Notifications

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.
이용 가능:

Cloud SIEM | Cloud Security Management | Application Security Management

Overview

Notifications help you keep your team informed when a vulnerability or security signal is detected. Vulnerabilities and security signals are generated when at least one case defined in a detection rule is matched over a given period of time. By promptly alerting your team, notifications ensure that immediate action can be taken to address any potential security issues, enhancing your organization’s overall security posture.

Notification types

Notifications can be set up for individual detection rules and also more broadly with notification rules.

Detection rules

When you create or modify a detection rule, you can define the notifications that are sent. For example, you can add rule cases to determine when a detection rule triggers a security signal.

You can also customize the notification message using Markdown and notification variables. This allows you to provide additional details about the signal by referencing its tags and event attributes. You can also add tags to the generated signal, for example, attack:sql-injection-attempt.

Notification rules

Notification rules allow you to set general alerting preferences that span across multiple detection rules, vulnerabilities, and signals instead of having to set up notification preferences for individual detection rules. For example, you can set up a notification rule to send a notification if any CRITICAL or HIGH severity signal is triggered. See Notification Rules for more information on setup and configuration.

Notification channels

Notifications can be sent to individuals and teams through email, Slack, Jira, PagerDuty, webhooks, and more.

Email

  • Notify an active Datadog user by email with @<DD_USER_EMAIL_ADDRESS>.

    Note: An email address associated with a pending Datadog user invitation or a disabled user is considered inactive and does not receive notifications. Blocklists, IP or domain filtering, spam filtering, or email security tools may also cause missing notifications.

  • Notify any non-Datadog user by email with @<EMAIL>.

Note: Email notifications don’t support addresses that contain slashes /, for example, @DevOpS/West@example.com.

Integrations

Notify your team through connected integrations by using the format @<INTEGRATION_NAME>-<VALUES>.

This table lists prefixes and example links:

IntegrationPrefixExamples
Jira@jiraExamples
PagerDuty@pagerdutyExamples
Slack@slackExamples
Webhooks@webhookExamples
Microsoft Teams@teamsExamples
ServiceNow@servicenowExamples

Handles that include parentheses ((, )) are not supported. When a handle with parentheses is used, the handle is not parsed and no alert is created.

Further reading