[INTPLAT-158] [SIEMINT-88] DDS: Palo Alto Cortex XDR: Crawler Integration v1.0.0 (#18084)

* Added Palo Alto Cortex XDR integration with assets

* Added date in CHANGELOG file

* Fixed pipeline suggestions

* Fixed pipeline suggestions

* Fixing log pipeline suggestions

* Reodered Groups for facets

* Added log pipeline result

* Fixing pipeline for log result

* Enhanced log pipeline result

* Fixing the log pipeline result

* Adding log output.

* Adding log pipeline result

* Updated log pipeline

* Updated README.md file with suggested changes

* Drop explain plan failures to debug level (#17974)

* Drop explain plan errors to debug logs.

* Changelog entry

* [mongo] Support auto-discover available databases for the monitored mongodb instance (#17959)

* autodiscover mongodb databases

* Add database autodiscovery support

* remove print

* only list authorized collections not views

* ignore collections from config when database autodiscovery is enabled

* add changelog

* update changelog

* fix license header

* update include list with deprecated dbnames

* fix test

* update comments

* update changelog

* return databases and count

* update readme

* update config description to dbnames

* Add collect of metrics for buffer cache usage (#17960)

The pg_buffercache extension provides a pg_buffercache view that give
a detailed report the usage of shared buffer: which relation is using
it, whether it's dirty and how many backends are pinning this buffer.

This patch adds the capacity to collect data from pg_buffercache to
provide visibility on shared buffer usage.

* [mongo] deprecate collStats command and use $collStats aggregation stage to collect collection metrics (#17961)

* use collStats aggregation pipeline to collect collection metrics

* add changelog

* sort metadata

* remove commented code

* update test results with new metrics

* Add ssl path option when building the librdkafka dependency  (#17957)

* add the prefix path

* commit

* commit

* commit

* add debug

* enable ssl

* enable ssl in prefix folder

* enable ssl in prefix folder

* set default ssl path

* set default ssl path

* set default ssl path

* set default ssl path

* set default ssl path

* linter

* linter

* Update dependency resolution (#17971)

Co-authored-by: iliakur <iliakur@users.noreply.github.com>

* Fix format issue with master pipeline flaky test management pr17910 (#17979)

* Add manual trigger for flaky test suite

* Mark envoy tests as flaky (#17985)

* [Release] Bumped vllm version to 1.0.0 (#17988)

* Switch back to the intial database while collecting schemas (#17978)

* Switch back to the intial database while collecting schemas

* Used finally

* Applied linter

* Port 7.56 releases to master (#17991)

* [Release] Bumped active_directory version to 2.1.1

* [Release] Bumped aerospike version to 2.2.2

* [Release] Bumped amazon_msk version to 4.9.0

* [Release] Bumped arangodb version to 2.2.2

* [Release] Bumped argo_rollouts version to 1.0.2

* [Release] Bumped argo_workflows version to 1.0.2

* [Release] Bumped argocd version to 2.4.2

* [Release] Bumped aspdotnet version to 2.1.1

* [Release] Bumped avi_vantage version to 4.2.2

* [Release] Bumped boundary version to 2.2.3

* [Release] Bumped calico version to 2.2.2

* [Release] Bumped cert_manager version to 4.1.2

* [Release] Bumped cilium version to 3.5.1

* [Release] Bumped cisco_aci version to 2.9.0

* [Release] Bumped clickhouse version to 3.6.0

* [Release] Bumped cockroachdb version to 3.3.2

* [Release] Bumped coredns version to 3.2.3

* [Release] Bumped datadog_checks_base version to 36.9.0

* [Release] Bumped datadog_checks_downloader version to 4.7.0

* [Release] Bumped dcgm version to 2.3.2

* [Release] Bumped dotnetclr version to 2.1.1

* [Release] Bumped envoy version to 3.5.1

* [Release] Bumped esxi version to 1.2.0

* [Release] Bumped etcd version to 6.2.2

* [Release] Bumped exchange_server version to 2.1.1

* [Release] Bumped fluxcd version to 1.2.2

* [Release] Bumped gitlab version to 7.3.2

* [Release] Bumped haproxy version to 5.2.2

* [Release] Bumped http_check version to 9.7.0

* [Release] Bumped hyperv version to 1.11.1

* [Release] Bumped iis version to 3.1.1

* [Release] Bumped impala version to 2.2.2

* [Release] Bumped istio version to 6.1.2

* [Release] Bumped kafka_consumer version to 4.5.0

* [Release] Bumped karpenter version to 1.4.1

* [Release] Bumped kong version to 3.2.2

* [Release] Bumped kubernetes_cluster_autoscaler version to 1.0.1

* [Release] Bumped linkerd version to 4.2.2

* [Release] Bumped mongo version to 6.7.0

* [Release] Bumped mysql version to 12.6.0

* [Release] Bumped nvidia_triton version to 1.2.2

* [Release] Bumped openmetrics version to 4.2.2

* [Release] Bumped postgres version to 19.0.0

* [Release] Bumped process version to 3.4.0

* [Release] Bumped pulsar version to 2.2.2

* [Release] Bumped rabbitmq version to 5.3.2

* [Release] Bumped ray version to 1.2.2

* [Release] Bumped redisdb version to 5.6.0

* [Release] Bumped scylla version to 2.7.2

* [Release] Bumped snowflake version to 5.7.0

* [Release] Bumped sqlserver version to 17.4.0

* [Release] Bumped strimzi version to 2.2.2

* [Release] Bumped tcp_check version to 4.9.0

* [Release] Bumped teamcity version to 4.3.0

* [Release] Bumped tekton version to 1.0.2

* [Release] Bumped temporal version to 2.2.2

* [Release] Bumped teradata version to 2.2.1

* [Release] Bumped tls version to 2.18.0

* [Release] Bumped torchserve version to 2.2.2

* [Release] Bumped traefik_mesh version to 1.0.1

* [Release] Bumped vault version to 4.2.1

* [Release] Bumped vsphere version to 7.6.0

* [Release] Bumped weaviate version to 2.3.3

* [Release] Bumped windows_performance_counters version to 2.1.1

* [Release] Bumped windows_service version to 4.9.1

* Allow pytest to return success when no tests are collected for flaky test suite (#17990)

* Manage no tests collected exit code 5 from pytest for flaky test suite
* Manage passing additional -m arguments to pytest in e2e test
* Avoid passing `all` to pytest (revert to initial state)

* Revert "Allow pytest to return success when no tests are collected for flaky test suite (#17990)"

This reverts commit dd5dd64.

* Update Logs Parsing rules for the Teleport Pipeline (#17955)

* make component name optional in the log prefix

* add two samples for missing component name logs

* update sample results

* [NDM][Cisco SD-WAN] Bold Cisco sdwan beta banner (#17941)

* Add Cisco sdwan beta banner

* trying smth

* bold

* Fixed the heat endpoint for the Openstack Controller (#17996)

* fixing the heat endpoint

* added a changelog

* addressed comments

* addressed comments

* lint

* kyverno setup (#17757)

* kyverno setup

* added python tests

* add tests

* ci sync

* validations

* changelog

* service checks

* validation

* validation

* sync ci

* lint

* ci sync

* classifier tags

* manifests

* clean up

---------

Co-authored-by: sguillen18 <seanguillen18@gmail.com>

* Enable manual triggering of dependency build & resolution (#17995)

* Enable manual triggering of dependency build & resolution

* Use default_branch instead of hardcoded branch name

Co-authored-by: Hugo Beauzée-Luyssen <hugo.beauzee@datadoghq.com>

---------

Co-authored-by: Hugo Beauzée-Luyssen <hugo.beauzee@datadoghq.com>

* Fix build-deps workflow yaml (#18002)

* Kyverno starting version should be 0.0.1 (#18001)

* [mongo] Properly handle the null value of waiting_for_latch in operation sampling (#17997)

* Release v1 of kyverno (#18005)

* [Release] Bumped kyverno version to 1.0.0

* [Release] Update metadata

* Emit dead/live toast rows as gauge (#18009)

* remove invalid filters (#18010)

* Sy/istio assets (#17998)

* WIP assets

* rec monitors

* rec monitors

* dash nits

* Update istio/assets/dashboards/overview.json

Co-authored-by: domalessi <111786334+domalessi@users.noreply.github.com>

* Update istio/assets/dashboards/overview.json

Co-authored-by: domalessi <111786334+domalessi@users.noreply.github.com>

* Update istio/assets/dashboards/overview.json

Co-authored-by: domalessi <111786334+domalessi@users.noreply.github.com>

---------

Co-authored-by: domalessi <111786334+domalessi@users.noreply.github.com>

* add default monitor for wincrashdetect (#18011)

* add default monitor for wincrashdetect

* review feedback

* missing field

* Update wincrashdetect/assets/monitors/windows_crash.json

Co-authored-by: May Lee <may.lee@datadoghq.com>

---------

Co-authored-by: May Lee <may.lee@datadoghq.com>

* Code Formatting Nit (#18012)

* Add tests for openmetrics counters (#18014)

- Confirm that we don't collect metrics that don't end in _total
- Confirm that forcing untyped metrics into counters works (see prev point tho)

* Remove SIT as code owners of checks downloader (#17992)

* remove SIT as code owners of checks downloader

the SIT team is not a core contributor to this software anymore

* remove Trishank as code owner

See #17992 (comment)

* Wrap pytest exit code to 0 when no tests are collected (#18003)

* Wrap pytest exit code to 0 when no tests are collected for flaky test suite as well as master
* Manage passing additional -m arguments to pytest in e2e test
* Pass `all` to pytest for e2e tests. 

By default e2e tests are checked for None as environment provided in command line args to set it to `all`. With additional args for pytest passed with `-m` flag, ddev cli misinterprets this as an environment name whereas it should be selecting `all` environments

* Rename classes to avoid pytest warnings (#18015)

Pytest tries to treat classes that start with 'Test' as tests. Helper class
names shouldn't start with 'Test' to avoid pytest complaining about them.

* [NDM] Add NDM metadata support for Cisco ACI (#17735)

* Add support for sending device metadata

* Add unit test for device metadata, update fixture

* Add license header, changelogs

* Lint

* First pass at submitting interface metadata, cleanup for test fixtures

* Fix for py2.7 support

* Try to fix imports

* Deal with pydantic stuff py2.7

* Allow namespace for Cisco ACI devices, static var for vendor

* Update device metadata to use the correct fieldname, add pydantic model for EvP intake

* Sync the conf.yaml example

* Add device type and integration to device metadata, fix ID field name

* Update interface statuses

* Deal with device status (use fabricSt)

* Update get_eth_list to get operStatus, update all tests and fixtures

* Amend docs for namespace

* Batch events sent to EvP

* Add interface status metric

* Only add to list for >py3.0

* Update default value for vendor, yield for batch events, use device type other

* Add source field to device metadata tags

* Add enums for interface status

* Use correct track type for NDM metadata

* Amend device id tag, collect timestamp ms -> s

* Add interface integration field

* More generic method to send EvP event

* Add docstring for the EvP method

* Update interface tagging, remove system_ip tag

* Fix linting for submit event platform event

* Use interface ID tags

* [LOGSC-1794] Change Logs assets file ownership to only Logs-backend (#17906)

* Move logs backend as only owner for logs asset files following incident 27749

* Make sure ownership is logs backend by being last item

* Remove use of python from process signatures (#18021)

* appset metric fix (#18018)

* appset metric fix

* changelogs

* Release base check (#18025)

* [Release] Bumped datadog_checks_base version to 36.10.0

* [Release] Update metadata

* Bump minimum base check version required. (#18028)

* [NDM] [Cisco ACI] Update dashboard (#17943)

* First pass to update Cisco ACI dashboard

* Add doc update suggestion to description

* Separate egress/ingress graphs, fix wrong metrics used

* add missing offering integration classifier tag to all listings (#18023)

* Add explanation to logs-only template (#18027)

* Finalize Agent release 7.55.0 (#18022)

Co-authored-by: steveny91 <steveny91@users.noreply.github.com>

* [datadog_cluster_agent] Add tagger and workloadmeta metrics (#18030)

* Add process signatures for vLLM (#17980)

* Add process signatures for vLLM

* fix manifest json

* feedback from processes team

* process sig as suggested by processes team

* enable public display for Traefik Mesh (#18032)

* [ecos 1459] Move all marketplace further reading readme sections to the manifest (#17721)

* Move all marketplace further reading readme sections to the manifest

* rerun script

* Update kafka/manifest.json

* Apply suggestions from code review

* Update openai/manifest.json

* Update snmp/manifest.json

* Update kafka/manifest.json

* Update spark/manifest.json

* re-run script

* Apply suggestions from code review

* Update voltdb/manifest.json

* Apply suggestions from code review

* Update voltdb/manifest.json

* Update snmp_f5/manifest.json

* Modify the indents of yaml in README.md (#17977)

* Add Network Path integration metadata (#17984)

Co-authored-by: Alicia Scott <aliciascott@users.noreply.github.com>

* Add network_path to codeowners (#18035)

* remove macOS support for network_path (#18034)

* [dbm] Handles group replication metrics for MySQL version < 8.0.2 (#18024)

* handle mysql group replication metrics for ver < 8.0.2

* updates tests

* renames vars, fixes tests

* adds changelog

* Add NDM as codeowners for Cisco ACI integration (#18036)

* Finalize Agent release 7.55.1 (#18040)

Co-authored-by: steveny91 <steveny91@users.noreply.github.com>

* vault ootb update (#18045)

* vault ootb update

* vault ootb update manifest

* Update vault_overview.json

* [mongo] Continue coll/index stats collection if user is not authorized to perform aggregation (#18044)

* Continue collection of coll stats if user is not authorized to perform collStats aggregation

* add changelog

* fix lint

* continue on index stats collection if user is not authorized

* update changelog

* Fix postgres extension settings collection (#18043)

* Improve log error for invalid ssl option in postgres config (#18047)

* minor fix (#18049)

* Sy/temporal fix (#18050)

* test fix

* changelog

* [NDM] [Cisco ACI] Add common NDM tags to metrics (#18017)

* Update interface status metric name to be more consistent with other metrics

* Add common NDM metric tags

* Add changelog

* Add missing common tags (device_id, device_hostname)

* [mongo] collect additional wiredtiger cache metrics (#18052)

* collect additional wiredtiger cache metrics

* add changelog

* Show descriptions of templates in ddev create help (#18039)

* Show descriptions of templates in ddev create help

* add changelog

* add more template descriptions

* Apply suggestions from code review

Co-authored-by: Bryce Eadie <bryce.eadie@datadoghq.com>

* Update datadog_checks_dev/datadog_checks/dev/tooling/templates/integration/tile/README.md

Co-authored-by: Bryce Eadie <bryce.eadie@datadoghq.com>

---------

Co-authored-by: Bryce Eadie <bryce.eadie@datadoghq.com>

* Add overview dashboard for vLLM (#17967)

* Add overview dashboard for vLLM

* Apply suggestions from code review

Co-authored-by: Heston Hoffman <heston.hoffman@datadoghq.com>

* Dashboard changes based on review

---------

Co-authored-by: Heston Hoffman <heston.hoffman@datadoghq.com>

* [NDM] [Cisco ACI] Update metrics metadata (#17981)

* Update metrics that have per second unit, update incorrect units

* Add new metric for interface status

* Update the port status metric to correspond to new name

* [Release] Bumped mongo version to 6.7.1 (#18061)

* Update vault_overview.json (#18055)

* Sy/om type override (#18054)

* Fix tests for openmetrics counter transformer

* Try dropping the '_total' restriction on metric samples

* add type override examples

* add test for type_override

* stricter test

* changelog

* remove f string

* remove f string

* spacing

* lint

* Update datadog_checks_base/changelog.d/18054.added

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

* Update datadog_checks_base/tests/base/checks/openmetrics/test_v2/test_transformers/test_type_override.py

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

* Update datadog_checks_base/tests/base/checks/openmetrics/test_v2/test_transformers/test_type_override.py

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

* Update datadog_checks_base/tests/base/checks/openmetrics/test_v2/test_transformers/test_type_override.py

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

* Update test_type_override.py

* lint

---------

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

* update cURL from 8.4.0 to 8.7.1 (#18064)

* [NDM] Pin pysmi version for breaking generate traps DB tests (#18066)

* Pin pysmi version for integration tests

* Add changelog

* Fix misspelled database name (#18068)

* [mongo] rename dbms from mongodb to mongo (#18067)

* rename dbms to mongo

* add changelog

* fix test

* rename ootb dashboard (#18051)

* rename ootb dashboard

* rename json

* rename json

* rename json

* Add validation for versions in __about__.py and CHANGELOG (#18063)

* Add validation for versions in __about__.py and CHANGELOG

* add changelog

* try fix for windows path

* fix the other paths for windows tests

* Update dependency resolution (#18065)

Co-authored-by: chouquette <chouquette@users.noreply.github.com>

* [Release] Bumped mongo version to 6.7.2 (#18076)

* make windows crash detection docs publi (#18074)

* Start validating version in CI (#18077)

* Start validating version in CI

* Fix changelogs and ignore ddev

* [AGENT-11701] Fix TeamCity Integration (#18041)

* Handle project without builds

* Add changelog

* Refactor code

* Add comment

* Fix

* Update teamcity/changelog.d/18041.fixed

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

---------

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

* Sy/kyverno patch (#18088)

* rename metric

* changelog

* tests

* [SIEMINT-42] DDS: Mimecast: Crawler Integration Without Assets (#17864)

* Add mimecast crawler integration with no assets

* corrected description.

* Adding stanza in CODEOWNERS for mimecast integration and minor fix.

* Adding integration in labeler.yml

* [mysql] revert default read_timeout (#18097)

* revert default read_timeout

* add changelog

* Add global custom queries feature for postgres (#17993)

* Add global custom queries for postgres

* Add changelog entry

* Update config models

* Update instance config model

* [Release] Bumped kyverno version to 1.0.1 (#18095)

* process signature (#18092)

* Add schema collection to mysql (#17916)

* Add schema collection to mysql

* add schemas

* Added test dbs and tables

* Added indexes

* Adding foreign keys

* Fix submitter

* add test change

* Added the main test

* revert typos

* fixed indexes

* Add params to queries

* added unit tests

* added flavor field

* Changed index_name to name

* Changed fkeys query

* Changed partition query

* Normalise f_keys columns

* Applied linter

* Fixed comments

* Applied linter

* Fixed example

* Added a changelog

* Moved changelog

* synced data model

* Added a test for enabled logic

* Renamed to database data

* Add databases data

* added the changelog

* Added fields to columns query

* added subpartitions as separate fields

* Add fields to the table query

* Improved columns query

* Added table name to the FK key query

* Removed cardinality from index query as its dynamic

* Improved exception handling

* Added the base table condition

* ordered columns in f_key

* Added index schema

* improved partitions data

* fixed columns

* Applied linter

* Normalized tests

* Applied linter

* Fix tests for group

* Fixed for MariaDB

* Fixed tests for mariaDB

* update cisco sdwan monitor tags (#18102)

* [SIEMINT-69] DDS: Cisco Secure Endpoint: Crawler Integration Without Assets (#17865)

* Add Cisco Secure Endpoint Crawler Code with no assets

* Updated manifest.json

* Updated source_type_name in manifest

* Added CODEOWNERS for cisco secure endpoint

* Updated labeler.yml

* Updated as per PR comment

* Made changes in changelog file

---------

Co-authored-by: Ankita Rajput <ankita.rajput@CDSYS.LOCAL>
Co-authored-by: Nathan Adams <nathan.adams@datadoghq.com>

* SDBM-1074: Update sqlserver_db_not_sync.json (#18103)

* SDBM-1074: Update sqlserver_db_not_sync.json

Adjusting the description based on customer feedback

* Update sqlserver/assets/monitors/sqlserver_db_not_sync.json

Co-authored-by: Seth Samuel <seth.samuel@datadoghq.com>

---------

Co-authored-by: Seth Samuel <seth.samuel@datadoghq.com>

* Add Further Reading links (#18096)

* Add Further Reading link

* Add links

* Fix crash when no pg_stat_statements (#18081)

* recommended monitor (#18089)

* recommended monitor

* Update kyverno/assets/monitors/controller_drops.json

Co-authored-by: Esther Kim <esther.kim@datadoghq.com>

* Update kyverno/assets/monitors/controller_drops.json

Co-authored-by: Esther Kim <esther.kim@datadoghq.com>

---------

Co-authored-by: Esther Kim <esther.kim@datadoghq.com>

* [DOCS-7701] readme improvements for Istio and Aerospike (#18013)

* ad updates

* Apply suggestions from code review

Co-authored-by: Bryce Eadie <bryce.eadie@datadoghq.com>

* Update README.md

---------

Co-authored-by: Bryce Eadie <bryce.eadie@datadoghq.com>

* saved views (#18100)

* Update README.md (#18110)

* Initial feedback for vLLM dashboard (#18105)

* Initial feedback for vLLM dashboard

* Apply suggestions from code review

Co-authored-by: May Lee <may.lee@datadoghq.com>

* add description for process section

---------

Co-authored-by: May Lee <may.lee@datadoghq.com>

* Port releases for rc7 of 7.56 to master (#18114)

* [Release] Bumped mysql version to 12.6.1

* [Release] Bumped openstack_controller version to 6.8.1

* Update README.md (#18115)

* [SIEMINT-40] DDS: Sophos Central Cloud: Crawler Integration Without Assets (#17866)

* Add sophos central cloud crawler integration with no assets

* Adding description in menifest file.

* Adding stanza in CODEOWNERS.

* Fix source type name suggestion

* Update README.md (#18116)

* Update ECS Fargate about potential billing impact related to setting DD_HOSTNAME (#18031)

* added section to enable default metrics through jmxfetch

* update dd_hostname warning to include note about billing impact

* Update ecs_fargate/README.md

Co-authored-by: Alicia Scott <aliciascott@users.noreply.github.com>

---------

Co-authored-by: Alicia Scott <aliciascott@users.noreply.github.com>

* Fix integration dashboard json file name (cisco_secure_firewall/assets/dashboards/cisco_secure_firewall_threat_detection.json) (#18124)

* fixing space in file name

* modifying manifest

* Readd the API Key installation instructions (#18106)

* Readd the API Key installation instructions

* Remove links inside tabs

* Apply suggestions from code review

Co-authored-by: May Lee <may.lee@datadoghq.com>

---------

Co-authored-by: May Lee <may.lee@datadoghq.com>

* DDS: Palo Alto Cortex XDR: Crawler Integration Without Assets (#18107)

* Add palo alto cortex xdr integration with no asset

* Updated manifest file

* Made changes in title

* Removed angle brackets

---------

Co-authored-by: surabhipatel_crest <surabhi.patel@crestdatasys.com>
Co-authored-by: ravindrasojitra-crest <ravindra.sojitra@crestdata.ai>

* Minor change

* change logo of the integration.

* remove angle braces to fix integration sync issues (#18109)

* Finalize Agent release 7.55.2 (#18079)

Co-authored-by: steveny91 <steveny91@users.noreply.github.com>

* Log warning when failing to parse openmetrics response (#17514)

* Include input line in openmetrics parsing error

* Add changelog entry

---------

Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>

* [NDM] [Cisco ACI] Add config flag for enabling sending metadata to NDM (#18099)

* Add the enable_ndm flag

* Check the flag is true before creating metadata and sending to NDM intake

* Always forget the changelog

* Rename config flag to send_ndm_metadata

* Refactor to use new flag name, helper fn to check to send NDM metadata

* Updated Dashboards

* Resolve Merge Conflicts.

* Resolve merge conflicts.

* Adding offering tag.

* Resolve merge conflicts.

* Updated dashboard design

* Updated new dashboard images

* Addressed minor review comment

---------

Co-authored-by: surabhipatel_crest <surabhi.patel@crestdatasys.com>
Co-authored-by: Alex Weisberger <alex.weisberger@datadoghq.com>
Co-authored-by: Zhengda Lu <zhengda.lu@datadoghq.com>
Co-authored-by: Anthonin Bonnefoy <anthonin.bonnefoy@datadoghq.com>
Co-authored-by: HadhemiDD <43783545+HadhemiDD@users.noreply.github.com>
Co-authored-by: agent-platform-auto-pr[bot] <153269286+agent-platform-auto-pr[bot]@users.noreply.github.com>
Co-authored-by: iliakur <iliakur@users.noreply.github.com>
Co-authored-by: vivek-datadog <131680079+vivek-datadog@users.noreply.github.com>
Co-authored-by: Vivekanand Ilango <vivekanand.ilango@datadoghq.com>
Co-authored-by: Ilia Kurenkov <ilia.kurenkov@datadoghq.com>
Co-authored-by: Boris Kozlov <kozlovb82@yahoo.fr>
Co-authored-by: NouemanKHAL <noueman.khalikine@datadoghq.com>
Co-authored-by: Thibaud Cheruy <thibaud.cheruy@datadoghq.com>
Co-authored-by: rahulkaukuntla <144174402+rahulkaukuntla@users.noreply.github.com>
Co-authored-by: Steven Yuen <steven.yuen@datadoghq.com>
Co-authored-by: sguillen18 <seanguillen18@gmail.com>
Co-authored-by: Alex Lopez <alex.lopez.zorzano@gmail.com>
Co-authored-by: Hugo Beauzée-Luyssen <hugo.beauzee@datadoghq.com>
Co-authored-by: domalessi <111786334+domalessi@users.noreply.github.com>
Co-authored-by: Derek Brown <derek.brown@datadoghq.com>
Co-authored-by: May Lee <may.lee@datadoghq.com>
Co-authored-by: Austin Lai <76412946+alai97@users.noreply.github.com>
Co-authored-by: Cédric Van Rompay <97546950+cedricvanrompay-datadog@users.noreply.github.com>
Co-authored-by: zoe ✨ <9274242+zoedt@users.noreply.github.com>
Co-authored-by: Thibault Krebs <150821137+thibaultkrebs@users.noreply.github.com>
Co-authored-by: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com>
Co-authored-by: bgoldberg122 <ben.goldberg@datadoghq.com>
Co-authored-by: datadog-agent-integrations-bot[bot] <159767151+datadog-agent-integrations-bot[bot]@users.noreply.github.com>
Co-authored-by: steveny91 <steveny91@users.noreply.github.com>
Co-authored-by: David Ortiz <david.ortiz@datadoghq.com>
Co-authored-by: Kyle Neale <kyle.neale@datadoghq.com>
Co-authored-by: taromn <54003207+taromn@users.noreply.github.com>
Co-authored-by: Alexandre Yang <alexandre.yang@datadoghq.com>
Co-authored-by: Alicia Scott <aliciascott@users.noreply.github.com>
Co-authored-by: Alex Torres <alejandro.torres@datadoghq.com>
Co-authored-by: Seth Samuel <seth.samuel@datadoghq.com>
Co-authored-by: Bryce Eadie <bryce.eadie@datadoghq.com>
Co-authored-by: Heston Hoffman <heston.hoffman@datadoghq.com>
Co-authored-by: Jen Gilbert <jen.gilbert@datadoghq.com>
Co-authored-by: chouquette <chouquette@users.noreply.github.com>
Co-authored-by: Shanel Huang <shanel.huang@datadoghq.com>
Co-authored-by: dkirov-dd <166512750+dkirov-dd@users.noreply.github.com>
Co-authored-by: ravindrasojitra-crest <ravindra.sojitra@crestdata.ai>
Co-authored-by: Raj Madhaiyan <rajkamalhm@gmail.com>
Co-authored-by: ankitarajput-crest <ankita.rajput@crestdata.ai>
Co-authored-by: Ankita Rajput <ankita.rajput@CDSYS.LOCAL>
Co-authored-by: Nathan Adams <nathan.adams@datadoghq.com>
Co-authored-by: pierreln-dd <144696725+pierreln-dd@users.noreply.github.com>
Co-authored-by: Esther Kim <esther.kim@datadoghq.com>
Co-authored-by: cecilia saixue watt <cecilia.watt@datadoghq.com>
Co-authored-by: Heather Dinh <44285485+hdinh77@users.noreply.github.com>
Co-authored-by: Kirolos Shahat <kashahat@gmail.com>
Co-authored-by: Tommy Brunn <tommy.brunn@gmail.com>

Author: 50 people

palo_alto_cortex_xdr/README.md

@@ -1,42 +1,75 @@
-# Agent Check: palo_alto_cortex_xdr
+# Palo Alto Cortex XDR Integration For Datadog
 
 ## Overview
 
-This check monitors [Palo Alto Cortex XDR][1].
+[Palo Alto Cortex XDR][1] is a comprehensive detection and response platform that provides advanced threat protection across endpoints, networks, and cloud environments. It integrates endpoint protection, network security, and analytics to offer real-time visibility and response capabilities and combat sophisticated cyber threats effectively.
 
-## Setup
+This integration ingests the following logs:
+
+- Incident
+- Alert
 
-### Installation
+The Palo Alto Cortex XDR integration seamlessly collect the data of Palo Alto Cortex XDR logs using REST APIs.
+Before ingesting the data, it normalizes and enriches the logs, ensuring a consistent data format and enhancing information content for downstream processing and analysis. The integration provides insights into incidents and alerts using out-of-the-box dashboards.
 
-The Palo Alto Cortex XDR check is included in the [Datadog Agent][2] package.
-No additional installation is needed on your server.
+## Setup
 
 ### Configuration
 
-1. List of steps to configure this integration
+#### Get Credentials of Palo Alto Cortex XDR
+
+#### Steps to create API key
+
+1. Sign into your **Palo Alto Cortex XDR** instance.
+2. Navigate to **Settings** > **Configurations** > **Integrations** > **API Keys**.
+3. Click on **New Key**.
+4. Choose the type of API key based on your desired security level, **Advanced** or **Standard**.
+5. If you want to define a time limit on the API key authentication, check **Enable Expiration Date**, and then select the **expiration date and time**. Navigate to **Settings** > **Configurations** > **Integrations** > **API Keys** to track the **Expiration Time** setting for each API key.
+6. Provide a comment that describes the purpose for the API key, if desired.
+7. Select the desired level of access for this key from existing **Roles**, or you can select **Custom** to set the permissions granularly.
+8. Click **Generate** to generate the API key.
+9. Copy the API key, and then click **Done**. This value represents your unique **Authorization:{key}**
+
+#### Steps to get Cortex XDR API Key ID
+
+1. In the API Keys table, locate the ID field.
+2. Note your corresponding ID number. This value represents the **x-xdr-auth-id:{key_id}** token.
+
+#### Steps to get FQDN
 
-### Validation
+1. Right-click your API key and select **View Examples**.
+2. Copy the **CURL Example** URL. The example contains your unique **FQDN**.
 
-Steps to validate integration is functioning as expected
+#### Palo Alto Cortex XDR DataDog Integration Configuration
+
+Configure the Datadog endpoint to forward Palo Alto Cortex XDR logs to Datadog.
+
+1. Navigate to `Palo Alto Cortex XDR`.
+2. Add your Palo Alto Cortex XDR credentials.
+
+| Palo Alto Cortex XDR Parameters | Description  |
+| ------------------------------- | ------------ |
+| API key                         | The API key from Palo Alto Cortex XDR. |
+| API Key ID                      | The auth id from Palo Alto Cortex XDR. |
+| FQDN                            | The FQDN from Palo Alto Cortex XDR. It is the `baseUrl` part of `baseUrl/public_api/v1/{name of api}/{name of call}/` |
 
 ## Data Collected
 
-### Metrics
+### Logs
 
-The Palo Alto Cortex XDR integration does not include any metrics.
+The Palo Alto Cortex XDR integration collects and forwards Palo Alto Cortex XDR Incident and alert logs to Datadog.
 
-### Service Checks
+### Metrics
 
-The Palo Alto Cortex XDR integration does not include any service checks.
+The Palo Alto Cortex XDR integration does not include any metrics.
 
 ### Events
 
 The Palo Alto Cortex XDR integration does not include any events.
 
-## Troubleshooting
+## Support
 
-Need help? Contact [Datadog support][3].
+For further assistance, contact [Datadog Support][2].
 
-[1]: **LINK_TO_INTEGRATION_SITE**
-[2]: https://app.datadoghq.com/account/settings#agent
-[3]: https://docs.datadoghq.com/help/
+[1]: https://docs-cortex.paloaltonetworks.com/p/XDR
+[2]: https://docs.datadoghq.com/help/