Cloud SIEM

Overview

Datadog Cloud SIEM (Security Information and Event Management) unifies developer, operation, and security teams through one platform. Use a single dashboard to display DevOps content, business metrics, and security content. Detect threats, like a targeted attack, a threat intel listed IP communicating with your systems, or an insecure configuration, to your application and infrastructure in real time, and notify your team of security issues by email, Slack, Jira, PagerDuty, or a webhook.

The Cloud SIEM signals page, filtered to log the detection rule type, showing a bar graph, based on status, of the signals and also a list of signals

Threats are surfaced in Datadog as Security Signals and can be correlated and triaged in the Security Signals Explorer. Security Signals are generated by Datadog Cloud SIEM with Detection Rules. Detection Rules detect threats across different sources and are available out of the box for immediate use. You can clone any of the provided detection rules to change the configuration. You can also add a new rule from scratch to fit your specific use case.

The new detection rule page with the log detection rule selected and the detection rule set to threshold

Get started