Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Overview
Supply Chain Firewall is a command-line tool designed to prevent the installation of malicious packages from PyPI and npm. It is primarily intended for engineers to safeguard their development workstations against supply-chain attacks and reduce the risk of compromise during software development.
Integrate Supply Chain Firewall with Datadog’s pre-built dashboard visualizations to gain insights into Package Manager logs. With Datadog’s built-in log pipelines, you can parse and enrich these logs to facilitate easy search and detailed insights. Additionally, the integration includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security.
Minimum Agent version: 7.69.1
Setup
Configuration
Execute the following command to start configuration for Supply Chain Firewall:
scfw configure
Follow the setup prompts and configure the options as needed. During the log forwarding configuration, choose one of the options below to send logs to Datadog, based on your preferences:
Option 1: Sending Logs through the Datadog Agent
Configure log forwarding through the Datadog Agent:
[?] If you have the Datadog Agent installed locally, would you like to forward firewall logs to it? (y/N): y
[?] Enter the local port where the Agent will receive logs (default: 10365): <PORT>
[?] Select the desired log level for Datadog logging:
> Log allowed and blocked commands
This will automatically create the scfw.d/conf.yaml file in the conf.d/ folder at the root of your Agent’s configuration directory, using the provided port for TCP log forwarding.
Log collection is disabled by default in the Datadog Agent. Enable it by editing the datadog.yaml file:
logs_enabled:true
Restart the agent to begin accepting firewall logs:
sudo systemctl restart datadog-agent
Option 2: Sending Logs through an API Key
Configure log forwarding using the Datadog API key:
[?] If you have the Datadog Agent installed locally, would you like to forward firewall logs to it? (y/N): N
[?] Would you like to enable sending firewall logs to Datadog using an API key? (y/N): y
[?] Enter a Datadog API key: <DATADOG_API_KEY>
[?] Select the desired log level for Datadog logging:
> Log allowed and blocked commands
By default, the Datadog instance site is set to us1. If your instance uses a different site, set the DD_SITE environment variable accordingly using the appropriate Site Parameter from the Datadog site documentation.
After setup, update your current shell environment:
For Bash:
source ~/.bashrc
For Zsh:
source ~/.zshrc
Validation
If you selected Option 1 to forward logs through the Datadog Agent, run the Agent’s status subcommand and look for scfw under the Logs Agent section.
Data Collected
Logs
The Supply Chain Firewall integration collects and forwards Package Manager logs to Datadog.
Metrics
The Supply Chain Firewall integration does not include any metrics.
Events
The Supply Chain Firewall integration does not include any events.
