[pull] master from DataDog:master

.github/CODEOWNERS

@@ -597,6 +597,11 @@ plaid/assets/logs/                                                  @DataDog/saa
 /bitwarden/manifest.json                                             @DataDog/saas-integrations @DataDog/documentation
 /bitwarden/assets/logs/                                              @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-integrations-reviewers
 
+/beyondtrust_identity_security_insights/                             @DataDog/saas-integrations
+/beyondtrust_identity_security_insights/*.md                         @DataDog/saas-integrations @DataDog/documentation
+/beyondtrust_identity_security_insights/manifest.json                @DataDog/saas-integrations @DataDog/documentation
+/beyondtrust_identity_security_insights/assets/logs/                 @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend
+
 /klaviyo/                                                            @DataDog/saas-integrations
 /klaviyo/*.md                                                        @DataDog/saas-integrations @DataDog/documentation
 /klaviyo/manifest.json                                               @DataDog/saas-integrations @DataDog/documentation

.github/workflows/config/labeler.yml

@@ -85,6 +85,8 @@ integration/azure_active_directory:
 - azure_active_directory/**/*
 integration/azure_iot_edge:
 - azure_iot_edge/**/*
+integration/beyondtrust_identity_security_insights:
+- beyondtrust_identity_security_insights/**/*
 integration/beyondtrust_password_safe:
 - beyondtrust_password_safe/**/*
 integration/bitdefender:

airflow/assets/logs/airflow.yaml

@@ -1,3 +1,5 @@
+# bypass-global-grok-parser-rules-checks
+# bypass-global-facets-path-checks
 id: airflow
 metric_id: airflow
 backend_only: false

ambari/assets/logs/ambari.yaml

@@ -1,3 +1,4 @@
+# bypass-global-grok-parser-rules-checks
 id: ambari
 metric_id: ambari
 backend_only: false

aws_neuron/assets/logs/aws_neuron.yaml

@@ -1,3 +1,4 @@
+# bypass-global-missing-date-remapper-checks
 id: aws_neuron
 metric_id: aws-neuron
 backend_only: false

azure_active_directory/assets/logs/azure.activedirectory.yaml

@@ -1,3 +1,4 @@
+# bypass-global-facets-path-checks
 id: azure.activedirectory
 metric_id: azure-active-directory
 backend_only: false

azure_iot_edge/assets/logs/azure.iot_edge.yaml

@@ -1,3 +1,4 @@
+# bypass-global-facets-path-checks
 id: azure.iot_edge
 metric_id: azure-iot-edge
 backend_only: false

beyondtrust_identity_security_insights/CHANGELOG.md

@@ -0,0 +1,7 @@
+# CHANGELOG - beyondtrust-identity-security-insights
+
+## 1.0.0 / 2025-07-01
+
+***Added***:
+
+* Initial Release

beyondtrust_identity_security_insights/README.md

@@ -0,0 +1,71 @@
+# BeyondTrust Identity Security Insights
+
+## Overview
+
+[BeyondTrust Identity Security Insights][1] is a web-based application designed to enhance identity protection. It connects BeyondTrust products and third-party services to automatically scan for associated accounts and track your organization's identities.
+
+Integrate BeyondTrust Identity Security Insights with Datadog's pre-built dashboard visualizations to gain insights into detection logs. With Datadog's built-in log pipelines, you can parse and enrich these logs to facilitate easy search and detailed insights.
+
+This integration also includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security. These Cloud SIEM rules can be used with [Datadog Workflow Automation][5] to orchestrate and automate your end-to-end processes with OOTB Workflow Blueprints.
+
+## Setup
+
+### Configuration
+
+#### Webhook Configuration
+
+Configure the Datadog endpoint to forward BeyondTrust Identity Security Insights detections as logs to Datadog.
+
+1. Copy the generated URL inside the **Configuration** tab on the Datadog [BeyondTrust Identity Security Insights][2] tile.
+2. Sign in to [BeyondTrust Identity Security Insights Portal][3].
+3. Go to **Insights > Integrations** from the top left side main menu.
+4. Click **Webhooks**.
+5. Click **Create Integration**.
+6. Provide the following details:  
+   - **Webhook Name**: Enter your desired name for this webhook.  
+   - **Webhook URL**: Enter the endpoint URL that you generated in step 1.  
+   - **Authorization Type**: Select `None`  
+   - **Webhook Template**: Enter the JSON object below, which represents the information sent from Insights,  
+        ```json
+        {
+            "incidentId": "%%incidentId%%",
+            "tenantId": "%%tenantId%%",
+            "incidentType":"%%incidentType%%",
+            "severity":"%%severity%%",
+            "definitionId":"%%definitionId%%",
+            "definitionSummary":"%%definitionSummary%%",
+            "source":"%%source%%",
+            "location":"%%location%%",
+            "entityType":"%%entityType%%",
+            "entityName":"%%entityName%%",
+            "timestamp": "%%timestamp%%",
+            "link": "%%link%%"
+        }
+        ```
+    - **Send detections automatically?**: Select the checkbox to send detections automatically.
+    - **Severity**: select all four options (`Critical`, `High`, `Moderate`, and `Low`).
+    - Click **Create Integration**.
+
+## Data Collected
+
+### Logs
+
+The BeyondTrust Identity Security Insights integration collects and forwards Detections logs to Datadog.
+
+### Metrics
+
+The BeyondTrust Identity Security Insights integration does not include any metrics.
+
+### Events
+
+The BeyondTrust Identity Security Insights integration does not include any events.
+
+## Support
+
+For any further assistance, contact [Datadog support][4].
+
+[1]: https://www.beyondtrust.com/products/identity-security-insights
+[2]: /integrations/beyondtrust-identity-security-insights
+[3]: https://login.beyondtrust.io/signin/signIn
+[4]: https://docs.datadoghq.com/help/
+[5]: https://docs.datadoghq.com/actions/workflows/