Add: dashboard, images and readme

Author: manan-crest

cisco_asa/README.md

@@ -1,64 +1,151 @@
-# Agent Integration: Cisco ASA
-
 ## Overview
 
-This integration monitors [Cisco ASA][4].
+[Cisco ASA][4] is a robust firewall platform that provides enterprise-class protection with high availability and scalable performance. It adapts to evolving security needs and supports dynamic routing for modern networks and data centers.
 
-## Setup
+Integrate Cisco ASA with Datadog to gain insights into Threat Detection, User Authentication, User Authorization, User Management, Dynamic Traffic Insights, Connection Insights, ARP Collision Insights, Application Firewall, Transparent Firewall and Identity Firewall using pre-built dashboard visualizations. Datadog uses its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. The integration can also be used for Cloud SIEM detection rules for enhanced monitoring and security.
 
-### Installation
+**Minimum Agent version:** 7.74.0
 
-The Cisco ASA check is included in the [Datadog Agent][2] package.
-No additional installation is needed on your server.
+**Disclaimer**: Your use of this integration, which may collect data that includes personal information, is subject to your agreements with Datadog. Cisco is not responsible for the privacy, security or integrity of any end-user information, including personal data, transmitted through your use of the integration.
 
-### Configuration
+## Setup
 
-!!! Add list of steps to set up this integration !!!
+### Configuration
 
-### Validation
+#### Log collection
 
-!!! Add steps to validate integration is functioning as expected !!!
+1. Collecting logs is disabled by default in the Datadog Agent. Enable it in `datadog.yaml`:
+/root/Bitbucket/datadog-security-connectors
+    ```yaml
+    logs_enabled: true
+    ```
 
-## Data Collected
+2. Add this configuration block to your `cisco_asa.d/conf.yaml` file to start collecting your Cisco ASA logs.
 
-### Metrics
+      ```yaml
+      logs:
+       - type: tcp # or 'udp'
+         port: <PORT>
+         service: cisco-asa
+         source: cisco-asa
+      ```
 
-Cisco ASA does not include any metrics.
+    See the sample [cisco_asa.d/conf.yaml][6] for available configuration options.
 
-### Log Collection
+    **Note**: Do not change the `source` and `service` values, as these parameters are integral to the pipeline's operation.
 
+3. [Restart the Agent][3].
 
-1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the `datadog.yaml` file with:
+#### Syslog Configuration from Cisco ASA CLI: 
 
-    ```yaml
-      logs_enabled: true
+1. Connect to the Cisco ASA CLI
+2. Enter privileged EXEC mode by running:
+    ```shell
+    enable
+    ```
+    - When prompted, enter the password.
+3. Enable global configuration mode:
+    ```shell
+    configure terminal
     ```
+4. Enable logging:
+    ```shell
+    logging enable
+    ```
+5. Configure syslog log forwarding: 
 
-2. Add this configuration block to your `cisco_asa.d/conf.yaml` file to start collecting your Cisco ASA logs:
+    Replace the placeholders with actual values:
+    - **interface_name**: interface that the syslog server is associated with
+    - **ip_address**: ip address of syslog server
+    - **port**: port on which the syslog server is listening.
 
-    ```yaml
-      logs:
-        - type: file
-          path:  /var/log/Cisco ASA.log
-          source: cisco_asa
-          service: <SERVICE_NAME>
+    For UDP:
+    ```shell
+    logging host <interface_name> <ip_address> udp/<port>
+    ```
+    For TCP:
+    ```shell
+    logging host <interface_name> <ip_address> tcp/<port>
+    ```
+6. Set logging level to debugging:
+    ```shell
+    logging trap debugging
+    ```
+7. Enable RFC 5424 timestamp format:
+    ```shell
+    logging timestamp rfc5424
     ```
 
-    Change the `path` and `service` parameter values and configure them for your environment.
+**Note**: The `port` value should be similar to the port provided in the `Log Collection` section.
 
-3. [Restart the Agent][3].
+### Validation
+
+[Run the Agent's status subcommand][2] and look for `cisco_asa` under the Logs Agent section.
+
+## Data Collected
+
+### Log Collection
+
+The Cisco ASA integration collects Threat Detection, User Authentication, User Authorization, User Management, Dynamic traffic Insights, Connection Insights, ARP Collision Insights, Application Firewall, Transparent Firewall, Identity Firewall logs.
+
+### Metrics
+
+The Cisco ASA does not include any metrics.
 
 ### Events
 
 The Cisco ASA integration does not include any events.
 
 ## Troubleshooting
 
+**Permission denied while port binding:**
+
+If you see a **Permission denied** error while port binding in the Agent logs, see the following instructions:
+
+   1. Binding to a port number under 1024 requires elevated permissions. Grant access to the port using the `setcap` command:
+
+      - Grant access to the port using the `setcap` command:
+
+         ```shell
+         sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent
+         ```
+
+      - Verify the setup is correct by running the `getcap` command:
+
+         ```shell
+         sudo getcap /opt/datadog-agent/bin/agent/agent
+         ```
+
+         With the expected output:
+
+         ```shell
+         /opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep
+         ```
+
+         **Note**: Re-run this `setcap` command every time you upgrade the Agent.
+
+   2. [Restart the Agent][3].
+
+**Data is not being collected:**
+
+Make sure that traffic is bypassed from the configured port if the firewall is enabled.
+
+**Port already in use:**
+
+If you see the **Port <PORT_NUMBER> Already in Use** error, see the following instructions. The example below is for a PORT_NUMBER equal to 514:
+
+On systems using Syslog, if the Agent listens for logs on port 514, the following error can appear in the Agent logs: `Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use`.
+
+This error occurs because by default, Syslog listens on port 514. To resolve this error, take **one** of the following steps:
+
+- Disable Syslog.
+- Configure the Agent to listen on a different, available port.
+
 Need help? Contact [Datadog support][1].
 
 [1]: https://docs.datadoghq.com/help/
-[2]: https://app.datadoghq.com/account/settings/agent/latest
+[2]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information
 [3]: https://docs.datadoghq.com/agent/configuration/agent-commands/#start-stop-and-restart-the-agent
-[4]: **LINK_TO_INTEGRATION_SITE**
-[5]: https://github.com/DataDog/integrations-core/blob/master/cisco_asa/assets/service_checks.json
-
+[4]: https://www.cisco.com/c/en_in/products/security/adaptive-security-appliance-asa-software/index.html
+[5]: https://docs.datadoghq.com/agent/guide/integration-management/?tab=linux#install
+[6]: https://github.com/DataDog/integrations-core/blob/master/watchguard_firebox/datadog_checks/watchguard_firebox/data/conf.yaml.example

cisco_asa/assets/cisco-asa.svg

@@ -4,7 +4,7 @@ files:
   options:
   - template: logs
     example:
-    - type: <tcp/udp>
-      path: <PORT>
+    - type: tcp/udp
+      port: <PORT>
       source: cisco-asa
       service: cisco-asa