Skip to content

[INTS-676] DDS: BlueCat Integrity v1.0.0#22980

Open
jaypatel7-crest wants to merge 8 commits intoDataDog:masterfrom
bhargavnariyanicrest:bluecat-integrity-v1.0.0
Open

[INTS-676] DDS: BlueCat Integrity v1.0.0#22980
jaypatel7-crest wants to merge 8 commits intoDataDog:masterfrom
bhargavnariyanicrest:bluecat-integrity-v1.0.0

Conversation

@jaypatel7-crest
Copy link
Contributor

@jaypatel7-crest jaypatel7-crest commented Mar 19, 2026

What does this PR do?

This is a initial release PR of BlueCat Integrity integration including all the required assets i.e. Pipeline, Dashboards

Motivation

  • This integration is webhook based so Crawler will not be used.
  • The Datadog team will implement the appropriate component for generating URLs. A URL will be created having the ddsource query parameter set to bluecat-integrity.

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

jaypatel7-crest
jaypatel7-crest commented Mar 24, 2026
View reviewed changes
bluecat_integrity/assets/logs/bluecat-integrity.yaml
preserveSource: true
overrideOnConflict: true
type: schema-remapper
- name: ocsf.activity_id
Copy link
Contributor Author

@jaypatel7-crest jaypatel7-crest Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reference

@jaypatel7-crest jaypatel7-crest marked this pull request as ready for review March 24, 2026 09:17
@jaypatel7-crest jaypatel7-crest requested review from a team as code owners March 24, 2026 09:17
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 24, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5885a54e15

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

bluecat_integrity/assets/logs/bluecat-integrity.yaml
Comment on lines +909 to +911
query: "@message_direction_value:BOOTREQUEST"
name: Outbound
id: 2
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Map DHCP BOOTREQUEST as inbound direction

data.dhcpv4Message.op=1 means a BOOTREQUEST (client → server), but this category currently assigns ocsf.connection_info.direction=Outbound. In this same pipeline, serverId is mapped to ocsf.dst_endpoint.name, so this inversion makes request packets look like server-originated traffic and reply packets look inbound, which will skew DHCP flow analysis and any direction-based detections.

Useful? React with 👍 / 👎.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026

⚠️ Recommendation: Add qa/skip-qa label

This PR does not modify any files shipped with the agent.

To help streamline the release process, please consider adding the qa/skip-qa label if these changes do not require QA testing.

@jaypatel7-crest jaypatel7-crest changed the title DDS: BlueCat Integrity v1.0.0 [INTS-676] DDS: BlueCat Integrity v1.0.0 Mar 24, 2026
@OliviaShoup
Copy link
Contributor

OliviaShoup commented Mar 24, 2026

hey @jaypatel7-crest thanks for the PR! is this ready for the docs team to review? just double-checking because display_on_public_website is set to false

@iadjivon
Copy link
Contributor

iadjivon commented Mar 24, 2026

Created an Editorial Review card: DOCS-13839

@iadjivon iadjivon added the editorial review Waiting on a more in-depth review from a docs team editor label Mar 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dev/testing dev/tooling docs/review-requested documentation ecosystems/review-requested editorial review Waiting on a more in-depth review from a docs team editor product/review-requested team/agent-integrations team/documentation team/logs-integrations-reviewers team/saas-integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jaypatel7-crest @OliviaShoup @iadjivon @savandalasaniya-crest