automatically. |
There was a problem hiding this comment.
Apart from (Optional) change updated the content as per your recommendation.
| "id": 4446171428078009, | ||
| "definition": { | ||
| "type": "note", | ||
| "content": "**Overview**\n\nThis dashboard offers a comprehensive summary of detection details triggered from beyond trust identity security insights.\n\nFor more information, see the [BeyondTrust Identity Security Insights Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_identity_security_insights/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", |
There was a problem hiding this comment.
| "content": "**Overview**\n\nThis dashboard offers a comprehensive summary of detection details triggered from beyond trust identity security insights.\n\nFor more information, see the [BeyondTrust Identity Security Insights Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_identity_security_insights/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", | |
| "content": "**Overview**\n\nThis dashboard offers a comprehensive summary of detection details triggered from BeyondTrust Identity Security Insights.\n\nFor more information, see the [BeyondTrust Identity Security Insights Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_identity_security_insights/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", |
There was a problem hiding this comment.
Done
temporal-github-worker-1
bot
added
docs/approved
and removed
docs/review-requested
labels
BoyangHuang
added
the
assets/deploy-logs-staging
What does this PR do?
This is a initial release PR of BeyondTrust Identity Security Insights integration including all the required assets i.e. Pipeline, Dashboards
Additional Notes
ddsourcequery parameter set to beyondtrust-identity-security-insights.Review checklist (to be filled by reviewers)
qa/skip-qalabel if the PR doesn't need to be tested during QA.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged