Picus Security

Supported OS Linux Windows Mac OS

marketplace

Overview

Picus Security is a security validation platform that assesses and enhances an organization’s defenses. It simulates real-world cyberattacks (e.g, phishing, malware) to evaluate security controls like firewalls, intrusion prevention systems, and endpoint security solutions.

  • The Picus Security Datadog Integration allows you to collect and visualize Picus Security data as logs in Datadog. The data collected includes:

  • Inventory data: Picus Agents, Integrations, Integration Agents, Mitigation Devices, Simulations.

  • Threats data

  • Activity data

The integration includes following ready-to-use Datadog Cloud SIEM detection rules for enhanced monitoring and security:

1. Anomalous amount of failed login attempts detected in Picus Security
2. Detection of activity from a new or suspicious location in Picus Security

Dashboards

This integration includes three out-of-the-box dashboards:

  1. Picus Security - Inventory: Visualizes Picus agents, integrations, integration agents, mitigation devices, and simulations data collected at a user-defined interval_for_inventory.
  2. Picus Security - Threats: Shows threat data collected at the min_collection_interval.
  3. Picus Security - Activity: Monitors activities performed in the Picus Security Web Application.

Cloud SIEM Detection Rules

To enable or disable Picus Security detection rules:

  1. In Datadog, navigate to Security > Cloud SIEM > Detection Rules.
  2. Use the query tag:"source:crest-data-systems-picus-security" to list all the rules for Picus Security.

Validation

Run the Agent’s status subcommand and look for crest_data_systems_picus_security under the Checks section.

Alternatively, use the following command to obtain detailed information about the integration:

  • Linux:
    sudo datadog-agent check crest_data_systems_picus_security --log-level debug
    
  • Windows:
    "%programfiles%\Datadog\Datadog Agent\bin\agent.exe" check crest_data_systems_picus_security --log-level debug
    

Support

For support or feature requests, contact Crest Data through the following channels:


This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.

PREVIEWING: guacbot/translation-pipeline