To get started with Datadog Security Monitoring, follow these three steps:
Datadog’s Log Collection documentation provides detailed information on collecting logs from many different sources into Datadog. All ingested logs are first parsed and enriched. In real time, Detection Rules apply to all processed logs to maximize detection coverage without any of the traditionally associated performance or cost concerns of indexing all of your log data. Read more about Datadog’s Logging without Limits™.
Datadog provides out of the box Detection Rules, which begin detecting threats in your environment immediately. The default enabled Detection Rules detect threats according to known best practices. More mature security organizations may wish to enable more rules to begin detecting more advanced threats. Additionally, more advanced templates are included to provide guidance on how to detect threats in your custom applications. Refer to the Detection Rules documentation for further details.
When a threat is detected with a Detection Rule, a Security Signal is generated. The Security Signals can be correlated and triaged in the Security Signals Explorer. Refer to the Security Signals Explorer documentation for further details.