A security signal is generated when a threat is detected in Datadog Security. You can send notifications to keep your team informed when these signals are generated.
Notifications can be set up for specific detection rules and also more broadly with notification rules. See Notification Variables to learn how to customize the notifications based on the signal’s severity and specific context on the threat.
Send notifications through email, Slack, Jira, PagerDuty, or a webhook.
Notify an active Datadog user by email with
Note: An email address associated with a pending Datadog user invitation or a disabled user is considered inactive and does not receive notifications.
Notify any non-Datadog user by email with
Notify your team through connected integrations by using the format
This table lists prefixes and example links:
Handles that include parentheses (
)) are not supported. When a handle with parentheses is used, the handle is not parsed and no alert is created.
Detection Rule notifications
When you create or modify a new detection rule, you can use the Set rule case and Say what’s happening section to define the notifications that are sent.
Set rule case
In the Set rule case section, add rule cases to determine when a detection rule triggers a security signal and the severity of the signal. Use the Notify dropdown to send signal notifications generated from that case to the selected recipient(s).
Say what’s happening
Use the Say what’s happening section to determine the content that is sent when a signal is generated.
Add a rule name for your detection rule. The rule name appears in the Detection Rules list view, as well as the title of the signal.
Use standard Markdown and notification variables to provide specific details about the signal by referencing its tags and event attributes.
Use the Tag resulting signals dropdown to tag your signals with different tags. For example,
Notification rules allow you to set general alerting preferences so that you don’t have to set up notification preferences for individual detection rules. For example, you can set up a notification rule to send a notification if any
HIGH severity signal is triggered. See Notification Rules for more information on setup and configuration.