OOTB Rules

OOTB Rules

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Datadog provides out-of-the-box (OOTB) rules to flag attacker techniques and potential misconfigurations so that you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account.

Filter by Logs Detection to see the Cloud SIEM rules, Workload Security to see Cloud Security Workload rules, Cloud Configuration or Infrastructure Configuration to see the Cloud Security Posture rules.

cloudtrail
Cloudtrail
>
cloudtrail An AWS S3 bucket lifecycle expiration policy was set to disabled
cloudtrail An AWS S3 bucket lifecycle policy expiration is set to < 90 days
cloudtrail An AWS S3 bucket lifecycle policy was deleted
cloudtrail An AWS S3 bucket mfaDelete is disabled
cloudtrail Anomalous AWS user executed a command on ECS container
cloudtrail Anomalous number of S3 buckets accessed
cloudtrail AWS AMI Made Public
cloudtrail AWS CloudTrail configuration modified
cloudtrail AWS CMK deleted or scheduled for deletion
cloudtrail AWS config modified
cloudtrail AWS Console brute force login
cloudtrail AWS Console login without MFA
cloudtrail AWS Console root login without MFA
cloudtrail AWS Detective Graph deleted
cloudtrail AWS EBS default encryption disabled
cloudtrail AWS EBS Snapshot Made Public
cloudtrail AWS EC2 subnet deleted
cloudtrail AWS ECS cluster deleted
cloudtrail AWS EventBridge rule disabled or deleted
cloudtrail AWS FlowLogs removed
cloudtrail AWS GuardDuty detector deleted
cloudtrail AWS GuardDuty publishing destination deleted
cloudtrail AWS IAM policy changed
cloudtrail AWS Network Access Control List created or modified
cloudtrail AWS Network Gateway created or modified
cloudtrail AWS RDS Cluster deleted
cloudtrail AWS root account activity
cloudtrail AWS Route 53 DNS query logging disabled
cloudtrail AWS Route 53 VPC disassociated from query logging configuration
cloudtrail AWS Route Table created or modified
cloudtrail AWS S3 Bucket Policy Made Public
cloudtrail AWS S3 Bucket policy modified
cloudtrail AWS S3 Buckets enumerated
cloudtrail AWS S3 Public Access Block removed
cloudtrail AWS security group created or modified
cloudtrail AWS Security Group Open to the World
cloudtrail AWS Security Hub disabled
cloudtrail AWS unauthorized activity
cloudtrail AWS VPC created or modified
cloudtrail CloudTrail global services are enabled
cloudtrail CloudTrail multi-region is enabled
cloudtrail New AWS Account Seen Assuming a Role into AWS Account
cloudtrail New EC2 Instance Type
cloudtrail New Private Repository Container Image detected in AWS ECR
cloudtrail New Public Repository Container Image detected in AWS ECR