In the Sensitive Data Issues section, filter by a priority level to see only issues with that priority level in the Issues Overview section. In the Cases section, filter by a case status to see issues associated to cases with that status in the Issues Overview section.

To investigate an issue:

1. Click on the issue in the Issues Overview.

2. In the issue panel, click View Recent Changes to navigate to Audit Trail and see if there are any recent configuration changes that caused the sensitive data issue.

3. Use the following options to explore different types of data matching the query: a. To view all logs related to the query in Log Explorer, click View All Logs.
   b. To view all traces matching the query in Trace Explorer, click View All APM Spans.
   c. To view all RUM events matching the query, click View All RUM Events.
   d. To view all events matching the query, click View All Events.

4. In the Blast Radius section:
   a. View the Top 10 services, hosts, and environments impacted by this sensitive data issue.
   b. Click on a service to see more information about the service in the Software Catalog.
   c. Click on a host to see more information about the host in the Infrastructure List page.

If you want to modify the Scanning Rule that was used to detect the sensitive data issue, click Modify Rule at the top of the panel.

Additionally, you can also:

• Use Case Management to track, triage, and investigate the issue, click Create Case at the top of the panel. Associated cases are surfaced in the Summary page.

• Use Incident Management to create an incident, you can add the issue to an existing incident or declare a new incident. Click the Declare Incident dropdown menu to add the issue to an existing incident. Click Declare Incident to declare a new incident.

• Use Audit Trail to see who may have accessed this sensitive data within Datadog, View in Audit Trail in the Users who accessed these events section.

Click the Datastores with Sensitive Data tab to see all sensitive data issues for Cloud Storage.

In the xxx Datastores with Sensitive section, click on any of the dropdown menus to filter on datastores based on the type of sensitive data, account, region, team and so on.

To investigate a datastore:

1. Click on a datastore.
2. You can view files where sensitive data was found and then click on a file to inspect it in AWS. Datadog recommends doing the following:
   • Review a few files to get a sense of the classification accuracy.
   • Follow up with the team or service owner listed in the side panel to confirm whether sensitive data is meant to be in the bucket.

     • If it is not supposed to be in the bucket, delete the files or move them to an appropriate bucket.

     • If it is supposed to be in the bucket, complete the following steps to improve your security posture:

       1. Click the Security tab in the side panel and review the Misconfigurations section.
       2. Click on a misconfiguration to see details in Cloud Security Management.
       3. In the Next Steps section:
          1. Under Triage, click the dropdown to change the triage status of the signal. The default status is OPEN.
          2. Click Assign Signal to assign a signal to yourself or another Datadog user.
          3. Click See remediation to see more information on how to remediate the issue.
          4. Under More Actions, you can add a Jira issue, run workflows, or add a comment. To run a workflow, select Run Workflow and then in the workflow browser, search and select a workflow to run. See Automate Security Workflows with Workflow Automation for more information.
       4. Click on the different tabs to see the severity breakdown, related logs, and timeline of the issue.