Skip to content

[SAASINT-4032] DDS: DNSFilter: Crawler Integration v1.0.0 #20384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

[SAASINT-4032] DDS: DNSFilter: Crawler Integration v1.0.0 #20384

wants to merge 8 commits into from

Conversation

manan-crest
Copy link
Contributor

@manan-crest manan-crest commented May 27, 2025
edited
Loading

What does this PR do?

This is a initial release PR of DNSFilter integration including all the required assets.

Motivation

  • Crawler code for this integration has been committed in its respective repository.
  • Pipeline and Facet group created for this integration are available in our sandbox and would be shared separately with the required teams.
  • Samples for the pipeline review would also be shared separately with the required teams.
  • OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository.
  • Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current Datadog behaviour.

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@manan-crest manan-crest changed the title DDS: DNSFilter: Integration v1.0.0 DDS: DNSFilter: Crawler Integration v1.0.0 May 27, 2025
@manan-crest manan-crest changed the title DDS: DNSFilter: Crawler Integration v1.0.0 [SAASINT-4032] DDS: DNSFilter: Crawler Integration v1.0.0 May 28, 2025
@manan-crest manan-crest marked this pull request as ready for review May 28, 2025 12:35
@manan-crest manan-crest requested review from a team as code owners May 28, 2025 12:35
@drichards-87
Copy link
Contributor

Created DOCS-11046 for Docs Team review.

@drichards-87 drichards-87 added the editorial review Waiting on a more in-depth review from a docs team editor label May 28, 2025
@urseberry
Copy link
Contributor

I'm the assigned reviewer from Documentation.

urseberry
urseberry reviewed May 30, 2025
View reviewed changes
dnsfilter/README.md

## Overview

This check monitors [DNSFilter][1].
[DNSFilter][1] is a cloud-based content filtering and threat protection by blocking internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
[DNSFilter][1] is a cloud-based content filtering and threat protection by blocking internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.
[DNSFilter][1] is a cloud-based content filtering tool that blocks internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.

The first sentence is not grammatically correct. I made one possible edit, but feel free to revise to your preferences.

dnsfilter/README.md

### Installation
This integration seamlessly collects DNS Traffic Logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into dns traffic logs through out-of-the-box dashboards and includes ready-to-use Cloud SIEM detection rules for improved monitoring and security.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This integration seamlessly collects DNS Traffic Logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into dns traffic logs through out-of-the-box dashboards and includes ready-to-use Cloud SIEM detection rules for improved monitoring and security.
This integration collects DNS Traffic Logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling search and analysis. The integration provides insight into DNS traffic logs through out-of-the-box dashboards and includes ready-to-use Cloud SIEM detection rules for improved monitoring and security.

dnsfilter/README.md

The DNSFilter check is included in the [Datadog Agent][2] package.
No additional installation is needed on your server.
### Generate API Credentials in DNSFilter
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Generate API Credentials in DNSFilter
### Generate API credentials in DNSFilter

dnsfilter/README.md
Comment on lines +19 to +23
3. Navigate to **Security** tab.
4. Navigate to **API Keys** section, then click **CREATE KEY**.
5. Enter a key **Name** and select an **Expiration**.
6. Click **GENERATE KEY**.
7. Fetch API Key from **Your API Key** Section.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
3. Navigate to **Security** tab.
4. Navigate to **API Keys** section, then click **CREATE KEY**.
5. Enter a key **Name** and select an **Expiration**.
6. Click **GENERATE KEY**.
7. Fetch API Key from **Your API Key** Section.
3. Navigate to the **Security** tab.
4. Navigate to the **API Keys** section, then click **CREATE KEY**.
5. Enter a key **Name** and select an **Expiration**.
6. Click **GENERATE KEY**.
7. Fetch the API Key from the **Your API Key** Section.

dnsfilter/README.md

!!! Add list of steps to set up this integration !!!
### Connect your DNSFilter Account to Datadog
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Connect your DNSFilter Account to Datadog
### Connect your DNSFilter account to Datadog

dnsfilter/README.md
!!! Add steps to validate integration is functioning as expected !!!
| Parameters | Description |
| ------------------------------------- | ------------------------------------------------------------ |
| API Key | The API Key of your DNSFilter Platform |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| API Key | The API Key of your DNSFilter Platform |
| API Key | The API Key of your DNSFilter platform |

dnsfilter/README.md

DNSFilter does not include any metrics.
The DNSFilter integration collects and forwards dns traffic logs to Datadog.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The DNSFilter integration collects and forwards dns traffic logs to Datadog.
The DNSFilter integration collects and forwards DNS traffic logs to Datadog.

dnsfilter/assets/dashboards/dnsfilter_overview.json
"id": 8262886595283344,
"definition": {
"type": "note",
"content": "DNSFilter is a cloud-based content filtering and threat protection by blocking internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.\n\nThis dashboard provides a comprehensive summary of DNSFilter Traffic logs.\n\nFor more information, see the [DNSFilter Integration Documentation](https://docs.datadoghq.com/integrations/dnsfilter/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations. ",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"content": "DNSFilter is a cloud-based content filtering and threat protection by blocking internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.\n\nThis dashboard provides a comprehensive summary of DNSFilter Traffic logs.\n\nFor more information, see the [DNSFilter Integration Documentation](https://docs.datadoghq.com/integrations/dnsfilter/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations. ",
"content": "DNSFilter is a cloud-based content filtering tool that blocking internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.\n\nThis dashboard provides a comprehensive summary of DNSFilter Traffic logs.\n\nFor more information, see the [DNSFilter Integration Documentation](https://docs.datadoghq.com/integrations/dnsfilter/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations. ",

dnsfilter/assets/dashboards/dnsfilter_security_insights.json
"id": 3572596914767264,
"definition": {
"type": "note",
"content": "DNSFilter is a cloud-based content filtering and threat protection by blocking internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.\n\nThis dashboard displays information about allowed and blocked DNS requests, threats, domains accessed, policies, networks, and other DNS-related traffic data.\n\nFor more information, see the [DNSFilter Integration Documentation](https://docs.datadoghq.com/integrations/dnsfilter/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations. ",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"content": "DNSFilter is a cloud-based content filtering and threat protection by blocking internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.\n\nThis dashboard displays information about allowed and blocked DNS requests, threats, domains accessed, policies, networks, and other DNS-related traffic data.\n\nFor more information, see the [DNSFilter Integration Documentation](https://docs.datadoghq.com/integrations/dnsfilter/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations. ",
"content": "DNSFilter is a cloud-based content filtering and threat protection tool that blocks internet threats at the DNS layer. It protects organizations by preventing access to malicious domains, phishing sites, and other cyber threats, ensuring a safer internet experience.\n\nThis dashboard displays information about allowed and blocked DNS requests, threats, domains accessed, policies, networks, and other DNS-related traffic data.\n\nFor more information, see the [DNSFilter Integration Documentation](https://docs.datadoghq.com/integrations/dnsfilter/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations. ",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@urseberry urseberry urseberry left review comments

@guttymora guttymora guttymora approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dev/testing dev/tooling docs/review-requested documentation ecosystems/review-requested editorial review Waiting on a more in-depth review from a docs team editor integration/dnsfilter product/review-requested qa/skip-qa Automatically skip this PR for the next QA team/documentation team/logs-backend team/logs-integrations-reviewers team/saas-integrations
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manan-crest @drichards-87 @urseberry @guttymora @avaid-crest