---
title: Datadog dashboard made publicly accessible
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Datadog dashboard made publicly
  accessible
---

# Datadog dashboard made publicly accessible
Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltration-over-web-service](https://attack.mitre.org/techniques/T1567) 
## Goal{% #goal %}

Detects when a Datadog dashboard is made publicly accessible via a share link, which can expose internal metrics, logs, or business data to unauthenticated users.

## Strategy{% #strategy %}

This rule monitors Datadog Dashboard audit events where `@asset.type` is `dashboard_share_link` and `@action` is `created` or `modified`. Public dashboard share links allow anyone with the URL to view the dashboard without authentication. Dashboards frequently contain sensitive operational data, infrastructure topology, service metrics, or business KPIs. Creating a public share link — intentionally or accidentally — can result in unintended data disclosure. Modification events are included to catch cases where an existing share link is reconfigured (for example, re-enabled after being disabled).

## Triage and response{% #triage-and-response %}

- Verify whether `{{@usr.email}}` intended to make dashboard `{{@asset.id}}` publicly accessible.
- Review the dashboard content for sensitive data including proprietary metrics, PII, infrastructure details, or internal business information.
- Check whether the public URL has already been accessed by reviewing any associated access logs.
- If the sharing was unintended or the content is sensitive, ask the user to disable the public share link immediately and confirm no unauthorized access occurred.
- If public sharing is legitimately required, confirm that the dashboard content has been reviewed and approved for external viewing.