--- title: Claude Compliance description: >- Collect compliance logs from Claude for security monitoring and SIEM use cases. breadcrumbs: Docs > Integrations > Claude Compliance --- # Claude Compliance Integration version1.0.0 {% callout %} # Important note for users on the following Datadog sites: us2.ddog-gov.com {% alert level="info" %} To find out if this integration is available in your organization, see your [Datadog Integrations](https://app.datadoghq.com/integrations) page or ask your organization administrator. To initiate an exception request to enable this integration for your organization, email [support@ddog-gov.com](mailto:support@ddog-gov.com). {% /alert %} {% /callout %} Claude Compliance Logs - OverviewClaude Compliance Logs - Admin & SSO Activity StreamsClaude Compliance Logs - Recent ActivityClaude Compliance Logs - SSO & SAML Activity ## Overview{% #overview %} Datadog's Claude Compliance API integration ingests audit activity logs from Anthropic's [Compliance API](https://platform.claude.com/docs/en/api/compliance). With this integration, security and compliance teams can: - **Monitor SSO sign-ins and authentication events** across your organization - **Track API key lifecycle** (creation, deletion, scope updates) for Admin, Platform, and Scoped API keys - **Audit Anthropic Console activity** including member invites, role changes, and workspace updates - **Investigate Claude usage** at the audit level (chat views, project access, file operations) - **Detect security-sensitive events** with the included Cloud SIEM detection rules The Compliance API is available to Anthropic Enterprise plan customers with the Compliance API enabled in their organization settings. ## Setup{% #setup %} ### Prerequisites{% #prerequisites %} - An Anthropic **Enterprise plan** subscription - **Compliance API enabled** in Anthropic Organization settings under **Data and privacy** - An **Admin API key** (prefix `sk-ant-admin01-`) with the `read:compliance_activities` scope, or a dedicated **Compliance Access key** (prefix `sk-ant-api01-`) ### 1. Enable the Compliance API in Anthropic 1. Log in to the Anthropic Console as a Primary Owner. 1. Navigate to **Organization settings -> Data and privacy**. 1. Find the **Compliance API** section and click **Enable**. ### 2. Generate or locate an Admin API key 1. Navigate to **Organization settings -> API keys**. 1. Generate a new Admin API key, or use the existing key already configured for the [Anthropic Usage and Costs](https://app.datadoghq.com/integrations?integrationId=anthropic-usage-and-costs) integration (the same key is reused). 1. Copy the key to a secure location. ### 3. Configure the Datadog integration 1. Paste your **Admin API Key** into the configuration panel. 1. Click **Create Account**. ### 4. Validate 1. Wait up to 5 minutes for the first crawl. 1. Open [Log Explorer](https://app.datadoghq.com/logs?query=source%3Aclaude-compliance-logs) and filter on `source:claude-compliance-logs`. 1. Confirm logs appear with `evt.name` values such as `claude_chat_viewed`, `admin_api_key_created`, or `sso_login_succeeded`. ## Data Collected{% #data-collected %} ### Logs{% #logs %} The integration collects audit activity logs from `GET /v1/compliance/activities`. Each log includes: - A timestamp (`created_at`) with microsecond precision - An actor (user, API key, SCIM, or system) with email, user ID, IP address, and User-Agent when applicable - An activity `type` such as `sso_login_succeeded`, `admin_api_key_created`, `org_user_invite_accepted`, or `claude_chat_viewed` (150+ activity types across 35+ categories) - Organization and workspace context Logs are tagged `source:claude-compliance-logs` and processed by a Datadog log pipeline that flattens the actor object into standard `usr.*` and `network.client.*` attributes and enriches the source IP with GeoIP and the User-Agent string. ### Metrics{% #metrics %} Claude Compliance does not include any metrics. ### Service Checks{% #service-checks %} Claude Compliance does not include any service checks. ### Events{% #events %} Claude Compliance does not include any events. ## Troubleshooting{% #troubleshooting %} - **No logs after 10 minutes**: Verify the Compliance API is enabled in Anthropic Organization settings under Data and privacy. - **HTTP 403**: Confirm the Compliance API is enabled and that the Admin API key has the `read:compliance_activities` scope. - **Enterprise gate**: The Compliance API is only available on the Enterprise plan. Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).