Previous

Next

Dashboard image of alerts count

Dashboard image of events list with title

Dashboard image of emerging alerts count

Dashboard image of imminent alerts count

Overview

The Cybersixgill actionable alerts check monitors critical assets across the deep, dark, and surface web such as IP addresses, domains, vulnerabilities, and VIPs. Receive alerts with context including severity, threat type, description, post snippet, recommendations, and assessments. This integration provides an out-of-the-box dashboard to prioritize and respond to threats.

Setup

Installation

To install the Cybersixgill actionable alerts check on your host:

1. Install the developer tool on any machine.
2. To build the package, run the command: ddev release build cybersixgill_actionable_alerts.
3. Install the Datadog Agent on your host.
4. Once the Agent is installed, run the following command to install the integration:

datadog-agent integration install -t datadog-cybersixgill-actionable-alerts==1.0.1

Configuration

5. Reach out to Cybersixgill Support and request access to the Cybersixgill Developer Platform.
6. Receive the welcome email with access to the Cybersixgill developer platform.
7. Within the Cybersixgill developer platform, create the Client ID and Client secret.
8. Copy the Client ID and Client secret and paste them into the Configuration.yaml file.
9. Provide the minimum collection interval in seconds. For example, min_collection_interval: 3600

Validation

Verify that Cybersixgill events are generated in the Datadog Events Explorer.

Data Collected

Service Checks

cybersixgill_actionable_alert.can_connect
Returns OK If Client Id and Client Secret are present in an Instance. Returns CRITICAL If Configuration Errors occur.
Statuses: ok, critical

cybersixgill.health
Returns CRITICAL If the Agent is unable to connect to Cybersixgill API
Statuses: ok, critical

Events

This integration sends API-type events to Datadog.

Troubleshooting

Need help? Contact Cybersixgill support.