- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Cloud SIEM applies detection rules to all processed logs in Datadog to detect threats, like a targeted attack, a threat intel listed IP communicating with your systems, or an insecure configuration. The threats are surfaced as Security Signals in the Security Signals Explorer for triaging.
This guide walks you through the following steps so that you can start detecting threats with your AWS CloudTrail logs:
Go to Datadog’s AWS integration tile to install the integration.
Click Automatically Using CloudFormation. If there is already an AWS account set up, click Add Another Account first.
Select the AWS Region where the CloudFormation stack will be launched.
Select or create the Datadog API Key used to send data from your AWS account to Datadog.
Select Yes for Send Logs to Datadog to set up the Datadog Lambda Forwarder to be used later for sending AWS CloudTrail logs to Datadog.
Click Launch CloudFormation Template. This opens the AWS Console and loads the CloudFormation stack with the parameters filled in based on your selections in the Datadog form.
Note: The DatadogAppKey
parameter enables the CloudFormation stack to make API calls to Datadog, allowing it to add and edit the configuration for this AWS account. The key is automatically generated and tied to your Datadog account.
Check the required boxes from AWS and click Create stack.
After the CloudFormation stack is created, return to the AWS integration tile in Datadog and click Ready!
Notes:
Enable AWS CloudTrail logging so that logs are sent to a S3 bucket. If you already have this setup, skip to Send AWS CloudTrail logs to Datadog.
Set up a trigger on your Datadog Forwarder Lambda function to send CloudTrail logs stored in the S3 bucket to Datadog for monitoring.
See Log Explorer for more information on how to search and filter, group, and visualize your logs.
Cloud SIEM applies out of the box detection rules to all processed logs, including the CloudTrail logs you have just set up. When a threat is detected with a Detection Rule, a Security Signal is generated and can be viewed in the Security Signals Explorer.
Since Cloud SIEM applies detection rules to all processed logs, see the in-app instructions on how to collect Kubernetes audit logs and logs from other sources for threat detection. You can also enable different AWS services to log to a S3 bucket and send them to Datadog for threat monitoring.
추가 유용한 문서, 링크 및 기사: