DataDog · madhavpandya-crest · Jan 10, 2025 · Jan 10, 2025 · Jan 10, 2025 · Jan 13, 2025
@@ -396,6 +396,11 @@ datadog_checks_base/datadog_checks/base/checks/windows/              @DataDog/wi
 /hubspot_content_hub/manifest.json                                  @DataDog/saas-integrations @DataDog/documentation
 /hubspot_content_hub/assets/logs/                                   @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core
 
+/forcepoint_secure_web_gateway/                                     @DataDog/saas-integrations
+/forcepoint_secure_web_gateway/*.md                                 @DataDog/saas-integrations @DataDog/documentation
+/forcepoint_secure_web_gateway/manifest.json                        @DataDog/saas-integrations @DataDog/documentation
+/forcepoint_secure_web_gateway/assets/logs/                         @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend
+
 vonage/                                                            @DataDog/saas-integrations
 vonage/*.md                                                        @DataDog/saas-integrations @DataDog/documentation
 vonage/manifest.json                                               @DataDog/saas-integrations @DataDog/documentation

@@ -197,6 +197,8 @@ integration/fluxcd:
 - fluxcd/**/*
 integration/fly_io:
 - fly_io/**/*
+integration/forcepoint_secure_web_gateway:
+- forcepoint_secure_web_gateway/**/*
 integration/foundationdb:
 - foundationdb/**/*
 integration/freshservice:

@@ -0,0 +1,7 @@
+# CHANGELOG - Forcepoint Secure Web Gateway
+
+## 1.0.0 / 2025-01-07
+
+***Added***:
+
+* Initial Release
@@ -0,0 +1,73 @@
+## Overview
+
+[Forcepoint Secure Web Gateway][1] applies web security policies in the cloud or on the endpoint with distributed enforcement for secure, high-speed access to the web, wherever your people are. It also offers advanced DLP capabilities to keep sensitive information from leaking onto websites.
+
+
+
+This integration ingests the following logs:
+
+- **Web Logs**: Logs generated from general web traffic activity by users.
+- **Web DLP Logs**: Logs generated from Data Loss Prevention (DLP) specific policy actions.
+
+
+Forcepoint Secure Web Gateway integration gathers these logs and forwards them to Datadog for seamless analysis. Datadog leverages its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. With preconfigured out-of-the-box dashboards, the integration offers clear visibility into web activities. Additionally, it includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security.
+
+
+## Setup
+
+### Generate OAuth Token for Forcepoint Secure Web Gateway:
+1. Login to the Forcepoint ONE Security Service Edge Platform.
+2. Navigate to **SETTINGS > API Interface > OAuth**.
+3. **REST API OAuth Configuration** page opens which allows you to add and configure different levels of API permissions.
+4. To add a new configuration, click the **green** plus icon.
+5. On the **Edit Application** dialog, fill out the information as mentioned below:
+
+    a. **Name**: Name for the new application configuration
+
+    b. **Permissions**: Select **Access your Forcepoint logs (logs api)** option.
+
+    c. **Permitted User Groups**: Select as per your requirement. Default is **All**.
+
+    d. Click **Ok** to save the changes.
+    - You will now see your application added to the list, but still listed as **Pending** under status.
+6. Select the name of your application in the **Application** column to  go into the **Edit Application**.
+
+    a. On the **Edit Application** dialog, you will need the **Token Authorization URL** to authorize your current permission and get the access token.
+
+    b. Click on the URL and it will take you to the **Requested Access** page allowing you to **Approve** or **Deny** the application permission settings. Again you will need to send this URL to each permitted user and have them **Approve** their access.
+7. After you approve, you will be given an **Access Token** that is unique to that user  and that the user must keep. This access token will be required to configure integration in datadog. The token is valid forever and must be included in each request for authorization.
+8. Once access has been approved, you will notice that **Status** is changed to **Authorized**.
+
+
+For reference: [Setting up an OAuth token Documentation][2]
+
+### Connect your Forcepoint Secure Web Gateway Edge to Datadog
+
+1. Add your Access Token.
+   | Parameters          | Description                                                                           |
+   | ------------------- | ------------------------------------------------------------------------------------- |
+   | Access Token       | Access token generated above                      |
+
+2. Click the Save button to save your settings.
+
+## Data Collected
+
+### Logs
+
+The Forcepoint Secure Web Gateway integration collects and forwards Web logs and Web DLP logs to Datadog. 
+
+### Metrics
+
+The Forcepoint Secure Web Gateway integration does not include any metrics.
+
+### Events
+
+The Forcepoint Secure Web Gateway integration does not include any events.
+
+## Support
+
+For any further assistance, contact [Datadog support][3].
+
+[1]: https://www.forcepoint.com/product/secure-web-gateway-swg
+[2]:https://help.forcepoint.com/fpone/sse_admin/prod/oxy_ex-1/deployment_guide/guid-18f77855-8dc9-436a-9fba-179f06a81066.html
+[3]: https://docs.datadoghq.com/help/