Cloud SIEM Data Security

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
This page is about the security of data sent to Datadog. If you're looking for cloud and application security products and features, see the Security section.

Overview

Datadog generates a security signal when at least one case defined in a detection rule is matched over a given period of time. You can customize detection rules to provide notification messages that contain specific information about the signal (for example, user ID, IP addresses, and so on) and the triggering group-by values of the signal. Security rules can also use webhooks to send notifications to third-party services.

Because data sent to Datadog may contain sensitive information, this document goes over those notification features and what to do if you do not want your users to have access to these features.

Security rules can use message template variables

When you create a detection rule you can customize the notification message with notification variables, which adds specific information related to the signal. For example, if the following JSON object is associated with a security signal:

{
  "network": {
    "client": {
      "ip": "1.2.3.4"
    }
  },
  "user": {
    "id": "user@domain.com"
  },
  "used_mfa": "false"
}

Using {{@network.client.ip}} in the notification message would display the IP address associated with the signal.

Contact support if you want to prevent users from adding template variables to notification messages.

Security rules can include triggering group-by values in the notification title

In the Describe your playbook sections for detection rules, you can add group-by values in the notification title. For example, if you are grouping by service, the service name shows in the title. Uncheck Include triggering group-by values in notification title to prevent group-by values from appearing in the title.

Contact support if you want to remove the Include triggering group-by values in notification title option.

Security rules can use webhooks

If your organization had HIPAA enabled in 2024 or earlier, reach out to Datadog support to enable webhooks for security rules.

Security notifications can be sent to integrations, such as Jira, PagerDuty, and webhooks. Contact support to prevent users from sending notifications to third-party services using webhooks.

Further reading

Documentation, liens et articles supplémentaires utiles:

Review the main categories of data submitted to DatadogDOCUMENTATION more more Set up a PCI-compliant Datadog organizationDOCUMENTATION more more