Datadog
by Datadog, Inc.
Cloud monitoring and security platform with APM, infrastructure monitoring, and cloud security posture management
Authoritative Sources
Key guidance documents from authoritative organizations. Click to view the original source.
Security monitoring capabilities including Cloud SIEM, Cloud Security Management, Application Security, and threat detection with real-time alerts.
Configuration Examples(10)
NIST SP 800-92 §3.4: "Security information and event management software... has the ability to correlate events among multiple logs." §2.2: "Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems." Datadog Cloud SIEM implements centralized log management aligned with NIST guidance.
NIST SP 800-137 §2.1: "Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions." §3.1: "Through the use of automation, it is possible to monitor a greater number of security metrics with fewer resources, higher frequency." §3.2: "Metrics and dashboards can be useful in assessing, normalizing, communicating, and correlating monitoring activities." Datadog provides ISCM capabilities through automated monitoring, dashboards, and real-time alerting.
Configuration Examples(2)
CIS Control 8 requires centralized log collection. Datadog Log Management provides collection, processing, and analysis with security-focused dashboards.
Federal cloud security guidance. Datadog Cloud Security Management helps implement CSPM, workload security, and compliance monitoring.
SOC 2 CC7.2: "The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the ability of the entity to meet its objectives." CC7.1: "The entity uses detection and monitoring procedures." Datadog provides continuous monitoring and anomaly detection supporting SOC 2 System Operations requirements. Source: AICPA Trust Services Criteria.
ISO 27001:2022 A.8.16: "Networks, systems and applications shall be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents." Monitoring should include activities to detect unauthorized processing, inappropriate behavior, and potential security incidents. Datadog provides comprehensive monitoring supporting ISO 27001 requirements. Source: ISO/IEC 27001:2022 Annex A.
CCM LOG-01: "Logging and monitoring policies and procedures shall be established, documented, approved, communicated, applied, evaluated, and maintained." CCM LOG-03: "Security-related events shall be identified and logged." CCM LOG-08: "Automated alerting mechanisms shall be implemented to notify responsible parties of anomalies." Datadog provides unified observability with security monitoring, alerting, and CSPM capabilities directly implementing CCM LOG domain controls. Source: CSA Cloud Controls Matrix v4.0.
Verification Commands
Commands and queries for testing and verifying security configurations.
GET /api/v2/security_monitoring/signals?filter[query]=status:highGET /api/v2/security_monitoring/rulesGET /api/v2/csm/findings?filter[query]=severity:criticalPOST /api/v2/security_monitoring/configuration/suppressions { "data": { "type": "suppression" } }POST /api/v2/logs/events/search { "filter": { "query": "service:security" } }GET /api/v1/logs/config/pipelinesGET /api/v2/compliance/findings?filter[rule_id]=cis-awsGET /api/v1/monitor?tags=securityGET /api/v2/audit/events?filter[query]=@action_name:loginRelated Controls
Security controls from various frameworks that relate to Datadog.