Getting Started with Cloud SIEM

Getting Started with Cloud SIEM

To get started with Datadog Cloud SIEM, follow these steps:

Ingest logs

If you already have a logging source, follow the in-app onboarding to begin collecting logs from that source.

Datadog’s Log Collection documentation provides detailed information on collecting logs from many different sources into Datadog. All ingested logs are first parsed and enriched. In real time, Detection Rules apply to all processed logs to maximize detection coverage without any of the traditionally associated performance or cost concerns of indexing all of your log data. Read more about Datadog’s Logging without Limits™.

Review Detection Rules

Datadog provides out-of-the-box Detection Rules, which begin detecting threats in your environment immediately. The default enabled Detection Rules detect threats according to known best practices. More mature security organizations may wish to enable more rules to begin detecting more advanced threats. Additionally, more advanced templates are included to provide guidance on how to detect threats in your custom applications. Refer to the Detection Rules documentation for further details.

Explore Security Signals

When a threat is detected with a Detection Rule, a Security Signal is generated. The Security Signals can be correlated and triaged in the Security Signals Explorer. Refer to the Security Signals Explorer documentation for further details.

Further reading