DataDog · gunterd · Mar 7, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025
@@ -1,42 +1,63 @@
-# Agent Check: symantec-vip
+# Symantec VIP
 
 ## Overview
 
-This check monitors [symantec-vip][1].
+[Symantec VIP][1] (Validation and ID Protection Service) is a cloud-based authentication service that helps enterprises secure access to networks and applications while maintaining productivity.
+
+This integration ingests the following logs:
+
+- Event: Represents user management operations such as user creation, password setting, user group management, and batch operations, including transaction details and result statuses.
+
+This integration seamlessly collects all the above listed logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into event logs through the out-of-the-box dashboards.
 
 ## Setup
 
-### Installation
+### Generate API credentials in Symantec VIP
+
+**Obtaining VIP certificate**:  
+Follow the steps in the official documentation: [Obtaining VIP certificate.][2]
 
-The symantec-vip check is included in the [Datadog Agent][2] package.
-No additional installation is needed on your server.
+**Activating the VIP Report Streaming Service using VIP Certificate**:
+- Before integrating the VIP Report Streaming Service, you must enable the service with Symantec. Contact your Symantec representative to enable the service. Once the service is enabled, activate the VIP Report Streaming Service for your VIP account using the activate API.
+- Follow the steps mentioned in the official documentation to activate API: [Activate VIP Report Streaming Service][3]
 
-### Configuration
+**Jurisdiction hash**:  
+The jurisdiction hash of the user account is available on the **Account Information** tab of the **Account** page in VIP Manager.
 
-!!! Add list of steps to set up this integration !!!
+### Connect your Symantec VIP Account to Datadog
 
-### Validation
+1. Add your Symantec VIP credentials.
 
-!!! Add steps to validate integration is functioning as expected !!!
+    | Parameters                            | Description                                                  |
+    | ------------------------------------- | ------------------------------------------------------------ |
+    | Jurisdiction Hash                     | Jurisdiction hash of your account.                           |
+    | VIP Cert Pem File Content             | Content of VIP Certificate (.pem) file that will be used to connect to streaming endpoint                         |
+
+2. Click the Save button to save your settings.
 
 ## Data Collected
 
+### Logs
+
+The Symantec VIP integration collects and forwards event logs to Datadog.
+
 ### Metrics
 
-symantec-vip does not include any metrics.
+The Symantec VIP integration does not include any metrics.
 
 ### Service Checks
 
-symantec-vip does not include any service checks.
+The Symantec VIP integration does not include any service checks.
 
 ### Events
 
-symantec-vip does not include any events.
+The Symantec VIP integration does not include any events.
 
-## Troubleshooting
+## Support
 
-Need help? Contact [Datadog support][3].
+Need help? Contact [Datadog support][4].
 
-[1]: **LINK_TO_INTEGRATION_SITE**
-[2]: https://app.datadoghq.com/account/settings/agent/latest
-[3]: https://docs.datadoghq.com/help/
+[1]: https://vip.symantec.com/
+[2]: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip/cloud/vip-web-services-and-apis-v127046027-d2278e2328/VIP-Reporting-Streaming-Service/about-the-api-v109910792-d2376e278/obtaining-the-certificate-v109910553-d2376e636.html#v109910553
+[3]: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip/cloud/vip-web-services-and-apis-v127046027-d2278e2328/VIP-Reporting-Streaming-Service/about-the-api-v109910792-d2376e278/activating-the-v133376930-d2376e309.html
+[4]: https://docs.datadoghq.com/help/
@@ -0,0 +1,98 @@
+id: symantec-vip
+metric_id: symantec-vip
+backend_only: false
+facets:
+  - groups:
+      - Geoip
+    name: City Name
+    path: network.client.geoip.city.name
+    source: log
+  - groups:
+      - Geoip
+    name: Continent Code
+    path: network.client.geoip.continent.code
+    source: log
+  - groups:
+      - Geoip
+    name: Continent Name
+    path: network.client.geoip.continent.name
+    source: log
+  - groups:
+      - Geoip
+    name: Country ISO Code
+    path: network.client.geoip.country.iso_code
+    source: log
+  - groups:
+      - Geoip
+    name: Country Name
+    path: network.client.geoip.country.name
+    source: log
+  - groups:
+      - Geoip
+    name: Subdivision ISO Code
+    path: network.client.geoip.subdivision.iso_code
+    source: log
+  - groups:
+      - Geoip
+    name: Subdivision Name
+    path: network.client.geoip.subdivision.name
+    source: log
+  - groups:
+      - Web Access
+    name: Client IP
+    path: network.client.ip
+    source: log
+  - groups:
+      - User
+    name: User Name
+    path: usr.name
+    source: log
+pipeline:
+  type: pipeline
+  name: Symantec VIP
+  enabled: true
+  filter:
+    query: source:symantec-vip
+  processors:
+    - type: grok-parser
+      name: Parsing the `ts` attribute to convert it into UNIX timestamp
+      enabled: true
+      source: ts
+      samples:
+        - 2025-02-07 03:22:37.051 +0000
+      grok:
+        supportRules: ""
+        matchRules: convert_to_millisecond (%{date("yyyy-MM-dd HH:mm:ss.SSS
+          Z"):ts}|%{date("yyyy-M-d H:m:s.SSS Z"):ts})
+    - type: date-remapper
+      name: Define `ts` as the official date of the log
+      enabled: true
+      sources:
+        - ts
+    - type: attribute-remapper
+      name: Map `clientIp` to `network.client.ip`
+      enabled: true
+      sources:
+        - clientIp
+      sourceType: attribute
+      target: network.client.ip
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `extUserId` to `usr.name`
+      enabled: true
+      sources:
+        - extUserId
+      sourceType: attribute
+      target: usr.name
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: geo-ip-parser
+      name: GeoIp Parser for `network.client.ip`
+      enabled: true
+      sources:
+        - network.client.ip
+      target: network.client.geoip
+      ip_processing_behavior: do-nothing
@@ -0,0 +1,122 @@
+id: "symantec-vip"
+tests:
+ -
+  sample: |-
+    {
+      "wsdlVersion" : "1_1",
+      "extUserId" : "7cc34F6DC",
+      "durationMillis" : "60",
+      "credId" : "VSME1673472",
+      "result" : {
+        "credType" : "STANDARD_OTP",
+        "statusMessage" : "Success",
+        "status" : "0000"
+      },
+      "jurHash" : "1459689",
+      "requestId" : "abcd456",
+      "_nestedCalls" : [ {
+        "result" : {
+          "credType" : "STANDARD_OTP",
+          "statusMessage" : "Success",
+          "status" : "0000"
+        },
+        "jurHash" : "1459689",
+        "extUserId" : "7cc34F6DC",
+        "newBindStatus" : "ENABLED",
+        "credId" : "VSME16734672",
+        "operation" : "addCredential"
+      }, {
+        "result" : {
+          "detail" : "0000",
+          "detailMessage" : "Success",
+          "statusMessage" : "Success",
+          "status" : "0000"
+        },
+        "operation" : "activateToken"
+      } ],
+      "newBindStatus" : "ENABLED",
+      "_id" : "coloss4be-d2-tc.149132321663.2235348",
+      "operation" : "addCredential",
+      "txnId" : "vipus7E94583921D0EA",
+      "ts" : "2017-04-04 16:39:23.090 +0000"
+    }
+  service: "event-logs"
+  result:
+    custom:
+      _id: "coloss4be-d2-tc.149132321663.2235348"
+      _nestedCalls:
+       -
+        result:
+          credType: "STANDARD_OTP"
+          statusMessage: "Success"
+          status: "0000"
+        jurHash: "1459689"
+        extUserId: "7cc34F6DC"
+        newBindStatus: "ENABLED"
+        credId: "VSME16734672"
+        operation: "addCredential"
+       -
+        result:
+          detail: "0000"
+          detailMessage: "Success"
+          statusMessage: "Success"
+          status: "0000"
+        operation: "activateToken"
+      credId: "VSME1673472"
+      durationMillis: "60"
+      jurHash: "1459689"
+      newBindStatus: "ENABLED"
+      operation: "addCredential"
+      requestId: "abcd456"
+      result:
+        credType: "STANDARD_OTP"
+        status: "0000"
+        statusMessage: "Success"
+      ts: 1491323963090
+      txnId: "vipus7E94583921D0EA"
+      usr:
+        name: "7cc34F6DC"
+      wsdlVersion: "1_1"
+    message: |-
+      {
+        "wsdlVersion" : "1_1",
+        "extUserId" : "7cc34F6DC",
+        "durationMillis" : "60",
+        "credId" : "VSME1673472",
+        "result" : {
+          "credType" : "STANDARD_OTP",
+          "statusMessage" : "Success",
+          "status" : "0000"
+        },
+        "jurHash" : "1459689",
+        "requestId" : "abcd456",
+        "_nestedCalls" : [ {
+          "result" : {
+            "credType" : "STANDARD_OTP",
+            "statusMessage" : "Success",
+            "status" : "0000"
+          },
+          "jurHash" : "1459689",
+          "extUserId" : "7cc34F6DC",
+          "newBindStatus" : "ENABLED",
+          "credId" : "VSME16734672",
+          "operation" : "addCredential"
+        }, {
+          "result" : {
+            "detail" : "0000",
+            "detailMessage" : "Success",
+            "statusMessage" : "Success",
+            "status" : "0000"
+          },
+          "operation" : "activateToken"
+        } ],
+        "newBindStatus" : "ENABLED",
+        "_id" : "coloss4be-d2-tc.149132321663.2235348",
+        "operation" : "addCredential",
+        "txnId" : "vipus7E94583921D0EA",
+        "ts" : "2017-04-04 16:39:23.090 +0000"
+      }
+    service: "event-logs"
+    tags:
+     - "source:LOGS_SOURCE"
+    timestamp: 1491323963090
@@ -1 +1 @@
-[]
+[]