iboss

Supported OS Linux Windows Mac OS

통합 버전1.0.0
iboss - Logs Overview
iboss - Real-Time Bandwidth Log Analytics
iboss - Real-Time Web Log Analytics
iboss - Real-Time Digital Experience Log Analytics
iboss - Threat Metrics Report
iboss - Gateway Performance Metrics
iboss - Zero Trust Metrics Report
iboss - CASB Metrics Report
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

iboss provides secure internet access and Zero Trust enforcement for users, wherever they are. It combines key security functions such as Secure Web Gateway (SWG), CASB, ZTNA, and DLP into a single, scalable solution. Traffic is routed through iboss’s infrastructure to ensure consistent policy enforcement and threat protection.

This integration parses and ingests the following types of logs:

  • Web Logs: Provides information about client requests to web resources, enabling monitoring of web traffic and policy enforcement.
  • DLP Logs: Provides information related to data loss prevention, tracking policy enforcement, and potential sensitive data exposures.
  • Audit Logs: Provides information about user and system activities to ensure traceability and support compliance monitoring.

You can visualize detailed insights into these logs through the out-of-the-box dashboards. Additionally, ready-to-use Cloud SIEM detection rules are available to help you monitor and respond to potential security threats effectively.

This integration collects the following metrics:

  • Gateway Performance: Provides insights into request volumes, resource utilization, processing times, and error counts to monitor the health and efficiency of iboss gateways.
  • Bandwidth: Provides information about data usage across domains, users, locations, and protocols, enabling monitoring of network traffic volume and flow patterns.
  • Digital Experience: Provides insights into user experience by measuring connection times between clients, proxies, and servers across users, assets, and locations.
  • Web: Provides visibility into user web activity, including site visits, blocks, malware detections, and search trends, to support usage analysis and policy effectiveness.
  • CASB: Provides insights into cloud app usage, user behavior, and traffic patterns, enabling visibility, threat detection, and enforcement of cloud access policies.
  • Threat: Provides visibility into detected and prevented threats across users, assets, IPs, and geolocations, enabling threat trend analysis and risk monitoring.
  • Zero Trust: Provides visibility into users, devices, resources, and traffic, enabling continuous monitoring, trust evaluation, and policy enforcement within the Zero Trust framework.

Note: All metrics except for Gateway Performance are collected once per day, only after the complete daily iboss report is available.

Visualize detailed insights into these metrics through the out-of-the-box dashboards. Additionally, monitors are provided to alert you to any potential issues.

Dashboards

Logs

Here is the list of dashboards populated using logs:

  • iboss - Logs Overview
  • iboss - Web & DLP Logs
  • iboss - Audit Logs
  • iboss - Real-Time Digital Experience Log Analytics
  • iboss - Real-Time Web Log Analytics
  • iboss - Real-Time Bandwidth Log Analytics
  • iboss - Real-Time Zero Trust Log Analytics
  • iboss - Real-Time Threat Log Analytics
  • iboss - Real-Time CASB Log Analytics

Metrics

Here is the list of dashboards populated using metrics:

  • iboss - Gateway Performance Metrics
  • iboss - Digital Experience Metrics Report
  • iboss - Web Analytics Metrics Report
  • iboss - Bandwidth Metrics Report
  • iboss - Zero Trust Metrics Report
  • iboss - Threat Metrics Report
  • iboss - CASB Metrics Report

Monitors

Logs

Here is the list of monitors for logs:

  • Excessive bandwidth usage detected
  • High average application peer time detected
  • High rate of unprevented threats detected

Metrics

Here is the list of monitors for metrics:

  • Anomalous increase in gateway requests per second detected
  • High gateway load detected
  • High proxy error rate detected
  • High proxy response time detected

Setup

Note: The following steps are required only for collecting metrics. For log collection, see the Log collection section below.

Generate API credentials in iboss

To collect metrics, you can either use an existing user with Full Administrator access to the Reporting & Analytics module, or create a custom user with a custom RBAC group by following the steps to set up reporting-only permissions and assign the user to that RBAC group.

Create New RBAC

  1. Log into iboss portal as a System Administrator.
  2. Go to Home > System Administrators.
  3. Switch to the Role-Based Access Control tab.
  4. Click Add Custom RBAC Group.
  5. Enter a Display Name for the RBAC.
  6. In the General Info & Permissions tab, enable only the Reporting & Analytics option to limit permissions to reporting only. Next, go to the Reporting & Analytics Permissions tab and choose Full Administrator from the Permission Type dropdown to allow complete access within the reporting module.
  7. Click on Add RBAC Group.

Create New User

  1. Log into iboss portal as System Administrator.
  2. Go to Home > System Administrators.
  3. Click Add New System Administrator.
  4. Add details for System Administrator Email Address, First Name, and Last Name.
  5. For Use RBAC Groups, select the RBAC group with minimal permissions.
  6. Click Add New System Administrator.

Note: Make sure that MFA is disabled for the user account used by this integration.

Connect your iboss Account to Datadog

  1. Add your iboss email address and password.

    ParametersDescription
    Email AddressThe email address of your iboss account.
    PasswordThe password of your iboss account.
    Collect gateway performance metricsEnable to collect gateway performance metrics from iboss. The default value is true.
    Collect bandwidth metricsEnable to collect bandwidth metrics from iboss. The default value is true.
    Collect Digital Experience metricsEnable to collect digital experience metrics from iboss. The default value is true.
    Collect web metricsEnable to collect web metrics from iboss. The default value is true.
    Collect CASB metricsEnable to collect CASB metrics from iboss. The default value is true.
    Collect threat metricsEnable to collect threat metrics from iboss. The default value is true.
    Collect Zero Trust metricsEnable to collect zero trust metrics from iboss. The default value is true.

  2. Click Save.

Installation

Note: These steps are only required for collecting logs.

To install the iboss integration, run the following Agent installation command in your terminal, then complete the configuration steps below. For more information, see the Integration Management documentation.

Note: This step is not necessary for Agent version >= 7.69.0 .

sudo -u dd-agent -- datadog-agent integration install datadog-iboss==1.0.0

Configuration

Log collection

  1. Collecting logs is disabled by default in the Datadog Agent. Enable it in datadog.yaml:

    logs_enabled: true

  2. Open your iboss.d/conf.yaml file, and add the following block to enable log collection.

    See the sample configuration file (iboss.d/conf.yaml) for available options.

    logs:
  - type: tcp # or 'udp'
    port: <PORT>
    source: iboss
    service: iboss

    Note:

    • PORT: Port should be similar to the port provided in Configure syslog message forwarding from iboss section.
    • Datadog recommends that you do not change the service and source values, as these parameters are integral to the pipeline’s operation.

  3. Restart the Agent.

Configure syslog message forwarding from iboss

  1. Log into the iboss portal.
  2. Navigate to Integration Marketplace, then select Log Forwarding from the left-hand menu and click the Configure button associated with the Syslog Log Forwarding widget.
  3. Click the Add Integration button to add the Syslog integration.
  4. Configure the settings as follows:
    • Forward From: Select Reporter from the dropdown.
    • Select Reporting Database: Select the Reporting Database.
    • Service Name: Choose a descriptive name for the integration.
    • Enable Service: Set this to Enabled.
    • Log Type: Select URL from the dropdown.
    • Protocol Type: Select UDP or TCP from the dropdown.
    • Syslog Facility Level: Select Facility Syslog from the dropdown.
    • Reporting Group: Select All from dropdown.
    • Host Name: Enter the fully qualified domain name or IP address of the syslog server.
    • Port: Enter the port.
    • Log Format: Select JSON from the dropdown.
    • Transfer Interval: Select Continuous from the dropdown.
    • Field Delimiter: Select SPACE from the dropdown.
    • Send DLP/Web/DNS/Malware/Audit/ConnectionError Logs: Set to Enable based on your preference for sending logs.
    • Fields to Forward: Add all fields except DLP Base64 Encoded Meta Data, Base64 Encoded Meta Data, and Chat GPT Message.
      After entering the required details, click Add Service.

Note:

  • If you have multiple reporter nodes, make sure to repeat steps 3 and 4 for each reporter node.
  • The Send Connection Error Logs toggle in iboss should only be visible if Send Web Logs toggle is disabled.

Validation

Run the Agent’s status subcommand and look for iboss under the Logs Agent section.

Data Collected

Logs

FormatEvent Types
JSONWeb Logs, DLP Logs, Audit Logs

Metrics

The iboss integration collects and forwards Gateway Performance, Bandwidth, Digital Experience, Web, CASB, Threat, and Zero Trust metrics to Datadog.

iboss.bandwidth.countries.total_bytes
(gauge)		Total number of bytes consumed by countries.
Shown as byte
iboss.bandwidth.countries.total_connections
(gauge)		Total number of connections for countries.
Shown as connection
iboss.bandwidth.countries.total_downstream_bytes
(gauge)		Total number of downstream bytes to countries.
Shown as byte
iboss.bandwidth.countries.total_packets
(gauge)		Total number of packets transmitted for countries.
Shown as packet
iboss.bandwidth.countries.total_upstream_bytes
(gauge)		Total number of upstream bytes from countries.
Shown as byte
iboss.bandwidth.domains.total_bytes
(gauge)		Total number of bytes consumed by domains.
Shown as byte
iboss.bandwidth.domains.total_connections
(gauge)		Total number of connections for domains.
Shown as connection
iboss.bandwidth.domains.total_downstream_bytes
(gauge)		Total number of downstream bytes to domains.
Shown as byte
iboss.bandwidth.domains.total_packets
(gauge)		Total number of packets transmitted for domains.
Shown as packet
iboss.bandwidth.domains.total_upstream_bytes
(gauge)		Total number of upstream bytes from domains.
Shown as byte
iboss.bandwidth.location.total_bytes
(gauge)		Total number of bytes consumed by locations.
Shown as byte
iboss.bandwidth.location.total_connections
(gauge)		Total number of connections for locations.
Shown as connection
iboss.bandwidth.location.total_downstream_bytes
(gauge)		Total number of downstream bytes to locations.
Shown as byte
iboss.bandwidth.location.total_packets
(gauge)		Total number of packets transmitted for locations.
Shown as packet
iboss.bandwidth.location.total_upstream_bytes
(gauge)		Total number of upstream bytes from locations.
Shown as byte
iboss.bandwidth.protocol.total_bytes
(gauge)		Total number of bytes consumed by protocols.
Shown as byte
iboss.bandwidth.protocol.total_connections
(gauge)		Total number of connections for protocols.
Shown as connection
iboss.bandwidth.protocol.total_downstream_bytes
(gauge)		Total number of downstream bytes to protocols.
Shown as byte
iboss.bandwidth.protocol.total_packets
(gauge)		Total number of packets transmitted for protocols.
Shown as packet
iboss.bandwidth.protocol.total_upstream_bytes
(gauge)		Total number of upstream bytes from protocols.
Shown as byte
iboss.bandwidth.users.total_bytes
(gauge)		Total number of bytes consumed by users.
Shown as byte
iboss.bandwidth.users.total_connections
(gauge)		Total number of connections for users.
Shown as connection
iboss.bandwidth.users.total_downstream_bytes
(gauge)		Total number of downstream bytes to users.
Shown as byte
iboss.bandwidth.users.total_packets
(gauge)		Total number of packets transmitted for users.
Shown as packet
iboss.bandwidth.users.total_upstream_bytes
(gauge)		Total number of upstream bytes from users.
Shown as byte
iboss.casb.app_count
(gauge)		Total number of applications monitored.
iboss.casb.application.block_count
(gauge)		Total number of blocks per application.
iboss.casb.application.hit_count
(gauge)		Total number of hits per application.
iboss.casb.application.traffic
(gauge)		Traffic volume per application.
Shown as byte
iboss.casb.category.block_count
(gauge)		Total number of blocks by category.
iboss.casb.category.hit_count
(gauge)		Total number of hits by category.
iboss.casb.category.traffic
(gauge)		Traffic volume by category.
Shown as byte
iboss.casb.traffic
(gauge)		Traffic volume analyzed.
Shown as byte
iboss.casb.users
(gauge)		Total number of users monitored.
iboss.casb.users.block_count
(gauge)		Total number of blocks per user.
iboss.casb.users.hit_count
(gauge)		Total number of hits per user.
iboss.casb.users.traffic
(gauge)		Traffic volume per user.
Shown as byte
iboss.digital_experience.assets.client_peer_time_avg
(gauge)		Average client response time per asset.
Shown as millisecond
iboss.digital_experience.assets.proxy_dns_time_avg
(gauge)		Average DNS resolution time per asset.
Shown as millisecond
iboss.digital_experience.assets.server_peer_time_avg
(gauge)		Average server response time per asset.
Shown as millisecond
iboss.digital_experience.client_peer_time_avg
(gauge)		Average client response time.
Shown as millisecond
iboss.digital_experience.countries.client_peer_time_avg
(gauge)		Average client response time per country.
Shown as millisecond
iboss.digital_experience.countries.proxy_dns_time_avg
(gauge)		Average DNS resolution time per country.
Shown as millisecond
iboss.digital_experience.countries.server_peer_time_avg
(gauge)		Average server response time per country.
Shown as millisecond
iboss.digital_experience.proxy_dns_time_avg
(gauge)		Average DNS resolution time.
Shown as millisecond
iboss.digital_experience.resources.client_peer_time_avg
(gauge)		Average client response time per resource.
Shown as millisecond
iboss.digital_experience.resources.proxy_dns_time_avg
(gauge)		Average DNS resolution time per resource.
Shown as millisecond
iboss.digital_experience.resources.server_peer_time_avg
(gauge)		Average server response time per resource.
Shown as millisecond
iboss.digital_experience.server_peer_time_avg
(gauge)		Average server response time.
Shown as millisecond
iboss.digital_experience.users.client_peer_time_avg
(gauge)		Average client response time per user.
Shown as millisecond
iboss.digital_experience.users.proxy_dns_time_avg
(gauge)		Average DNS resolution time per user.
Shown as millisecond
iboss.digital_experience.users.server_peer_time_avg
(gauge)		Average server response time per user.
Shown as millisecond
iboss.gateway_performance.cpu_utilization
(gauge)		CPU utilization percentage.
Shown as percent
iboss.gateway_performance.dns_time_average
(gauge)		Average time for DNS resolution.
Shown as second
iboss.gateway_performance.proxy_error_count
(gauge)		Total number of proxy errors.
Shown as request
iboss.gateway_performance.proxy_time_average
(gauge)		Average time for proxy request processing.
Shown as second
iboss.gateway_performance.total_block_count
(gauge)		Total number of requests blocked by the gateway.
Shown as request
iboss.gateway_performance.total_proxy_request_count
(gauge)		Total number of proxy requests.
Shown as request
iboss.gateway_performance.total_request_count
(gauge)		Total number of requests processed by the gateway.
Shown as request
iboss.threat.asset.prevented_threat_count
(gauge)		Total number of prevented threats per asset.
iboss.threat.asset.threat_count
(gauge)		Total number of threats per asset.
iboss.threat.destination_country.prevented_threat_count
(gauge)		Total number of prevented threats by destination country.
iboss.threat.destination_country.threat_count
(gauge)		Total number of threats by destination country.
iboss.threat.destination_ip.prevented_threat_count
(gauge)		Total number of prevented threats by destination IP.
iboss.threat.destination_ip.threat_count
(gauge)		Total number of threats by destination IP.
iboss.threat.source_country.prevented_threat_count
(gauge)		Total number of prevented threats by source country.
iboss.threat.source_country.threat_count
(gauge)		Total number of threats by source country.
iboss.threat.source_ip.prevented_threat_count
(gauge)		Total number of prevented threats by source IP.
iboss.threat.source_ip.threat_count
(gauge)		Total number of threats by source IP.
iboss.threat.total_assets_with_threats
(gauge)		Total number of assets affected by threats.
iboss.threat.total_prevented_threat_count
(gauge)		Total number of prevented threats.
iboss.threat.total_threat_count
(gauge)		Total number of detected threats.
iboss.threat.total_users_with_threats
(gauge)		Total number of users impacted by threats.
iboss.threat.types.prevented_threat_count
(gauge)		Total number of prevented threats.
iboss.threat.types.threat_count
(gauge)		Total number of threats.
iboss.threat.user.prevented_threat_count
(gauge)		Total number of prevented threats per user.
iboss.threat.user.threat_count
(gauge)		Total number of threats per user.
iboss.web.categories.blocks
(gauge)		Total number of blocks on categorized content.
iboss.web.categories.hits
(gauge)		Total number of hits on categorized content.
iboss.web.domain.total_block_count
(gauge)		Total number of domains blocked.
iboss.web.domain.total_hit_count
(gauge)		Total number of hits to domains.
iboss.web.domain.total_malware_count
(gauge)		Total number of malware incidents on domains.
iboss.web.domain.total_sandbox_count
(gauge)		Total number of domains sandboxed.
iboss.web.search_trends.filter_avoidance.hits
(gauge)		Total number of hits on filter-avoidance terms.
iboss.web.search_trends.liability.hits
(gauge)		Total number of hits on liability-risk terms.
iboss.web.search_trends.suspicious.hits
(gauge)		Total number of hits on suspicious search terms.
iboss.web.search_trends.trending_search_terms.hits
(gauge)		Total number of hits on trending search terms.
iboss.web.user.total_block_count
(gauge)		Total number of blocks per user.
iboss.web.user.total_hit_count
(gauge)		Total number of hits per user.
iboss.web.user.total_malware_count
(gauge)		Total number of malware incidents per user.
iboss.web.user.usetime
(gauge)		User activity time.
Shown as millisecond
iboss.zero_trust.asset.average_confidence_score
(gauge)		Average confidence score for assets.
iboss.zero_trust.asset.traffic
(gauge)		Traffic volume per asset.
Shown as byte
iboss.zero_trust.asset.transactions
(gauge)		Total number of transactions per asset.
iboss.zero_trust.policy_action.traffic
(gauge)		Traffic volume per policy action.
Shown as byte
iboss.zero_trust.policy_action.transactions
(gauge)		Total number of transactions per policy action.
iboss.zero_trust.resource.average_confidence_score
(gauge)		Average confidence score for resources.
iboss.zero_trust.resource.traffic
(gauge)		Traffic volume per resource.
Shown as byte
iboss.zero_trust.resource.transactions
(gauge)		Total number of transactions per resource.
iboss.zero_trust.resource_category.traffic
(gauge)		Traffic volume per resource category.
Shown as byte
iboss.zero_trust.resource_category.transactions
(gauge)		Total number of transactions per resource category.
iboss.zero_trust.resource_location.traffic
(gauge)		Traffic volume per resource location.
Shown as byte
iboss.zero_trust.resource_location.transactions
(gauge)		Total number of transactions per resource location.
iboss.zero_trust.resource_type.traffic
(gauge)		Traffic volume per resource type.
Shown as byte
iboss.zero_trust.resource_type.transactions
(gauge)		Total number of transactions per resource type.
iboss.zero_trust.total_asset_count
(gauge)		Total number of assets monitored.
iboss.zero_trust.total_resource_count
(gauge)		Total number of resources monitored.
iboss.zero_trust.total_user_count
(gauge)		Total number of users monitored.
iboss.zero_trust.traffic
(gauge)		Traffic volume analyzed.
Shown as byte
iboss.zero_trust.transactions
(gauge)		Total number of transactions processed.
iboss.zero_trust.user.average_confidence_score
(gauge)		Average confidence score for users.
iboss.zero_trust.user.traffic
(gauge)		Traffic volume per user.
Shown as byte
iboss.zero_trust.user.transactions
(gauge)		Total number of transactions per user.

Events

The iboss integration does not include any events.

Troubleshooting

Permission denied while port binding

If you see a Permission denied error while port binding in the Agent logs:

  1. Binding to a port number under 1024 requires elevated permissions. Grant the necessary permissions using the setcap command:

    sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent

  2. Verify the setup is correct by running the getcap command:

    sudo getcap /opt/datadog-agent/bin/agent/agent

    You should see output similar to:

    /opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep

    Note: Re-run this setcap command every time you upgrade the Agent.

  3. Restart the Agent.

Data is not being collected

Ensure firewall settings allow traffic through the configured port.

Port already in use

On systems running Syslog, the Agent may fail to bind to port 514 and display the following error:

Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use

This error occurs because Syslog uses port 514 by default.

To resolve:

  • Disable Syslog, OR
  • Configure the Agent to listen on a different, available port.

For further assistance, contact Datadog support.