Notifications

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.
Available for:

Cloud SIEM | Cloud Security Management | Application Security Management

Overview

Notifications allow you to keep your team informed when a security signal is generated. A security signal is generated when at least one case defined in a detection rule is matched over a given period of time.

Notification types

Notifications can be set up for individual detection rules and also more broadly with notification rules.

Detection rules

When you create or modify a detection rule, you can define the notifications that are sent. For example, you can add rule cases to determine when a detection rule triggers a security signal. You can also customize the notification message in the Say what’s happening section.

Say what’s happening

Use the Say what’s happening section to customize the notification message using Markdown and notification variables. This allows you to provide additional details about the signal by referencing its tags and event attributes. You can also add tags to the generated signal, for example, attack:sql-injection-attempt.

Notification rules

Notification rules allow you to set general alerting preferences that span across multiple detection rules and signals instead of having to set up notification preferences for individual detection rules. For example, you can set up a notification rule to send a notification if any CRITICAL or HIGH severity signal is triggered. See Notification Rules for more information on setup and configuration.

Notification channels

Notifications can be sent to individuals and teams through email, Slack, Jira, PagerDuty, webhooks, and more.

Email

  • Notify an active Datadog user by email with @<DD_USER_EMAIL_ADDRESS>.

    Note: An email address associated with a pending Datadog user invitation or a disabled user is considered inactive and does not receive notifications. Blocklists, IP or domain filtering, spam filtering, or email security tools may also cause missing notifications.

  • Notify any non-Datadog user by email with @<EMAIL>.

Integrations

Notify your team through connected integrations by using the format @<INTEGRATION_NAME>-<VALUES>.

This table lists prefixes and example links:

IntegrationPrefixExamples
Jira@jiraExamples
PagerDuty@pagerdutyExamples
Slack@slackExamples
Webhooks@webhookExamples

Handles that include parentheses ((, )) are not supported. When a handle with parentheses is used, the handle is not parsed and no alert is created.

Further reading

Additional helpful documentation, links, and articles:

Set up and configure notification rulesDOCUMENTATION more more Learn more about notification variables to customize notificationsDOCUMENTATION more more Explore security detection rulesDOCUMENTATION more more