Datadog dashboard made publicly accessible
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detects when a Datadog dashboard is made publicly accessible via a share link, which can expose internal metrics, logs, or business data to unauthenticated users.
Strategy
This rule monitors Datadog Dashboard audit events where @asset.type is dashboard_share_link and @action is created or modified. Public dashboard share links allow anyone with the URL to view the dashboard without authentication. Dashboards frequently contain sensitive operational data, infrastructure topology, service metrics, or business KPIs. Creating a public share link — intentionally or accidentally — can result in unintended data disclosure. Modification events are included to catch cases where an existing share link is reconfigured (for example, re-enabled after being disabled).
Triage and response
- Verify whether
{{@usr.email}} intended to make dashboard {{@asset.id}} publicly accessible. - Review the dashboard content for sensitive data including proprietary metrics, PII, infrastructure details, or internal business information.
- Check whether the public URL has already been accessed by reviewing any associated access logs.
- If the sharing was unintended or the content is sensitive, ask the user to disable the public share link immediately and confirm no unauthorized access occurred.
- If public sharing is legitimately required, confirm that the dashboard content has been reviewed and approved for external viewing.
