Skip to content

Commit 4ce865e

Browse files
[AI-5281] Barracuda Secure Edge Integration PR (DataDog#20423)
* Barracuda Secure Edge Integration PR * description line lenght * updated metric id in logs files * added conf.yml using -s and removed metadata * resolved CI checks * updated images and tests * udpated changelog.d file name * updated images * updated images * Updated tests * updated path of facets * updated and added all test cases * updated readme * reverted line lenght * updated README * updated README * added test * added test case * description length check * added fresh test cases * added filters for source and service in tests * tests updated * changed tags for auth * added filters for tests * added tests new * added tests new * added test cases * resolved linitng issues * refined auth parsing rules * bypassing parsing logs * updated GROK syntax * updated test yaml * updated test cases * seperated rules * added test results * added the logo * updated nested pipeline and tags * added test results * updated on types based on tags * updated dashboard * udpated source * added test results * addressed review comments * updated dashboard banner image to light and dark * updated dashbaord groups, readme, specs * udpated conf file * Added dashboard images for light and dark * added dashboard images
1 parent 80aa64d commit 4ce865e

17 files changed

Lines changed: 3662 additions & 0 deletions

File tree

.github/CODEOWNERS

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -630,6 +630,11 @@ plaid/assets/logs/ @DataDog/saa
630630
/beyondtrust_identity_security_insights/manifest.json @DataDog/saas-integrations @DataDog/documentation
631631
/beyondtrust_identity_security_insights/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend
632632

633+
/barracuda_secure_edge/ @DataDog/agent-integrations
634+
/barracuda_secure_edge/*.md @DataDog/agent-integrations @DataDog/documentation
635+
/barracuda_secure_edge/manifest.json @DataDog/agent-integrations @DataDog/documentation
636+
/barracuda_secure_edge/assets/logs/ @DataDog/agent-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core
637+
633638
/klaviyo/ @DataDog/saas-integrations
634639
/klaviyo/*.md @DataDog/saas-integrations @DataDog/documentation
635640
/klaviyo/manifest.json @DataDog/saas-integrations @DataDog/documentation

.github/workflows/config/labeler.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -777,6 +777,8 @@ integration/zerofox_cloud_platform:
777777
- zerofox_cloud_platform/**/*
778778
integration/zk:
779779
- zk/**/*
780+
integration/barracuda_secure_edge:
781+
- barracuda_secure_edge/**/*
780782
integration/cloudgen_firewall:
781783
- cloudgen_firewall/**/*
782784
qa/skip-qa:

barracuda_secure_edge/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# CHANGELOG - barracuda_secure_edge
2+
3+
<!-- towncrier release notes start -->
4+

barracuda_secure_edge/README.md

Lines changed: 109 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
# Agent Integration: barracuda_secure_edge
2+
3+
## Overview
4+
5+
Barracuda Secure Edge is a unified Secure Access Service Edge (SASE) platform that includes Next-Generation Firewall (NGFW), zero trust, and secure Software-Defined Wide Area Network (SD-WAN) capabilities. This integration allows you to collect and analyze logs from your [barracuda_secure_edge][4] deployment to monitor security events, network traffic, and system activity.
6+
7+
## Setup
8+
1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the `datadog.yaml` with:
9+
10+
```yaml
11+
logs_enabled: true
12+
```
13+
2. Add this configuration block to your `secure_edge.d/conf.yaml` file to start collecting your SecureEdge logs:
14+
15+
```yaml
16+
logs:
17+
- type: file
18+
path: /var/log/log_type.log
19+
source: barracuda_secure_edge
20+
service: <SERVICE_NAME>
21+
tags:
22+
- log_component:tag_component_name
23+
- type: file
24+
path: /var/logs/other_log_type.log
25+
source: barracuda_secure_edge
26+
service: <SERVICE_NAME>
27+
tags:
28+
- log_component:other_tag_component_name
29+
```
30+
31+
Change the `path` and `service` parameter values for your environment. Define multiple file sources in the configuration file as shown above. For each of the file sources, pre-defined tag needs to be added to those logs as follows:
32+
33+
```
34+
- box_Auth_access -> log_component:auth
35+
- box_Event_eventS, box_Event_operative -> log_component:system
36+
- box_Config_admin, box_Config_changes, box_Config_sync, box_Control_admin, box_Control_AuthService -> log_component:admin
37+
- box_Firewall, box_Firewall_Activity -> log_component:firewall
38+
- box_Network_dhcp -> log_component:dhcp
39+
- box_Network_activation -> log_component:network
40+
- box_System_mgmaccess -> log_component:access
41+
- box_SSH_sshd, box_SSH_config -> log_component:ssh
42+
- srv_CSC_VPN, srv_CSC_VPN_sslvpn -> log_component:vpn
43+
```
44+
45+
3. [Restart the Agent][3].
46+
47+
### Installation
48+
49+
The barracuda_secure_edge check is included in the [Datadog Agent][2] package.
50+
51+
### Prerequisites
52+
53+
1. Administrative access to Barracuda Secure Edge installed on your server.
54+
2. The Datadog Agent installed and running (on a server or container that can receive syslog messages).
55+
3. Network Access between the firewall and the Datadog Agent (usually port 514, but may be a custom value).
56+
4. Syslog support enabled in the Datadog Agent (with a TCP or UDP listener configured).
57+
58+
### Validation
59+
60+
1. Confirm the Datadog Agent is listening on the correct port (`514` in the following examples):
61+
62+
`sudo netstat -tunlp | grep 514`
63+
64+
If using TCP and UDP listeners, use the following command:
65+
66+
`sudo lsof -i :514`
67+
68+
2. Confirm logs are reaching the Agent from the correct log source:
69+
70+
`tail -f /var/phion/logs/*.log`
71+
72+
**Note**: If the file doesn't exist, verify that syslog logs are being written by your configuration.
73+
74+
3. Use the tcpdump command to confirm network traffic on the Datadog Agent host:
75+
76+
`sudo tcpdump -i any port 514`
77+
78+
After running this command, you should see traffic from the Secure Edge IP address. If you don't see any such traffic, check the firewall rules between Secure Edge and the Datadog Agent. Confirm the correct protocol (UDP or TCP) is being used on both sides.
79+
4. Check the Datadog [Live Tail][5] for logs from the source and service you defined in the `conf.yaml` file.
80+
5. After following these steps, you can create a test log on the firewall by triggering an event.
81+
6. Check for tags or facets to use for better filtering based on the required data.
82+
83+
## Data Collected
84+
85+
### Metrics
86+
87+
The Barracuda_Secure_Edge integration does not include any metrics.
88+
89+
### Logs
90+
The Barracuda Secure Edge integration collects logs containing the following types of information:
91+
- **Security Events**: Firewall actions (allow/deny), rule matches, and security policy violations
92+
- **Network Traffic**: Source and destination IPs/ports, protocols, and network interfaces
93+
- **Authentication**: User login attempts, successes, and failures
94+
- **VPN Activity**: VPN connection events and status
95+
- **System Events**: Device status, configuration changes, and system health
96+
97+
### Events
98+
The Barracuda Secure Edge integration does not include any events.
99+
100+
101+
## Troubleshooting
102+
103+
Need help? Contact [Datadog support][1].
104+
105+
[1]: https://docs.datadoghq.com/help/
106+
[2]: /account/settings/agent/latest
107+
[3]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent
108+
[4]: https://www.barracuda.com/products/network-protection/secureedge
109+
[5]: /logs/livetail
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
name: barracuda_secure_edge
2+
files:
3+
- name: barracuda_secure_edge.yaml
4+
options:
5+
- template: logs
6+
example:
7+
- type: file
8+
path: /var/phion/logs/box_Auth_access.log
9+
service: auth
10+
source: barracuda_secure_edge
11+
tags:
12+
- log_component:auth

0 commit comments

Comments
 (0)