trishankatdatadog
commented
5 years ago @jhdalek55 @SantiagoTorres @JustinCappos Please send feedback, thanks!
Closed trishankatdatadog closed 4 years ago
trishankatdatadog
commented
5 years ago @jhdalek55 @SantiagoTorres @JustinCappos Please send feedback, thanks!
trishankatdatadog
commented
5 years ago @JustinCappos Thanks! Does the security analysis make sense to you?
JustinCappos
commented
5 years ago Sort of. I wonder about multi-key / role attacks, especially those that might be likely given your deployment model.
I like the general concept though.
On Thu, Aug 1, 2019 at 2:20 PM Trishank K Kuppusamy < notifications@github.com> wrote:
@JustinCappos https://github.com/JustinCappos Thanks! Does the security analysis make sense to you?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/in-toto/ITE/pull/5?email_source=notifications&email_token=AAGROD46SHYDDZGGR2W6IHDQCMSOPA5CNFSM4IF4JZOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3LO5MQ#issuecomment-517402290, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGRODZTC4TEXJE4LJDZRKDQCMSOPANCNFSM4IF4JZOA .
trishankatdatadog
commented
4 years ago Thanks for all your help, @adityasaky!
@JustinCappos, could we please get another review?
trishankatdatadog
commented
4 years ago @JustinCappos Okay, I resolved your comments above. Is there anything else you'd like to see, or we can we merge now?
trishankatdatadog
commented
4 years ago Thanks! Could we merge this?
SantiagoTorres
commented
4 years ago LGTM, thanks!
Datadog is a monitoring service for cloud-scale applications that monitors servers, databases, tools, and services through a software-as-a-service-based data analytics platform. It supports multiple cloud service providers, including Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Red Hat OpenShift. At the time of this writing, the company servers more than 8,000 customers, and collects trillions of monitoring record points on a daily basis.
The Datadog agent is the software that runs on virtual machines or containers. It collects events and metrics from these virtual machines or containers and sends them to Datadog, where customers can analyze their monitoring and performance data. The agent integrations are plug-ins that collect metrics from services running on customer infrastructure. Presently, there are more than one hundred integrations that come installed out-of-the-box with the Agent.
This ITE discusses the TUF security model used to distribute the Datadog Agent integrations in a compromise-resilient manner.