Overview

Datadog Cloud SIEM (Security Information and Event Management) unifies developer, operation, and security teams on one platform. Use a single dashboard to display DevOps content, business metrics, and security insights. Cloud SIEM detects threats to your applications and infrastructure, such as targeted attacks, communications from threat intel-listed IP addresses, and insecure configurations, in real time. Notify your team of these security issues by email, Slack, Jira, PagerDuty, or webhooks.

Threats are surfaced in Datadog as Security Signals and can be correlated and triaged in the Security Signals Explorer. Security Signals are generated by Datadog Cloud SIEM with Detection Rules. Detection Rules detect threats across different sources and are available out of the box for immediate use. You can clone any of the provided detection rules to change the configuration. You can also add a new rule from scratch to fit your specific use case.

Get started

Further reading

Additional helpful documentation, links, and articles:

Proactively track, triage, and assign issues with Datadog Case ManagementBLOG Automate common security tasks and stay ahead of threats with Datadog Workflows and Cloud SIEMBLOG Build compliance, governance, and transparency across your teams with Datadog Audit TrailBLOG AWS threat emulation and detection validation with Stratus Red Team and Datadog Cloud SIEMBLOG Monitor 1Password with Datadog Cloud SIEMBLOG Build sufficient security coverage for your cloud environmentBLOG Monitor DNS logs for network and security analysisBLOG Monitor Akamai Zero Trust and Application Security with Datadog Cloud SIEMBLOG How attackers take advantage of Microsoft 365 servicesBLOG Monitor your organization's security posture with DatadogBLOG