|
2 | 2 |
|
3 | 3 | ## Overview |
4 | 4 |
|
5 | | -This check monitors [checkpoint_harmony_endpoint][1] through the Datadog Agent. |
6 | | - |
7 | | -Include a high level overview of what this integration does: |
8 | | -- What does your product do (in 1-2 sentences)? |
9 | | -- What value will customers get from this integration, and why is it valuable to them? |
10 | | -- What specific data will your integration monitor, and what's the value of that data? |
| 5 | +Checkpoint Harmony Endpoint is a next-generation endpoint security solution designed to prevent, detect, and respond to threats on user devices (desktops, laptops, servers, etc). This integration monitors [Checkpoint Harmony Endpoint][1]. |
11 | 6 |
|
12 | 7 | ## Setup |
| 8 | +1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the `datadog.yaml` file with: |
13 | 9 |
|
14 | | -Follow the instructions below to install and configure this check for an Agent running on a host. For containerized environments, see the [Autodiscovery Integration Templates][3] for guidance on applying these instructions. |
| 10 | + ```yaml |
| 11 | + logs_enabled: true |
| 12 | + ``` |
| 13 | +2. Add this configuration block to your `checkpoint_harmony_endpoint.d/conf.yaml` file to start collecting your checkpoint_harmony_endpoint logs: |
15 | 14 |
|
16 | | -### Installation |
| 15 | + ```yaml |
| 16 | + logs: |
| 17 | + - type: file |
| 18 | + path: /var/log/checkpoint.log |
| 19 | + source: checkpoint_harmony_endpoint |
| 20 | + service: <SERVICE_NAME> |
| 21 | + ``` |
17 | 22 |
|
18 | | -The checkpoint_harmony_endpoint check is included in the [Datadog Agent][2] package. |
19 | | -No additional installation is needed on your server. |
| 23 | + Change the `path` and `service` parameter values for your environment. |
20 | 24 |
|
21 | | -### Configuration |
| 25 | +3. [Restart the Agent][4]. |
22 | 26 |
|
23 | | -1. Edit the `checkpoint_harmony_endpoint.d/conf.yaml` file, in the `conf.d/` folder at the root of your Agent's configuration directory to start collecting your checkpoint_harmony_endpoint performance data. See the [sample checkpoint_harmony_endpoint.d/conf.yaml][4] for all available configuration options. |
| 27 | +### Installation |
24 | 28 |
|
25 | | -2. [Restart the Agent][5]. |
| 29 | +The checkpoint harmony endpoint check is included in the [Datadog Agent][2] package. |
26 | 30 |
|
27 | | -### Validation |
| 31 | +### Prerequisites |
28 | 32 |
|
29 | | -[Run the Agent's status subcommand][6] and look for `checkpoint_harmony_endpoint` under the Checks section. |
| 33 | +1. Administrative access to Checkpoint Harmony Endpoint - Gaia installed on your server. |
| 34 | +2. The Datadog Agent installed and running (on a server or container that can receive syslog messages). |
| 35 | +3. Network Access between the endpoint and the Datadog Agent (usually port 514, but may be a custom value). Enable log exporter in the Smart Console for log streaming. |
| 36 | +4. Syslog support enabled in the Datadog Agent (with a TCP or UDP listener configured). |
30 | 37 |
|
31 | | -## Data Collected |
| 38 | +### Validation |
32 | 39 |
|
33 | | -### Metrics |
| 40 | +1. Confirm the Datadog Agent is listening on the correct port (`514` in the following examples) |
| 41 | + `sudo netstat -tunlp | grep 514` |
| 42 | + If using TCP and UDP listeners, use the following command: |
| 43 | + `sudo lsof -i :514` |
| 44 | +2. Confirm logs are reaching the Agent from the correct log source. |
| 45 | + `tail -f /var/log/datadog/syslog.log` |
| 46 | +**Note**: If the file doesn't exist, verify that syslog logs are being written by your configuration. |
| 47 | +3. Use the tcpdump command to confirm network traffic. On the Datadog Agent host: |
| 48 | + `sudo tcpdump -i any port 514` |
| 49 | +After running this command, you should see traffic from the Checkpoint endpoint client's IP address. If you don't see any such traffic, check the firewall rules between Checkpoint Endpoint and the Datadog Agent. Confirm the correct protocol (UDP or TCP) is being used on both sides. |
| 50 | +4. Check the Datadog [Live Tail][7] in Datadog for logs from the source and service you defined in the `conf.yaml` file. |
| 51 | +5. After following these steps, you can create a test log on the harmony client by triggering an event. |
| 52 | +6. Check for tags or facets to use them for better filtering based on the required data. |
34 | 53 |
|
35 | | -See [metadata.csv][7] for a list of metrics provided by this integration. |
| 54 | +### Metrics |
36 | 55 |
|
37 | | -### Events |
| 56 | +The Checkpoint Harmony Endpoint integration does not include any metrics. |
38 | 57 |
|
39 | | -The checkpoint_harmony_endpoint integration does not include any events. |
| 58 | +### Log collection |
| 59 | +## Data Collected |
| 60 | +The Checkpoint Harmony Endpoint logs contain key information of the endpoint client such as the event timestamp, detected_by and client IPs and ports, protocol used, firewall action (allow/deny), the matched rule name, user identity (if available), log type (e.g., forensic, malware, etc), action used, device name, and status of the operation, all of which help monitor endpoint behavior, access control, and system activity and many more which are collected by DataDog. |
40 | 61 |
|
41 | | -### Service Checks |
42 | 62 |
|
43 | | -The checkpoint_harmony_endpoint integration does not include any service checks. |
| 63 | +### Events |
44 | 64 |
|
45 | | -See [service_checks.json][8] for a list of service checks provided by this integration. |
| 65 | +The checkpoint harmony endpoint integration includes log events such as attacks and malware hits. |
46 | 66 |
|
47 | 67 | ## Troubleshooting |
48 | 68 |
|
49 | | -Need help? Contact [Datadog support][9]. |
50 | | - |
| 69 | +Need help? Contact [Datadog support][3]. |
51 | 70 |
|
52 | | -[1]: **LINK_TO_INTEGRATION_SITE** |
| 71 | +[1]: https://www.checkpoint.com/harmony/endpoint/ |
53 | 72 | [2]: https://app.datadoghq.com/account/settings/agent/latest |
54 | | -[3]: https://docs.datadoghq.com/agent/kubernetes/integrations/ |
55 | | -[4]: https://github.com/DataDog/integrations-core/blob/master/checkpoint_harmony_endpoint/datadog_checks/checkpoint_harmony_endpoint/data/conf.yaml.example |
56 | | -[5]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent |
57 | | -[6]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information |
58 | | -[7]: https://github.com/DataDog/integrations-core/blob/master/checkpoint_harmony_endpoint/metadata.csv |
59 | | -[8]: https://github.com/DataDog/integrations-core/blob/master/checkpoint_harmony_endpoint/assets/service_checks.json |
60 | | -[9]: https://docs.datadoghq.com/help/ |
| 73 | +[3]: https://docs.datadoghq.com/help/ |
| 74 | +[4]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent |
| 75 | +[5]: https://app.datadoghq.com/integrations?search=checkpoint_harmony_endpoint |
| 76 | +[6]: https://github.com/DataDog/integrations-core/blob/master/checkpoint_harmony_endpoint/assets/service_checks.json |
0 commit comments