tracecat
tracecat copied to clipboard
TracecatHQ
Datadog Security Monitoring
User Story: I want to build automated investigations given findings from Datadog security products.
Datadog's key security features can be grouped in the following:
- CSPM findings
- SIEM signals
- SIEM signal state management
- CSPM findings state management
- SIEM detection rules
- Suppressions for SIEM detections
- Filters for SIEM detections
We will prioritize GET and UPDATE operations for alerts first.
API reference: https://docs.datadoghq.com/api/latest/security-monitoring/
TODOs
Note: this list is non-exhaustive. We are using this issue as the tracker for all Datadog integrations.
- [ ] Get a quick list of security signals
- [ ] Change the triage state of a security signal
- [ ] List rules
Use Cases
- Run automated detection hardening with stratus-red-team and SIEM detections (LIST operation with date / account ID filter)
- Automated threat intel to detections checker?
