DDS: Beyondtrust Privileged Remote Access v1.0.0

[surabhipatel-crest]

What does this PR do?

This is a initial release PR of BeyondTrust Privileged Remote Access integration including all the required assets.

Integration Logo Sources: https://assets.beyondtrust.com/assets/images/products/icons/pra-icon.svg

Review checklist (to be filled by reviewers)

[ ] Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
[ ] Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
[ ] If you need to backport this PR to another branch, you can add the backport/ label to the PR and it will automatically open a backport PR once this one is merged

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3e70457c35

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[estherk15]

Suggested change

"content": "This dashboard provide comprehensive insights into authentication successes/failures, user identity modifications, admin resets, and credential enrollment/removal events. Designed to help security teams identify risky access patterns, account misuse, and compromised credentials.\n\nFor more information, see the [BeyondTrust Privileged Remote Access Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_privileged_remote_access/).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.",

"content": "This dashboard provides comprehensive insights into authentication successes/failures, user identity modifications, admin resets, and credential enrollment/removal events. It's designed to help security teams identify risky access patterns, account misuse, and compromised credentials.\n\nFor more information, see the [BeyondTrust Privileged Remote Access Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_privileged_remote_access/).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.",

[surabhipatel-crest]

Done

[estherk15]

Suggested change

	"description": "This dashboard provide comprehensive insights into authentication successes/failures, user identity modifications, admin resets, and credential enrollment/removal events. Designed to help security teams identify risky access patterns, account misuse, and compromised credentials.",
	"description": "This dashboard provides comprehensive insights into authentication successes/failures, user identity modifications, admin resets, and credential enrollment/removal events. It's designed to help security teams identify risky access patterns, account misuse, and compromised credentials.",

[surabhipatel-crest]

Done

[estherk15]

Suggested change

	"description": "This dashboard provide comprehensive insights into how users access and interact with privileged systems. It highlights account changes, access configuration updates, and reporting actions to help security teams spot unusual behavior.",
	"description": "This dashboard provides comprehensive insights into how users access and interact with privileged systems. It highlights account changes, access configuration updates, and reporting actions to help security teams spot unusual behavior.",

[surabhipatel-crest]

Done

[estherk15]

Suggested change

"content": "This dashboard provide comprehensive insights into how users access and interact with privileged systems. It highlights account changes, access configuration updates, and reporting actions to help security teams spot unusual behavior.\n\nFor more information, see the [BeyondTrust Privileged Remote Access Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_privileged_remote_access/).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.",

"content": "This dashboard provides comprehensive insights into how users access and interact with privileged systems. It highlights account changes, access configuration updates, and reporting actions to help security teams spot unusual behavior.\n\nFor more information, see the [BeyondTrust Privileged Remote Access Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_privileged_remote_access/).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.",

[surabhipatel-crest]

Done

[estherk15]

Suggested change

"content": "This dashboard provide comprehensive insights into configuration changes across network objects, routing, syslog destinations, SNMP settings, API accounts, and external security providers to support change management, audit trails, and drift detection.\n\nFor more information, see the [BeyondTrust Privileged Remote Access Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_privileged_remote_access/).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.",

"content": "This dashboard provides comprehensive insights into configuration changes across network objects, routing, syslog destinations, SNMP settings, API accounts, and external security providers to support change management, audit trails, and drift detection.\n\nFor more information, see the [BeyondTrust Privileged Remote Access Integration Documentation](https://docs.datadoghq.com/integrations/beyondtrust_privileged_remote_access/).\n\n**Tips**\n- Use the timeframe selector in the upper-right corner of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.",

[surabhipatel-crest]

Done

[estherk15]

Suggested change

	"title": "Events details",
	"title": "Event details",

[surabhipatel-crest]

Done

[estherk15]

Suggested change

	"title": "Top Hosts by network address action",
	"title": "Top hosts by network address action",

[surabhipatel-crest]

Done

[estherk15]

Suggested change

	"content": "Datadog Cloud SIEM analyzes and correlates the **BeyondTrust Privileged Remote Access** logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](/security/overview).",
	"content": "Datadog Cloud SIEM analyzes and correlates the **BeyondTrust Privileged Remote Access** logs to detect threats to your environment in real time. If you don't see any signals, make sure you've enabled [Datadog Cloud SIEM](/security/overview).",

[surabhipatel-crest]

Done

Review from estherk15 is dismissed. Related teams and files:

• documentation
  • beyondtrust_privileged_remote_access/assets/dashboards/beyondtrust_pra_authentication_and_access_management.json
  • beyondtrust_privileged_remote_access/assets/dashboards/beyondtrust_pra_identity_and_user_activity.json
  • beyondtrust_privileged_remote_access/assets/dashboards/beyondtrust_pra_network_and_platform_security.json
  • beyondtrust_privileged_remote_access/assets/dashboards/beyondtrust_pra_overview.json
  • beyondtrust_privileged_remote_access/manifest.json

[github-actions]

⚠️ The qa/skip-qa label has been added with shippable changes

The following files, which will be shipped with the agent, were modified in this PR and
the qa/skip-qa label has been added.

You can ignore this if you are sure the changes in this PR do not require QA. Otherwise, consider removing the label.

List of modified files that will be shipped with the agent

beyondtrust_privileged_remote_access/datadog_checks/beyondtrust_privileged_remote_access/__about__.py
beyondtrust_privileged_remote_access/datadog_checks/beyondtrust_privileged_remote_access/__init__.py
beyondtrust_privileged_remote_access/datadog_checks/beyondtrust_privileged_remote_access/data/conf.yaml.example
beyondtrust_privileged_remote_access/changelog.d/22381.added
beyondtrust_privileged_remote_access/pyproject.toml

Review from estherk15 is dismissed. Related teams and files:

• documentation
  • beyondtrust_privileged_remote_access/README.md