Skip to content

Commit a32053f

Browse files
dd-pub-platform[bot]davidfeng-datadogWyrinedd-dominic
authored
[ECOINT-159] Add Contrast Security ADR integration (DataDog#2837)
* Add Contrast Security ADR integration * Update Contrast Security ADR integration * Update Contrast Security ADR integration * Update Contrast Security ADR integration * Update Contrast Security ADR integration * fix logs pipeline * Update Contrast Security ADR integration * fix log * Update Contrast Security ADR integration * fix logs * Update Contrast Security ADR integration * fix logs * fix identation * remove message * update test * Update Contrast Security ADR integration * Add Contrast Security ADR integration * conflicts * tags * Update contrast_security_adr/CHANGELOG.md Co-authored-by: Dominic Medina <[email protected]> * fix test * add date field * Update Contrast Security ADR integration * Update Contrast Security ADR integration * Update Contrast Security ADR integration * fix contrast PR * revert logs test file * fix one test * fix the other test --------- Co-authored-by: dd-pub-platform[bot] <157534740+dd-pub-platform[bot]@users.noreply.github.com> Co-authored-by: David Feng <[email protected]> Co-authored-by: Kirolos Shahat <[email protected]> Co-authored-by: Kirolos Shahat <[email protected]> Co-authored-by: Dominic Medina <[email protected]>
1 parent c2a2c1c commit a32053f

9 files changed

+495
-1184
lines changed

contrast_security_adr/CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# CHANGELOG - Contrast Security ADR
22

3-
## 1.0.0 / 2025-10-01
3+
## 1.0.0 / 2025-11-05
44

55
_**Added**_:
66

contrast_security_adr/assets/dashboards/contrast_security_adr.json

Lines changed: 61 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -33,18 +33,17 @@
3333
{
3434
"id": 1782623543348740,
3535
"definition": {
36-
"title": "Attacks Blocked",
36+
"title": "Distribution of Attack Events",
3737
"title_size": "16",
3838
"title_align": "left",
3939
"requests": [
4040
{
41-
"response_format": "scalar",
4241
"queries": [
4342
{
4443
"name": "query1",
4544
"data_source": "logs",
4645
"search": {
47-
"query": "source:contrastadr"
46+
"query": "source:contrast-security-adr tags:attack_event"
4847
},
4948
"indexes": [
5049
"*"
@@ -59,16 +58,6 @@
5958
"metric": "count"
6059
},
6160
"should_exclude_missing": true
62-
},
63-
{
64-
"facet": "@application.name",
65-
"limit": 10,
66-
"sort": {
67-
"aggregation": "count",
68-
"order": "desc",
69-
"metric": "count"
70-
},
71-
"should_exclude_missing": true
7261
}
7362
],
7463
"compute": {
@@ -77,6 +66,7 @@
7766
"storage": "hot"
7867
}
7968
],
69+
"response_format": "scalar",
8070
"style": {
8171
"palette": "datadog16"
8272
},
@@ -86,7 +76,7 @@
8676
}
8777
],
8878
"sort": {
89-
"count": 100,
79+
"count": 10,
9080
"order_by": [
9181
{
9282
"type": "formula",
@@ -112,18 +102,18 @@
112102
{
113103
"id": 2595467198821652,
114104
"definition": {
115-
"title": "Attacks by Applications",
105+
"title": "Top 10 Attacks by Applications",
116106
"title_size": "16",
117107
"title_align": "left",
108+
"type": "toplist",
118109
"requests": [
119110
{
120-
"response_format": "scalar",
121111
"queries": [
122112
{
123113
"name": "query1",
124114
"data_source": "logs",
125115
"search": {
126-
"query": "source:contrastadr @application.name:*"
116+
"query": "source:contrast-security-adr tags:attack_event"
127117
},
128118
"indexes": [
129119
"*"
@@ -146,9 +136,7 @@
146136
"storage": "hot"
147137
}
148138
],
149-
"style": {
150-
"palette": "datadog16"
151-
},
139+
"response_format": "scalar",
152140
"formulas": [
153141
{
154142
"formula": "query1"
@@ -166,9 +154,11 @@
166154
}
167155
}
168156
],
169-
"type": "sunburst",
170-
"legend": {
171-
"type": "automatic"
157+
"style": {
158+
"display": {
159+
"type": "stacked",
160+
"legend": "automatic"
161+
}
172162
}
173163
},
174164
"layout": {
@@ -181,7 +171,7 @@
181171
{
182172
"id": 1701489096793870,
183173
"definition": {
184-
"title": "Attacks by Type",
174+
"title": "Top 10 Attacks by Rule",
185175
"title_size": "16",
186176
"title_align": "left",
187177
"type": "toplist",
@@ -192,7 +182,7 @@
192182
"name": "query1",
193183
"data_source": "logs",
194184
"search": {
195-
"query": "source:contrastadr @rule:*"
185+
"query": "source:contrast-security-adr tags:attack_event"
196186
},
197187
"indexes": [
198188
"*"
@@ -207,16 +197,6 @@
207197
"metric": "count"
208198
},
209199
"should_exclude_missing": true
210-
},
211-
{
212-
"facet": "@application.name",
213-
"limit": 10,
214-
"sort": {
215-
"aggregation": "count",
216-
"order": "desc",
217-
"metric": "count"
218-
},
219-
"should_exclude_missing": true
220200
}
221201
],
222202
"compute": {
@@ -232,7 +212,7 @@
232212
}
233213
],
234214
"sort": {
235-
"count": 100,
215+
"count": 10,
236216
"order_by": [
237217
{
238218
"type": "formula",
@@ -247,40 +227,38 @@
247227
"display": {
248228
"type": "stacked",
249229
"legend": "automatic"
250-
},
251-
"palette": "datadog16"
230+
}
252231
}
253232
},
254233
"layout": {
255234
"x": 0,
256235
"y": 4,
257-
"width": 6,
236+
"width": 5,
258237
"height": 4
259238
}
260239
},
261240
{
262241
"id": 2205300797772388,
263242
"definition": {
264-
"title": "Top 10 Most Attacked URIs",
243+
"title": "Top 10 Most Attacked URLs",
265244
"title_size": "16",
266245
"title_align": "left",
267-
"type": "toplist",
246+
"type": "query_table",
268247
"requests": [
269248
{
270-
"response_format": "scalar",
271249
"queries": [
272250
{
273251
"name": "query1",
274252
"data_source": "logs",
275253
"search": {
276-
"query": "source:contrastadr"
254+
"query": "source:contrast-security-adr tags:attack_event"
277255
},
278256
"indexes": [
279257
"*"
280258
],
281259
"group_by": [
282260
{
283-
"facet": "@attackPayload.url",
261+
"facet": "@url",
284262
"limit": 10,
285263
"sort": {
286264
"aggregation": "count",
@@ -306,11 +284,7 @@
306284
"storage": "hot"
307285
}
308286
],
309-
"formulas": [
310-
{
311-
"formula": "query1"
312-
}
313-
],
287+
"response_format": "scalar",
314288
"sort": {
315289
"count": 100,
316290
"order_by": [
@@ -320,27 +294,28 @@
320294
"order": "desc"
321295
}
322296
]
323-
}
297+
},
298+
"formulas": [
299+
{
300+
"cell_display_mode": "bar",
301+
"formula": "query1"
302+
}
303+
]
324304
}
325305
],
326-
"style": {
327-
"display": {
328-
"type": "stacked",
329-
"legend": "automatic"
330-
}
331-
}
306+
"has_search_bar": "auto"
332307
},
333308
"layout": {
334-
"x": 6,
309+
"x": 5,
335310
"y": 4,
336-
"width": 6,
311+
"width": 7,
337312
"height": 4
338313
}
339314
},
340315
{
341316
"id": 4349148145843182,
342317
"definition": {
343-
"title": "Attacks by Type and Time",
318+
"title": "Attack Timeline",
344319
"title_size": "16",
345320
"title_align": "left",
346321
"show_legend": true,
@@ -361,33 +336,12 @@
361336
"name": "query1",
362337
"data_source": "logs",
363338
"search": {
364-
"query": "source:contrastadr"
339+
"query": "source:contrast-security-adr tags:attack_event"
365340
},
366341
"indexes": [
367342
"*"
368343
],
369-
"group_by": [
370-
{
371-
"facet": "@rule",
372-
"limit": 10,
373-
"sort": {
374-
"aggregation": "count",
375-
"order": "desc",
376-
"metric": "count"
377-
},
378-
"should_exclude_missing": true
379-
},
380-
{
381-
"facet": "@application.name",
382-
"limit": 10,
383-
"sort": {
384-
"aggregation": "count",
385-
"order": "desc",
386-
"metric": "count"
387-
},
388-
"should_exclude_missing": true
389-
}
390-
],
344+
"group_by": [],
391345
"compute": {
392346
"aggregation": "count"
393347
},
@@ -406,6 +360,31 @@
406360
"line_width": "normal"
407361
},
408362
"display_type": "line"
363+
},
364+
{
365+
"response_format": "timeseries",
366+
"queries": [
367+
{
368+
"data_source": "events",
369+
"name": "dashboard_events_overlay",
370+
"indexes": [
371+
"*"
372+
],
373+
"compute": {
374+
"aggregation": "count"
375+
},
376+
"group_by": [],
377+
"search": {
378+
"query": ""
379+
}
380+
}
381+
],
382+
"formulas": [
383+
{
384+
"formula": "dashboard_events_overlay"
385+
}
386+
],
387+
"display_type": "overlay"
409388
}
410389
]
411390
},

0 commit comments

Comments
 (0)