Cloud SIEM

Overview

Datadog Cloud SIEM (Security Information and Event Management) unifies developer, operation, and security teams through one platform. Use a single dashboard to display DevOps content, business metrics, and security content. Detect threats, like a targeted attack, a threat intel listed IP communicating with your systems, or an insecure configuration, to your application and infrastructure in real time, and notify your team of security issues by email, Slack, Jira, PagerDuty, or a webhook.

The Cloud SIEM home page showing the Security Overview section with widgets for important signals, suspicious actors, impacted resources, threat intel, and signal trends

Threats are surfaced in Datadog as Security Signals and can be correlated and triaged in the Security Signals Explorer. Security Signals are generated by Datadog Cloud SIEM with Detection Rules. Detection Rules detect threats across different sources and are available out of the box for immediate use. You can clone any of the provided detection rules to change the configuration. You can also add a new rule from scratch to fit your specific use case.

The new detection rule page with the log detection rule selected and the detection rule set to threshold

Get started


Further reading