For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-xr6.md. A documentation index is available at /llms.txt.

Wiz Defend Detections alert

wiz

Classification:

attack

Goal

Capture detection alerts generated by Wiz Defend.

Strategy

This rule captures Defend detection alerts that have been generated by Wiz.

Triage and response

  1. Investigate the entity {{@primaryResource.id}} with alert {{@evt.name}}.
  2. Take necessary and appropriate actions based on the company procedures.

Changelog

  • 28 October 2025 - Updated rule query to include informational severity cases for third party alerts.
  • 12 November 2025 - Updated rule query to reference event name and triggering resource id.