├── README.md └── contrast_security_protect.json /README.md: -------------------------------------------------------------------------------- 1 | ## Contrast Security - Protect ScreenBoard for DataDog 2 | 3 | ### Set up Contrast Protect logs collection 4 | 5 | You need to enable logs collection for Datadog Agent in `~/.datadog-agent/datadog.yaml` on other paltforms, please find the location of your config file [here](https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6): 6 | ``` 7 | logs_enabled: true 8 | ``` 9 | 10 | * Create a new folder `java.d` in the `conf.d/` directory of DataDog configuration directory. 11 | * Create a new conf.yaml file. 12 | * Add a custom log collection configuration group. 13 | ``` 14 | logs: 15 | - type: file 16 | path: /path/to/contrast/security.log 17 | service: contrast 18 | source: java 19 | ``` 20 | 21 | * Restart DataDog Agent. 22 | 23 | More info: https://docs.datadoghq.com/logs/log_collection/?tab=tailexistingfiles#getting-started-with-the-agent 24 | 25 | ### Create a Logs Processing Pipeline 26 | 27 | * Create a new pipeline in DataDog dashboard (Logs -> Configuration - > New Pipeline) 28 | * Expand the new pipeline and click Add Processor 29 | * Add a Grok Parser to the pipeline with the following parsing rule 30 | ``` 31 | ContrastSecurityLogRule %{data:data}pri=%{data:pri} src=%{ip:src} spt=%{number:spt} request=%{data:request} requestMethod=%{word:requestMethod} app=%{data:app} outcome=%{word:outcome} 32 | ``` 33 | 34 | ### Import Contrast Dashboard into DataDog 35 | Your API key and Application keys can be found in Integrations -> APIs 36 | 37 | ```bash 38 | api_key=YOUR_API_KEY 39 | app_key=YOUR_APPLICATION_KEY 40 | 41 | curl -X POST -H "Content-type: application/json" -d @contrast_security_protect.json "https://api.datadoghq.com/api/v1/dashboard?api_key=${api_key}&application_key=${app_key}" 42 | ``` 43 | 44 | More info: https://docs.datadoghq.com/api/?lang=bash#create-a-dashboard 45 | -------------------------------------------------------------------------------- /contrast_security_protect.json: -------------------------------------------------------------------------------- 1 | { 2 | "title": "Contrast Security - Protect", 3 | "widgets": [ 4 | { 5 | "definition": { 6 | "logset": "17533", 7 | "title_size": "16", 8 | "title": "Attack logs", 9 | "title_align": "left", 10 | "time": { 11 | "live_span": "1w" 12 | }, 13 | "query": "", 14 | "type": "log_stream", 15 | "columns": [ 16 | "core_host", 17 | "core_service", 18 | "log_app", 19 | "log_src", 20 | "log_rule", 21 | "log_result" 22 | ] 23 | }, 24 | "layout": { 25 | "y": 18, 26 | "x": 46, 27 | "width": 91, 28 | "height": 47 29 | } 30 | }, 31 | { 32 | "definition": { 33 | "title_size": "16", 34 | "title": "Attacks by Rule", 35 | "title_align": "left", 36 | "time": { 37 | "live_span": "1mo" 38 | }, 39 | "requests": [ 40 | { 41 | "conditional_formats": [], 42 | "style": { 43 | "palette": "dog_classic" 44 | }, 45 | "log_query": { 46 | "index": "main", 47 | "search": { 48 | "query": "" 49 | }, 50 | "group_by": [ 51 | { 52 | "facet": "@pri", 53 | "limit": 10 54 | } 55 | ], 56 | "compute": { 57 | "aggregation": "count" 58 | } 59 | } 60 | } 61 | ], 62 | "type": "toplist" 63 | }, 64 | "layout": { 65 | "y": 2, 66 | "x": 46, 67 | "width": 45, 68 | "height": 15 69 | } 70 | }, 71 | { 72 | "definition": { 73 | "title_size": "16", 74 | "title": "Attacks by Application", 75 | "title_align": "left", 76 | "time": { 77 | "live_span": "1mo" 78 | }, 79 | "requests": [ 80 | { 81 | "conditional_formats": [], 82 | "style": { 83 | "palette": "dog_classic" 84 | }, 85 | "log_query": { 86 | "index": "main", 87 | "search": { 88 | "query": "" 89 | }, 90 | "group_by": [ 91 | { 92 | "facet": "@app", 93 | "limit": 10 94 | } 95 | ], 96 | "compute": { 97 | "aggregation": "count" 98 | } 99 | } 100 | } 101 | ], 102 | "type": "toplist" 103 | }, 104 | "layout": { 105 | "y": 2, 106 | "x": 92, 107 | "width": 45, 108 | "height": 15 109 | } 110 | }, 111 | { 112 | "definition": { 113 | "title_size": "16", 114 | "title": "Attacks by Result", 115 | "title_align": "left", 116 | "time": { 117 | "live_span": "1mo" 118 | }, 119 | "requests": [ 120 | { 121 | "conditional_formats": [], 122 | "style": { 123 | "palette": "dog_classic" 124 | }, 125 | "log_query": { 126 | "index": "main", 127 | "search": { 128 | "query": "" 129 | }, 130 | "group_by": [ 131 | { 132 | "facet": "@outcome", 133 | "limit": 10 134 | } 135 | ], 136 | "compute": { 137 | "aggregation": "count" 138 | } 139 | } 140 | } 141 | ], 142 | "type": "toplist" 143 | }, 144 | "layout": { 145 | "y": 2, 146 | "x": 0, 147 | "width": 45, 148 | "height": 15 149 | } 150 | }, 151 | { 152 | "definition": { 153 | "title_size": "16", 154 | "title": "Rules", 155 | "title_align": "left", 156 | "show_legend": false, 157 | "time": { 158 | "live_span": "1mo" 159 | }, 160 | "requests": [ 161 | { 162 | "style": { 163 | "line_width": "normal", 164 | "palette": "dog_classic", 165 | "line_type": "solid" 166 | }, 167 | "display_type": "bars", 168 | "log_query": { 169 | "index": "main", 170 | "search": { 171 | "query": "" 172 | }, 173 | "group_by": [ 174 | { 175 | "facet": "@pri", 176 | "limit": 10 177 | } 178 | ], 179 | "compute": { 180 | "aggregation": "count" 181 | } 182 | } 183 | } 184 | ], 185 | "type": "timeseries", 186 | "legend_size": "0" 187 | }, 188 | "layout": { 189 | "y": 18, 190 | "x": 0, 191 | "width": 45, 192 | "height": 15 193 | } 194 | }, 195 | { 196 | "definition": { 197 | "title_size": "16", 198 | "title": "Applications", 199 | "title_align": "left", 200 | "show_legend": false, 201 | "time": { 202 | "live_span": "1mo" 203 | }, 204 | "requests": [ 205 | { 206 | "style": { 207 | "line_width": "normal", 208 | "palette": "dog_classic", 209 | "line_type": "solid" 210 | }, 211 | "display_type": "bars", 212 | "log_query": { 213 | "index": "main", 214 | "search": { 215 | "query": "" 216 | }, 217 | "group_by": [ 218 | { 219 | "facet": "@app", 220 | "limit": 10 221 | } 222 | ], 223 | "compute": { 224 | "aggregation": "count" 225 | } 226 | } 227 | } 228 | ], 229 | "type": "timeseries", 230 | "legend_size": "0" 231 | }, 232 | "layout": { 233 | "y": 34, 234 | "x": 0, 235 | "width": 45, 236 | "height": 15 237 | } 238 | }, 239 | { 240 | "definition": { 241 | "title_size": "16", 242 | "title": "Results", 243 | "title_align": "left", 244 | "show_legend": false, 245 | "time": { 246 | "live_span": "1mo" 247 | }, 248 | "requests": [ 249 | { 250 | "style": { 251 | "line_width": "normal", 252 | "palette": "dog_classic", 253 | "line_type": "solid" 254 | }, 255 | "display_type": "bars", 256 | "log_query": { 257 | "index": "main", 258 | "search": { 259 | "query": "" 260 | }, 261 | "group_by": [ 262 | { 263 | "facet": "@outcome", 264 | "limit": 10 265 | } 266 | ], 267 | "compute": { 268 | "aggregation": "count" 269 | } 270 | } 271 | } 272 | ], 273 | "type": "timeseries", 274 | "legend_size": "0" 275 | }, 276 | "layout": { 277 | "y": 50, 278 | "x": 0, 279 | "width": 45, 280 | "height": 15 281 | } 282 | } 283 | ], 284 | "layout_type": "free" 285 | } --------------------------------------------------------------------------------