diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 4aa8de0820706..178d4c2c186f9 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -309,6 +309,11 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi /have_i_been_pwned/manifest.json @DataDog/saas-integrations @DataDog/documentation /have_i_been_pwned/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/have_i_been_pwned/ @DataDog/saas-integrations +/have_i_been_pwned/*.md @DataDog/saas-integrations @DataDog/documentation +/have_i_been_pwned/manifest.json @DataDog/saas-integrations @DataDog/documentation +/have_i_been_pwned/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend + /incident_io/ @DataDog/saas-integrations /incident_io/*.md @DataDog/saas-integrations @DataDog/documentation /incident_io/manifest.json @DataDog/saas-integrations @DataDog/documentation diff --git a/have_i_been_pwned/README.md b/have_i_been_pwned/README.md index cca4032d33d6e..0a98e9c6aba81 100644 --- a/have_i_been_pwned/README.md +++ b/have_i_been_pwned/README.md @@ -1,3 +1,57 @@ +# Have I Been Pwned + +## Overview + +[Have I Been Pwned][1] provides a personalized view of compromised data based on your email address, domain and other information you've added. + +This integration ingests the following logs: + +- Breach Logs: The breach refers to a security incident where data from a system has been exposed to unauthorized parties. + +This integration collects breach logs and send them to Datadog for analysis. The logs are parsed and enriched using Datadog's built-in pipeline, which allows for searching and analysis. Dashboards and Cloud SIEM detection rules are included to help monitor message logs and improve security. + +## Setup + +### Get an API key from the Have I Been Pwned Portal + +1. Login to the [Have I Been Pwned][2] dashboard. +2. Navigate to **API Key**. +3. Click **Generate New API Key**. +4. Save generated **API Key**. + + +### Connect your Have I Been Pwned Account to Datadog + +1. Add your Have I Been Pwned credentials. + + | Parameters | Description | + | ------------------------------------- | ------------------------------------------------------------ | + | API key | The API key for your Have I Been Pwned account | + +2. Click the **Save** button to save your settings. + +## Data Collected + +### Logs + +The Have I Been Pwned integration collects and forwards message logs to Datadog. + +### Metrics + +The Have I Been Pwned integration does not include any metrics. + +### Events + +The Have I Been Pwned integration does not include any events. + +## Support + +Need help? Contact [Datadog support][3]. + +[1]: https://haveibeenpwned.com/ +[2]: https://haveibeenpwned.com/Dashboard +[3]: https://docs.datadoghq.com/help/ +======= # Agent Check: Have I Been Pwned ## Overview @@ -36,4 +90,3 @@ Need help? Contact [Datadog support][3]. [1]: **LINK_TO_INTEGRATION_SITE** [2]: https://app.datadoghq.com/account/settings/agent/latest [3]: https://docs.datadoghq.com/help/ - diff --git a/have_i_been_pwned/assets/dashboards/have_i_been_pwned_overview.json b/have_i_been_pwned/assets/dashboards/have_i_been_pwned_overview.json new file mode 100644 index 0000000000000..3d5f539c29ad1 --- /dev/null +++ b/have_i_been_pwned/assets/dashboards/have_i_been_pwned_overview.json @@ -0,0 +1,2425 @@ +{ + "title": "Have I Been Pwned - Overview", + "description": "This dashboard provides a comprehensive summary of Have I Been Pwned breaches.", + "widgets": [ + { + "id": 6958870771310070, + "definition": { + "type": "image", + "url": "https://haveibeenpwned.com/Images/Hero.svg?v=ela4hSGcWyGSHm101pjc3K0EHrDqdwhMAsD3G_hZAgA", + "url_dark_theme": "https://haveibeenpwned.com/Images/Hero.svg?v=ela4hSGcWyGSHm101pjc3K0EHrDqdwhMAsD3G_hZAgA", + "sizing": "contain", + "margin": "md", + "has_background": true, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 5540490262574027, + "definition": { + "type": "note", + "content": "The [Have I Been Pwned](https://haveibeenpwned.com/) provides a personalized view of compromised data based on your email address, domain and other information you've added in Have I Been Pwned.\n\nThis dashboard provides a comprehensive summary of Have I Been Pwned breaches.\n\nFor more information, see the [Have I Been Pwned](https://docs.datadoghq.com/integrations/have_i_been_pwned/).\n\n**Tips**:\n - Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n\n", + "background_color": "blue", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 5135206144074060, + "definition": { + "title": "Total Breaches Detected", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "red_on_white" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 3090202435800144, + "definition": { + "title": "Breaches Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "response_format": "timeseries", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 3 + } + }, + { + "id": 1538938917165417, + "definition": { + "title": "Breached Org Domains", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.email_domain" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#e3f6f8" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 6, + "width": 4, + "height": 3 + } + }, + { + "id": 7060303919687120, + "definition": { + "title": "Org Domains Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "response_format": "timeseries", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_details.email_domain", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 6, + "width": 8, + "height": 3 + } + }, + { + "id": 8984934119135229, + "definition": { + "title": "Total Breached Emails", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.email" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red", + "custom_bg_color": "#e3f6f8" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 9, + "width": 4, + "height": 3 + } + }, + { + "id": 5944042331328796, + "definition": { + "title": "Top Breached Emails", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + } + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red", + "custom_bg_color": "#e3f6f8" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 9, + "width": 8, + "height": 3 + } + }, + { + "id": 1443956583690881, + "definition": { + "title": "Breached Org Domains", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_details.email_domain", + "limit": 15, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 6, + "height": 3 + } + }, + { + "id": 8054425598190823, + "definition": { + "title": "Top Compromised Data Classes", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@DataClasses", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "custom_bg_color": "#e3f6f8", + "palette": "white_on_yellow" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 12, + "width": 6, + "height": 3 + } + }, + { + "id": 8818404107669562, + "definition": { + "title": "Total Breached Platforms", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@Title" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "yellow_on_white", + "custom_bg_color": "#e3f6f8" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 15, + "width": 4, + "height": 3 + } + }, + { + "id": 4667264836456278, + "definition": { + "title": "Top Breached Platform Title", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@Title", + "limit": 15, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 15, + "width": 8, + "height": 3 + } + }, + { + "id": 5746048393999827, + "definition": { + "title": "Breached Platforms", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@Name", + "limit": 1000, + "sort": { + "aggregation": "avg", + "order": "desc", + "metric": "@PwnCount" + }, + "should_exclude_missing": true + }, + { + "facet": "@AddedDate", + "limit": 10, + "sort": { + "aggregation": "avg", + "order": "desc", + "metric": "@PwnCount" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "avg", + "metric": "@PwnCount" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "custom_bg_color": "#e3f6f8", + "palette": "red_on_white" + } + ], + "cell_display_mode": "number", + "alias": "Global Pwn Statistics", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 18, + "width": 12, + "height": 3 + } + }, + { + "id": 2485239547840792, + "definition": { + "title": "Total Malware-Related Breaches", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsMalware:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "red_on_white" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 21, + "width": 4, + "height": 3 + } + }, + { + "id": 2759796981793455, + "definition": { + "title": "Malware Org Domains Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "response_format": "timeseries", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsMalware:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_details.email_domain", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 21, + "width": 8, + "height": 3 + } + }, + { + "id": 4520802315126837, + "definition": { + "title": "Distribution of Malware Breaches", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@IsMalware", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 24, + "width": 6, + "height": 3 + } + }, + { + "id": 1526223259272277, + "definition": { + "title": "Distribution of Malware Org Domains", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsMalware:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_details.email_domain", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 24, + "width": 6, + "height": 3 + } + }, + { + "id": 8078230425990704, + "definition": { + "title": "Top Malware Impacted Emails", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsMalware:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + } + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 27, + "width": 6, + "height": 3 + } + }, + { + "id": 8461934260622554, + "definition": { + "title": "Top Sensitive Email", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsSensitive:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 27, + "width": 6, + "height": 3 + } + }, + { + "id": 4725860994448288, + "definition": { + "title": "Total Sensitive Breaches", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsSensitive:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "red_on_white" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 30, + "width": 4, + "height": 3 + } + }, + { + "id": 2245777285848474, + "definition": { + "title": "Sensitive Org Domains Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "response_format": "timeseries", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsSensitive:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_details.email_domain", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 30, + "width": 8, + "height": 3 + } + }, + { + "id": 8713215576714390, + "definition": { + "title": "Sensitive vs Non-Sensitive Breaches", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@IsSensitive", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + } + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 33, + "width": 6, + "height": 3 + } + }, + { + "id": 8538406986866127, + "definition": { + "title": "Distribution of Sensitive Org Domains", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsSensitive:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_details.email_domain", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 33, + "width": 6, + "height": 3 + } + }, + { + "id": 592497820144128, + "definition": { + "title": "Distribution of Fabricated Breaches", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@IsFabricated", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 36, + "width": 6, + "height": 3 + } + }, + { + "id": 4973515232466875, + "definition": { + "title": "Verified vs Unverified Breaches", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@IsVerified", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + } + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 36, + "width": 6, + "height": 3 + } + }, + { + "id": 8111741130621711, + "definition": { + "title": "Total Spam List Breaches", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsSpamList:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "yellow_on_white", + "custom_fg_color": "#ee792b" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 39, + "width": 3, + "height": 3 + } + }, + { + "id": 1848716729822315, + "definition": { + "title": "Total Stealer Log Involvement", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsStealerLog:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_text", + "custom_fg_color": "#e46f21" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 39, + "width": 3, + "height": 3 + } + }, + { + "id": 5186495022278585, + "definition": { + "title": "Total Retired Breaches", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsRetired:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 39, + "width": 3, + "height": 3 + } + }, + { + "id": 3434424928998432, + "definition": { + "title": "Subscription Free Breaches", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach @IsSubscriptionFree:true $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 9, + "y": 39, + "width": 3, + "height": 3 + } + }, + { + "id": 409035981601535, + "definition": { + "title": "Breach Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:have-i-been-pwned service:breach $user_name $breached_platform $org_domain" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@Name", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + }, + { + "facet": "@Domain", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + }, + { + "facet": "message", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + }, + { + "facet": "@AddedDate", + "limit": 10, + "sort": { + "aggregation": "cardinality", + "order": "desc", + "metric": "@user_details.hash_id" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "cardinality", + "metric": "@user_details.hash_id" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 42, + "width": 12, + "height": 4 + } + }, + { + "id": 7580938929123338, + "definition": { + "title": "Datadog Cloud SIEM", + "title_align": "center", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4722013504526238, + "definition": { + "type": "note", + "content": "Datadog Cloud SIEM analyzes and correlates the Have I Been Pwned logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](/security).", + "background_color": "blue", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 5685254588567548, + "definition": { + "title": "CRITICALs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:have-i-been-pwned status:critical" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#bc303c" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 1466526305860706, + "definition": { + "title": "HIGHs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:have-i-been-pwned status:high" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#d33043" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 1228973396041263, + "definition": { + "title": "Critical Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:have-i-been-pwned status:critical" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#bc303c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 1, + "width": 8, + "height": 4 + } + }, + { + "id": 6093887128753131, + "definition": { + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:have-i-been-pwned status:medium" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 4878251795064565, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:have-i-been-pwned status:low" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ffb52b" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 8212421793513548, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:have-i-been-pwned status:info" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#84c1e0" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + }, + { + "id": 8189309215800279, + "definition": { + "title": "High Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:have-i-been-pwned status:high" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#d33043" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 5, + "width": 6, + "height": 4 + } + }, + { + "id": 6105828235437391, + "definition": { + "title": "Medium Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:have-i-been-pwned status:medium" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 5, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 46, + "width": 12, + "height": 10, + "is_column_break": true + } + } + ], + "template_variables": [ + { + "name": "user_name", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "breached_platform", + "prefix": "@Name", + "available_values": [], + "default": "*" + }, + { + "name": "org_domain", + "prefix": "@user_details.email_domain", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/have_i_been_pwned/assets/have_i_been_pwned.svg b/have_i_been_pwned/assets/have_i_been_pwned.svg new file mode 100644 index 0000000000000..90d69e9655155 --- /dev/null +++ b/have_i_been_pwned/assets/have_i_been_pwned.svg @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/have_i_been_pwned/assets/logs/have-i-been-pwned.yaml b/have_i_been_pwned/assets/logs/have-i-been-pwned.yaml new file mode 100644 index 0000000000000..6077c3c71ecbf --- /dev/null +++ b/have_i_been_pwned/assets/logs/have-i-been-pwned.yaml @@ -0,0 +1,58 @@ +id: have-i-been-pwned +metric_id: have-i-been-pwned +backend_only: false +facets: + - groups: + - User + name: User Name + path: usr.name + source: log + - groups: + - User + name: User Email + path: usr.email + source: log +pipeline: + type: pipeline + name: Have I Been Pwned + enabled: true + filter: + query: source:have-i-been-pwned + processors: + - type: service-remapper + name: Define `service` as the official service of the log + enabled: true + sources: + - service + - type: attribute-remapper + name: Remapping user_details.user_name value to usr.name attribute + enabled: true + sources: + - user_details.user_name + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: string-builder-processor + name: "`usr.name` + `@` + `domain` - in attribute `usr.email`" + enabled: true + template: "%{usr.name}@%{user_details.email_domain}" + target: usr.email + replaceMissing: true + - type: message-remapper + name: Define `Description` as the official message of the log + enabled: true + sources: + - Description + - type: pipeline + name: Processing of Latest Breach + enabled: true + filter: + query: service:latest-breach + processors: + - type: date-remapper + name: Defining AddedDate as the official timestamp of log + enabled: true + sources: + - AddedDate diff --git a/have_i_been_pwned/assets/logs/have-i-been-pwned_tests.yaml b/have_i_been_pwned/assets/logs/have-i-been-pwned_tests.yaml new file mode 100644 index 0000000000000..ba305c5307e90 --- /dev/null +++ b/have_i_been_pwned/assets/logs/have-i-been-pwned_tests.yaml @@ -0,0 +1,62 @@ +id: "have-i-been-pwned" +tests: + - + sample: |- + { + "LogoPath" : "https://logos.haveibeenpwned.com/List.png", + "Description" : "Description here...", + "IsSpamList" : false, + "user_details" : { + "user_name" : "john.munro", + "email_domain" : "example.com", + "hash_id" : "10" + }, + "IsSensitive" : false, + "IsRetired" : false, + "Title" : "Operation Endgame 2.0", + "IsStealerLog" : false, + "ModifiedDate" : "2025-05-25T21:41:13Z", + "Name" : "OperationEndgame2", + "IsFabricated" : false, + "AddedDate" : "2025-05-23T20:47:34Z", + "IsMalware" : true, + "PwnCount" : 15436844, + "BreachDate" : "2025-05-23", + "IsVerified" : true, + "IsSubscriptionFree" : true, + "Domain" : "xyz", + "DataClasses" : [ "Email addresses", "Passwords" ] + } + tags: + - "source:LOGS_SOURCE" + result: + custom: + AddedDate: "2025-05-23T20:47:34Z" + BreachDate: "2025-05-23" + DataClasses: + - "Email addresses" + - "Passwords" + Domain: "xyz" + IsFabricated: false + IsMalware: true + IsRetired: false + IsSensitive: false + IsSpamList: false + IsStealerLog: false + IsSubscriptionFree: true + IsVerified: true + LogoPath: "https://logos.haveibeenpwned.com/List.png" + ModifiedDate: "2025-05-25T21:41:13Z" + Name: "OperationEndgame2" + PwnCount: 15436844 + Title: "Operation Endgame 2.0" + user_details: + email_domain: "example.com" + hash_id: "10" + usr: + email: "john.munro@example.com" + name: "john.munro" + message: "Description here..." + tags: + - "source:LOGS_SOURCE" + - "source:LOGS_SOURCE" \ No newline at end of file diff --git a/have_i_been_pwned/images/have_i_been_pwned_overview_1.png b/have_i_been_pwned/images/have_i_been_pwned_overview_1.png new file mode 100644 index 0000000000000..d70161700d53e Binary files /dev/null and b/have_i_been_pwned/images/have_i_been_pwned_overview_1.png differ diff --git a/have_i_been_pwned/images/have_i_been_pwned_overview_2.png b/have_i_been_pwned/images/have_i_been_pwned_overview_2.png new file mode 100644 index 0000000000000..d935385889445 Binary files /dev/null and b/have_i_been_pwned/images/have_i_been_pwned_overview_2.png differ diff --git a/have_i_been_pwned/manifest.json b/have_i_been_pwned/manifest.json index 529274c2d1933..7955e6c0ec7f2 100644 --- a/have_i_been_pwned/manifest.json +++ b/have_i_been_pwned/manifest.json @@ -8,9 +8,20 @@ "configuration": "README.md#Setup", "support": "README.md#Support", "changelog": "CHANGELOG.md", - "description": "", + "description": "Gain insights into Have I Been Pwned breaches", "title": "Have I Been Pwned", - "media": [], + "media": [ + { + "caption": "Have I Been Pwned - Overview", + "image_url": "images/have_i_been_pwned_overview_1.png", + "media_type": "image" + }, + { + "caption": "Have I Been Pwned - Overview", + "image_url": "images/have_i_been_pwned_overview_2.png", + "media_type": "image" + } + ], "classifier_tags": [ "Category::Log Collection", "Category::Security", @@ -26,6 +37,12 @@ "events": { "creates_events": false } + }, + "dashboards": { + "Have I Been Pwned - Overview": "assets/dashboards/have_i_been_pwned_overview.json" + }, + "logs": { + "source": "have-i-been-pwned" } }, "author": {