--- title: Historical Jobs description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Datadog Security > Cloud SIEM > Detect and Monitor > Historical Jobs --- # Historical Jobs {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This feature is not supported for the US1-FED site. {% /alert %} {% /callout %} Historical Jobs allows you to backtest detections by running them against historical logs stored in Datadog Cloud SIEM. Unlike a real-time rule, a Historical Job does not run continuously. Historical Jobs are one-time executable queries that analyze a specified period of historical data. The results of Historical Jobs are lightweight versions of signals, providing essential insights into potential threats or anomalies identified within the historical logs. If immediate action is needed after reviewing the results generated by the Historical Job, you can confidently promote a subset of those results to signals. When converting a result to a signal, you can manually set the signal severity and the notification target, as well as the signal playbook. ## Run a Historical Job{% #run-a-historical-job %} ### Create the job{% #create-the-job %} 1. Navigate to the [Cloud SIEM Detection Rules](https://app.datadoghq.com/security/siem/rules) page. 1. Click the three-dot menu next to the rule you want to test, and choose **Run as Historical Job**. 1. Complete the form by choosing the log index, time range, rule case, and notification recipient(s). {% image source="https://datadog-docs.imgix.net/images/security/security_monitoring/detection_rules/historical-job-form.b2539dec5a6e8c5ffeb1468b8dab8a2c.png?auto=format" alt="The Historical Job creation form" /%} 1. Click **Run Historical Job**. 1. Alternatively, you can define the job from scratch in the [Rule Editor](https://app.datadoghq.com/security/configuration/siem/rules/new-job?product=siem). ### Review the job results{% #review-the-job-results %} 1. Navigate to the [Historial Jobs list](https://app.datadoghq.com/security/siem/detections/historical-jobs). 1. Click on the Historical Job you created to open a panel that includes the detected results, matched logs, and more. {% image source="https://datadog-docs.imgix.net/images/security/security_monitoring/detection_rules/historical-job-result.015e57efd932876e42d23ac5b9a3c2fa.png?auto=format" alt="The results panel for a Historical Job" /%} ### Convert a result to a signal{% #convert-a-result-to-a-signal %} 1. In the **Results** section of a Historical Job panel, click one of the results in the list to open a details panel for that result. 1. Click **Convert to Signal**. 1. Set the signal severity, notification recipients, and description message. {% image source="https://datadog-docs.imgix.net/images/security/security_monitoring/detection_rules/convert-historical-job-result-to-signal.def2b1b60ac0557788e35a1620b42cba.png?auto=format" alt="The results panel for a Historical Job" /%} 1. Click **Convert to Signals**. ## Calculated fields queries{% #calculated-fields-queries %} {% image source="https://datadog-docs.imgix.net/images/security/security_monitoring/detection_rules/calculated-fields-detection-rule.339aa5fb4f35e26b8e72dee2d8b09eb0.png?auto=format" alt="The calculated fields option in the detection rule editor" /%} You can create [Calculated Fields](https://docs.datadoghq.com/logs/explorer/calculated_fields/) directly within a Historical Job query to define a computed field from existing data sources. Use calculated fields to transform and enrich your query with formulas to: - Manipulate text - Perform arithmetic - Evaluate conditional logic A calculated field can be used like any log attribute for job analysis, searching job results, and defining other calculated fields. 1. Navigate to the [Historial Jobs list](https://app.datadoghq.com/security/siem/detections/historical-jobs). 1. Click **New Job**. 1. Find the [Define Search Queries](https://app.datadoghq.com/security/configuration/siem/rules/new-job?product=siem#rule-editor-define-queries) section. 1. Click **Add**. 1. Select **Calculated Fields** from the options. {% image source="https://datadog-docs.imgix.net/images/security/security_monitoring/detection_rules/create-calculated-field.ead128dd1182904ad03d90325e173974.png?auto=format" alt="The create a calculated fields modal with fields to define the name and formula" /%} See [Calculated Fields Formulas](https://docs.datadoghq.com/logs/explorer/calculated_fields/formulas/) for the available functions and operators. ## Further Reading{% #further-reading %} - [Backtest detection rules with Datadog Cloud SIEM Historical Jobs](https://www.datadoghq.com/blog/cloud-siem-historical-jobs/)