The Security Home page is an entry point to your Cloud SIEM (Security Information and Event Management) environment. Readily access logs that are analyzed to detect threats, signals generated from default or custom log detection rules, and threats that require attention and remediation. See the status of logging sources and configure new sources in one location.
Get an overview of analyzed logs across all sources for a quick audit, or select Logs Analyzed to see a list of your analyzed logs in Log Explorer for a more granular investigation. In Log Explorer, filter by log facets or aggregate your logs to examine further into analyzed logs.
Analyze the number of signals generated and the number of detection rules that are triggering signals, or select Signals to filter by log detection rules in the Signals Explorer.
With real-time threat detection, if a rule is matched, Datadog evaluates the severity and whether anyone should be notified. See how many threats have been detected across all entities in your environment from the Security Home page. Select High/Critical Signals to see malicious entities in the Signals Explorer. Select any entity to analyze its generated signal for remediation and more details.
If a source is generating more signals or analyzing logs more frequently at any point in time, Datadog automatically flags this moment on a source’s graph in the Sources Analyzed table to help you pinpoint potential threats and trends.
Click on any source, and select View generated signals or View related logs to see more details. If there is an out-of-the-box integration dashboard for the source, select View integration’s dashboard to use the information for your investigations.
You can also configure new sources in this table. Click on the Configure Source button to set up log collection for a new source.
Additional helpful documentation, links, and articles: