Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datadog Security Monitoring #67

Open
3 tasks
topher-lo opened this issue Apr 19, 2024 · 0 comments
Open
3 tasks

Datadog Security Monitoring #67

topher-lo opened this issue Apr 19, 2024 · 0 comments
Assignees
@topher-lo
Labels
enhancement New feature or request good first issue Good for newcomers integration Pre-built actions tracker Issues to track groups of issues

Comments

@topher-lo
Copy link
Contributor

topher-lo commented Apr 19, 2024
edited

User Story: I want to build automated investigations given findings from Datadog security products.

Datadog's key security features can be grouped in the following:

  • CSPM findings
  • SIEM signals
  • SIEM signal state management
  • CSPM findings state management
  • SIEM detection rules
  • Suppressions for SIEM detections
  • Filters for SIEM detections

We will prioritize GET and UPDATE operations for alerts first.

API reference: https://docs.datadoghq.com/api/latest/security-monitoring/

TODOs

Note: this list is non-exhaustive. We are using this issue as the tracker for all Datadog integrations.

Use Cases

  • Run automated detection hardening with stratus-red-team and SIEM detections (LIST operation with date / account ID filter)
  • Automated threat intel to detections checker?
@topher-lo topher-lo self-assigned this Apr 19, 2024
@topher-lo topher-lo added enhancement New feature or request frontend engine tracker Issues to track groups of issues good first issue Good for newcomers labels Apr 19, 2024
@topher-lo topher-lo mentioned this issue Apr 19, 2024
Merged
3 tasks
@topher-lo topher-lo added integration Pre-built actions and removed frontend engine labels Apr 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@topher-lo topher-lo

Labels
enhancement New feature or request good first issue Good for newcomers integration Pre-built actions tracker Issues to track groups of issues
Projects
Integrations Roadmap
Status: Tracker
Milestone
No milestone
Development

No branches or pull requests
1 participant
@topher-lo