Overview

Cloud SIEM applies detection rules to all processed logs in Datadog to detect threats such as targeted attacks, communication with threat intel-listed IPs, or insecure resource modifications. Detected threats are surfaced as Security Signals in the Security Signals Explorer for triage.

This guide walks you through the following steps to start detecting threats with your OCI Audit logs:

1. Set up Datadog’s OCI integration
2. Enable log collection
3. Use Cloud SIEM to triage Security Signals

Set up Datadog’s OCI integration

Set up Datadog’s OCI integration using either the QuickStart (recommended) or the Terraform method.

Enable log collection

Ensure that log collection is enabled in the Datadog OCI integration tile:

Use Cloud SIEM to triage Security Signals

Cloud SIEM applies out-of-the-box detection rules to all processed logs, including your OCI Audit logs. When a threat is detected with a detection rule, a Security Signal is generated and can be viewed in the Security Signals Explorer.

• Go to the Cloud SIEM Signals Explorer to view and triage threats. See Investigate Security Signals for further details.
• See out-of-the-box detection rules that are applied to your logs.
• Create rules to detect threats that match your specific use case.

Further reading

Más enlaces, artículos y documentación útiles:

Explore Cloud SIEM default detection rulesDOCUMENTATION Learn about the Security Signals ExplorerDOCUMENTATION Create new detection rulesDOCUMENTATION