DDS: Cofense Triage Readme Update #21832
Conversation
datadog-agent-integrations-bot
bot
added
documentation
integration/cofense_triage
labels
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
cofense_triage/README.md
Outdated
| 1. Use an API platform such as Postman, or curl to make a GET request to the [Datadog API endpoint][3]. | ||
| 2. Once you receive the response, locate the **webhooks** section in the JSON. It will look something like this: | ||
| ```json | ||
| "webhooks": { | ||
| "prefixes_ipv4": [ | ||
| "0.0.0.0/32", | ||
| ... | ||
| ], | ||
| "prefixes_ipv6": [] | ||
| } | ||
| ``` | ||
| 3. From the **prefixes_ipv4** list under the Webhooks section, copy each CIDR entry. |
There was a problem hiding this comment.
The new whitelisting steps direct users to copy webhooks.prefixes_ipv4 from the IP-ranges endpoint. Those addresses are only used when Datadog sends outbound webhooks, not when external services post logs to Datadog. For organizations opening their firewalls so Cofense Triage can send data to Datadog, whitelisting the webhook CIDRs will still block traffic to the log ingestion/API endpoints and the integration will fail. This section should reference the logs (and/or api) ranges from the same response instead of webhooks.
Useful? React with 👍 / 👎.
maycmlee
left a comment
maycmlee
left a comment
There was a problem hiding this comment.
Just a couple of suggestions
cofense_triage/README.md
Outdated
|
|
||
| #### Whitelist Datadog IP Addresses | ||
|
|
||
| 1. Use an API platform such as Postman, or curl to make a GET request to the [Datadog API endpoint][3]. |
There was a problem hiding this comment.
| 1. Use an API platform such as Postman, or curl to make a GET request to the [Datadog API endpoint][3]. | |
| 1. Use an API platform such as Postman or the curl command to make a GET request to the [Datadog API endpoint][3]. |
cofense_triage/README.md
Outdated
| #### Whitelist Datadog IP Addresses | ||
|
|
||
| 1. Use an API platform such as Postman, or curl to make a GET request to the [Datadog API endpoint][3]. | ||
| 2. Once you receive the response, locate the **webhooks** section in the JSON. It will look something like this: |
There was a problem hiding this comment.
| 2. Once you receive the response, locate the **webhooks** section in the JSON. It will look something like this: | |
| 2. After you receive the response, locate the **webhooks** section in the JSON. It looks something like this: |
cofense_triage/README.md
Outdated
| } | ||
| ``` | ||
| 3. From the **prefixes_ipv4** list under the Webhooks section, copy each CIDR entry. | ||
| 4. Work with Cofense Support team to get these IP ranges whitelisted. |
There was a problem hiding this comment.
| 4. Work with Cofense Support team to get these IP ranges whitelisted. | |
| 4. Work with Cofense support team to get these IP ranges whitelisted. |
|
This PR does not modify any files shipped with the agent. To help streamline the release process, please consider adding the |
temporal-github-worker-1
bot
added
docs/approved
and removed
docs/review-requested
labels
3 participants
What does this PR do?
Review checklist (to be filled by reviewers)
qa/skip-qalabel if the PR doesn't need to be tested during QA.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged