Configure inbox rules to manage your Security Inbox effectively, ensuring only the most relevant security issues are highlighted. By customizing conditions, you can focus on critical concerns, prioritize key risks, support compliance, and bring attention to issues that might otherwise be overlooked.

Create an inbox rule

1. In Datadog, go to Security > Settings > Findings Automation. Click Add a New Rule, then select Add to Security Inbox. The Create a New Rule page opens.
2. Under Rule name, enter a descriptive name for the rule; for example, “Cloud Infrastructure Anomaly Warnings”.
3. Add your rule criteria into the following fields:
   • Any of these types: The types of findings that the rule should check for. Available types include:
     • Misconfiguration
     • Attack Path
     • Identity Risk
     • Runtime Code Vulnerability
     • Library Vulnerability
     • Container Image Vulnerability
     • Host Vulnerability
   • Any of these tags or attributes: The resource tags or attributes that must match for the rule to apply.
4. To add severity criteria to the rule, click Add Severity.
5. Click Save. The rule applies to new findings immediately and starts checking existing findings within the next hour.

Rule matching order

When Datadog identifies a finding, it evaluates the finding against your sequence of inbox rules. Starting with the first rule, if there’s a match, Datadog adds the finding to the Security Inbox and stops evaluating further. If no match occurs, Datadog moves to the next rule. This process continues until a match is found or all rules are checked without a match.

Further reading

Additional helpful documentation, links, and articles:

Security InboxDOCUMENTATION Automation PipelinesDOCUMENTATION