Respond (SOAR) and Report

Overview

Datadog Security Orchestration, Automations, and Respond (SOAR) helps you orchestrate security operations, investigate signals, and remediate threats using Workflow Automation. For example, you can run a workflow to:

  • Block an IP address from your environment.
  • Disable a user account.
  • Look up an IP address with a third-party threat intelligence provider.
  • Send Slack messages to your colleagues to get help with your investigation.
  • Assign signals for investigation.
  • Automatically enrich cases and close duplicate cases.

SOAR also includes ready-to-use customizable blueprints to help you build workflows for remediating threats. For example:

  • An Identity and Access Management (IAM) workflow that automates responses to suspicious logins and account compromises.
  • An Endpoint Detection and Response (EDR) workflow that speeds up the investigation and containment of endpoint threats.
  • A Threat Intelligence Enrichment workflow that enriches alerts with external data so you can prioritize and respond more effectively.

Cloud SIEM also provides security operational metrics, so you can determine the efficiency and effectiveness of your security processes.

Further reading

Additional helpful documentation, links, and articles:

Automate identity protection, threat containment, and threat intelligence with Datadog SOAR workflowsBLOG more more Measure and optimize security team efficiency with Cloud SIEM security operational metricsBLOG more more