Skip to content

OCSF pipeline for cato-networks#24155

Open
jbfeldman-dd wants to merge 6 commits into
masterfrom
jonah.feldman/cato-networks
Open

OCSF pipeline for cato-networks#24155
jbfeldman-dd wants to merge 6 commits into
masterfrom
jonah.feldman/cato-networks

Conversation

@jbfeldman-dd

@jbfeldman-dd jbfeldman-dd commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What does this PR do?

  • Adds OCSF sub pipeline for Cato networks
  • Adds classes for `Detection Finding [2004], Authentication [3002], Network Activity [4003], RDP Activity [4005], SMB Activity [4006], SSH Activity [4007], Device Config State Change [5019], and Base Event [0]
  • Adds sample logs to cover all sub pipelines

@jbfeldman-dd jbfeldman-dd requested a review from a team as a code owner June 23, 2026 14:53
@datadog-prod-us1-4

This comment has been minimized.

Sign in to view
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 23, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ed22ea6021

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread cato_networks/assets/logs/cato-networks.yaml Outdated
@jbfeldman-dd jbfeldman-dd added the qa/skip-qa Automatically skip this PR for the next QA label Jun 23, 2026
jbfeldman-dd and others added 4 commits June 23, 2026 11:57
@jbfeldman-dd
CI alignment
604d560
@jbfeldman-dd
malformatted test
5d052fd
@jbfeldman-dd @claude
OCSF pipeline review fixes: facets, mappers, and naming
5d9a8bf 
- Add missing core OCSF facets (activity, category, class, severity, status, type, confidence, action, direction, rcode, state, auth_protocol)
- Remove forbidden facetType/type keys from port and time facets
- Fix OCSF facet indentation to 6-space to match non-OCSF facets
- Add action_id mapper to Network Activity [4001] sub-pipeline
- Restructure 2004 activity_id to ascending order with Other(99) fallback
- Rename pre-transformation string-builders per naming conventions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jbfeldman-dd @claude
Fix OCSF facets to match existing integration definitions
9025e4a 
- Add type: integer to ID facets (activity_id, category_uid, class_uid, severity_id, status_id, type_uid, action_id, auth_protocol_id, rcode_id)
- Restore facetType: range and type: integer on port and time facets
- Fix facet names to match shared definitions (Category, Class, Type ID, Response Code, etc.)
- Drop direction/direction_id facets (already owned by shared facet list)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@dd-octo-sts

dd-octo-sts Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Validation Report

All 21 validations passed.

Show details
Validation Description Status
agent-reqs Verify check versions match the Agent requirements file
ci Validate CI configuration and code coverage settings
codeowners Validate every integration has a CODEOWNERS entry
config Validate default configuration files against spec.yaml
dep Verify dependency pins are consistent and Agent-compatible
http Validate integrations use the HTTP wrapper correctly
imports Validate check imports do not use deprecated modules
integration-style Validate check code style conventions
jmx-metrics Validate JMX metrics definition files and config
labeler Validate PR labeler config matches integration directories
legacy-signature Validate no integration uses the legacy Agent check signature
license-headers Validate Python files have proper license headers
licenses Validate third-party license attribution list
metadata Validate metadata.csv metric definitions
models Validate configuration data models match spec.yaml
openmetrics Validate OpenMetrics integrations disable the metric limit
package Validate Python package metadata and naming
qa-label Validate the pull request declares whether it needs QA for the next Agent release
readmes Validate README files have required sections
saved-views Validate saved view JSON file structure and fields
version Validate version consistency between package and changelog

View full run

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments
@gfoss gfoss gfoss approved these changes

Assignees

No one assigned

Labels

ecosystems/review-requested integration/cato_networks product/review-requested qa/skip-qa Automatically skip this PR for the next QA team/logs-integrations-reviewers

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jbfeldman-dd @gfoss