- 重要な情報
- アプリ内
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
With Cloud SIEM and CWS Security Signal Management, users with the Security Signals Write
permission can take action on security signal detections generated within the previous two days, such as change state, and view signal action history in the Audit Log. Within the signal explorer, users can use dedicated facets to filter signals that have been acted upon and view high-level information about actions within a row. After you take action on a signal, you can see your activity in the Audit Log.
Security signals can be viewed and managed by navigating to Security > Security Signals > selecting a Cloud SIEM or CWS signal, and taking actions through the header in the side panel view.
Learn more about Datadog’s default roles in the RBAC docs and granular role-based access control permissions available for Datadog Security in the Cloud Security RBAC docs.
To modify the signal state, enable the “Security Signals Write” permission for each user.
A Security Signal is created when Datadog detects a threat based on a security rule. View, search, filter, and correlate security signals in the Signal Explorer without needing to learn a dedicated query language. You can either monitor signals from Datadog Security, or configure Notification Rules to send signals to third-party tools. Signals can be assigned to yourself or another user in the Datadog platform.
The status of a signal can be one of the following:
When you take action on a signal, a confirmation toast appears that allows you to Undo the action. You’ll see it in a banner above the signal side panel when you save the action. The banner shows the action taken, by who, and when.
The Security Signal Explorer displays all signals that your role permits you to view. After selecting Security Signals, filter the signals as follows:
@workflow.triage.state
. This displays signal status and allows for sorting by status through the header.@workflow.triage.state:
and include the desired state to filter on in the query.To change signal state, follow the instructions below:
In Datadog, select Security from the main navigation menu on the left, and select Security Signals from the menu.
Select a Log Detection or Workload Security Signal from the table.
To assign a signal to yourself or another Datadog user, navigate to the user profile icon with the plus sign in the top right corner of the Signal side panel.
Navigate to the top right corner of the Signal side panel, and select your desired status from the dropdown menu. The default status is Open.
Once you save the status, a confirmation toast appears that states which action was taken with the opportunity to “Undo” the action. You’ll see it in a banner above the signal side panel when you save the action. The banner shows the action taken, by who, and when.
Any security signal warning of a possible disruption to your organization’s services can be considered an incident. It is often necessary to have a set framework for handling these threats. Incident Management provides a system to effectively identify and mitigate incidents.
Declare an incident directly from a Cloud SIEM or Cloud Workload Security signal by clicking the kebab button on the top right of the side panel, and clicking Declare incident.
Declare an incident from an Application Security Management signal by selecting the export button on the top right of the side panel, and clicking Export to incident.
As an administrator or security team member, you can use Datadog Audit Trail to see what actions your team is taking within the Security Product. As an individual, you can see a stream of your own actions. The Audit Trail Explorer displays all signal actions taken. Navigate to Organization Settings and select Audit Logs Settings under Security.
To exclusively show Audit Logs generated by actions taken in Datadog Security:
@evt.name:"Security Monitoring"
OR