[SEC-27721]: Add SIEM category to integrations#3002
Conversation
2uent1n
force-pushed
the
quentin.blin/sec-27721-add-siem-category
branch
from
12624f3 to
e91203e
Compare
2uent1n
requested review from
a team and
london-wharton
and removed request for
a team and
Wyrine
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e91203ecc7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "Category::Incidents", | ||
| "Category::Log Collection", | ||
| "Category::Security", | ||
| "Category::SIEM", |
There was a problem hiding this comment.
The validation workflow runs metadata validation for manifests, and Datadog's Integration Assets Reference says the classifier tag list is complete but does not include Category::SIEM; adding this tag here (and in the other manifests in this commit) will cause the new metadata to be rejected rather than placing the integrations in a SIEM category. Please use an allowed classifier, or add the new taxonomy upstream before referencing it in these manifests.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
@codex where is that classifier tag list defined? https://datadoghq.atlassian.net/browse/IXP-742 and associated tickets should have handled this long ago
There was a problem hiding this comment.
It’s not defined in this repo as a centralized list.
What I can confirm from the codebase:
auth0/manifest.jsononly uses the classifier tags ("Category::SIEM"is just a string entry inclassifier_tags), it does not define allowed values. auth0/manifest.jsonL21-L26- Other integrations in this same repo also use
"Category::SIEM"the same way (again, as plain manifest strings), which suggests validation is controlled upstream, not by a local enum/table in this repository. zscaler/manifest.jsonL56-L62
So the “source of truth” for allowed classifier tags is in the upstream Integration Assets taxonomy/validator, not in integrations-extras. If you want, I can follow up by pointing to the exact upstream file in the other repo where the allowed list is enforced.
2uent1n
force-pushed
the
quentin.blin/sec-27721-add-siem-category
branch
from
e91203e to
606ab6b
Compare
temporal-github-worker-1
Bot
dismissed stale reviews from dkirov-dd, steveny91, and hestonhoffman
Review from dkirov-dd is dismissed. Related teams and files:
- agent-integrations
- auth0/manifest.json
Review from steveny91 is dismissed. Related teams and files:
- agent-integrations
- auth0/manifest.json
Review from hestonhoffman is dismissed. Related teams and files:
- documentation
- auth0/manifest.json
- bind9/manifest.json
- sigsci/manifest.json
5 participants
What does this PR do?
Adds
Category::SIEMto existing integrations.Motivation
See Jira ticket.
Review checklist
no-changeloglabel attached