--- title: Cloud SIEM Data Security description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Reducing Data Related Risks > Cloud SIEM Data Security --- # Cloud SIEM Data Security {% alert level="info" %} This page is about the security of data sent to Datadog. If you're looking for cloud and application security products and features, see the Security section. {% /alert %} ## Overview{% #overview %} Datadog generates a security signal when at least one case defined in a detection rule is matched over a given period of time. You can customize detection rules to provide notification messages that contain specific information about the signal (for example, user ID, IP addresses, and so on) and the triggering group-by values of the signal. Security rules can also use webhooks to send notifications to third-party services. Because data sent to Datadog may contain sensitive information, this document goes over those notification features and what to do if you do not want your users to have access to these features. ## Security rules can use message template variables{% #security-rules-can-use-message-template-variables %} When you create a detection rule you can customize the notification message with [notification variables](https://docs.datadoghq.com/security/notifications/variables/?tab=cloudsiem#template-variables), which adds specific information related to the signal. For example, if the following JSON object is associated with a security signal: ``` { "network": { "client": { "ip": "1.2.3.4" } }, "user": { "id": "user@domain.com" }, "used_mfa": "false" } ``` Using `{{@network.client.ip}}` in the notification message would display the IP address associated with the signal. Contact [support](https://docs.datadoghq.com/help/) if you want to prevent users from adding template variables to notification messages. ## Security rules can include triggering group-by values in the notification title{% #security-rules-can-include-triggering-group-by-values-in-the-notification-title %} In the **Describe your playbook** sections for [detection rules](https://docs.datadoghq.com/security/cloud_siem/detect_and_monitor/custom_detection_rules/create_rule/real_time_rule?tab=threshold#describe-your-playbook), you can add group-by values in the notification title. For example, if you are grouping by `service`, the service name shows in the title. Uncheck **Include triggering group-by values in notification title** to prevent group-by values from appearing in the title. Contact [support](https://docs.datadoghq.com/help/) if you want to remove the **Include triggering group-by values in notification title** option. ## Security rules can use webhooks{% #security-rules-can-use-webhooks %} {% alert level="warning" %} If your organization had HIPAA enabled in 2024 or earlier, reach out to [Datadog support](https://docs.datadoghq.com/help/) to enable webhooks for security rules. {% /alert %} Security notifications can be sent to [integrations](https://docs.datadoghq.com/security/notifications/#integrations), such as Jira, PagerDuty, and [webhooks](https://docs.datadoghq.com/integrations/webhooks/). Contact [support](https://docs.datadoghq.com/help/) to prevent users from sending notifications to third-party services using webhooks. ## Further reading{% #further-reading %} - [Review the main categories of data submitted to Datadog](https://docs.datadoghq.com/data_security/) - [Set up a PCI-compliant Datadog organization](https://docs.datadoghq.com/data_security/pci_compliance/)