Datadog Cloud SIEM

Details
Content
Dependencies
Version History

Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform

Datadog Cloud SIEM elevates your organization’s threat detection and investigation for their dynamic, cloud-scale environments.

With Datadog Cloud SIEM, you can augment your existing SIEM investments and deliver better cloud security outcomes. Datadog Cloud SIEM analyzes operational and security logs in real time—regardless of their volume—while utilizing curated, out-of-the-box integrations and rules to detect threats and investigate them. Developers, security, and operations teams can also leverage detailed observability data to accelerate security investigations in a single, unified platform.

Datadog Cloud SIEM elevates your organization’s threat detection and investigation for their dynamic, cloud-scale environments.

Classifiers

Name	Description
Datadog Cloud SIEM - Incoming Mapper	Maps incoming Datadog incidents.

Incident Fields

Name	Description
Datadog Cloud SIEM Repair Time
Datadog Cloud SIEM Resolution Time	The amount of time in seconds to resolve the incident after it was created. Equals the difference between created and resolved.
Datadog Cloud SIEM Detect and Create Duration
Datadog Cloud SIEM Other Org Id
Datadog Cloud SIEM User Verified
Datadog Cloud SIEM Relationships User ID
Datadog Cloud SIEM Commander User
Datadog Cloud SIEM Display Name	The name of the notified handle.
Datadog Cloud SIEM Notification Email	The email address used for the notification.
Datadog Cloud SIEM Duration	Length of the incident's customer impact in seconds. Equals the difference between customer_impact_start and customer_impact_end.
Datadog Cloud SIEM Last Modified By	A unique identifier that represents the user.
Datadog Cloud SIEM Other Org User Id
Datadog Cloud SIEM
Datadog Cloud SIEM User Is Service
Datadog Cloud SIEM Customer Impact Scope
Datadog Cloud SIEM User Title
Datadog Cloud SIEM User Status
Datadog Cloud SIEM Resolved	Timestamp when the incident's state was last changed from active or stable to resolved or completed.
Datadog Cloud SIEM User Creation Time
Datadog Cloud SIEM Customer Impacted
Datadog Cloud SIEM Detected	Timestamp when the incident was detected.
Datadog Cloud SIEM Detected Method
Datadog Cloud SIEM User Last Modified
Datadog Cloud SIEM Root Cause
Datadog Cloud SIEM Attachment User ID	A unique identifier that represents the user.
Datadog Cloud SIEM Public ID	The monotonically increasing integer ID for the incident.
Datadog Cloud SIEM Modified	Timestamp when the incident was last modified.
Datadog Cloud SIEM Title	The title of the incident, which summarizes what happened.
Datadog Cloud SIEM Integrations ID

Incident Types

Name	Description
Datadog Cloud SIEM

Integrations

Name	Description
Datadog Cloud SIEM	Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform. The SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack.

Layouts

Name	Description
Datadog Cloud SIEM Layout	Datadog Cloud SIEM Incident Layout

Classifiers

Name	Description
Datadog Cloud SIEM - Incoming Mapper	Maps incoming Datadog incidents.

Incident Fields

Name	Description
Datadog Cloud SIEM Display Name	The name of the notified handle.
Datadog Cloud SIEM Notification Email	The email address used for the notification.
Datadog Cloud SIEM Public ID	The monotonically increasing integer ID for the incident.
Datadog Cloud SIEM Last Modified By	A unique identifier that represents the user.
Datadog Cloud SIEM Detect and Create Duration
Datadog Cloud SIEM Customer Impact Scope
Datadog Cloud SIEM
Datadog Cloud SIEM User Title
Datadog Cloud SIEM Other Org Id
Datadog Cloud SIEM User Status
Datadog Cloud SIEM Integrations ID
Datadog Cloud SIEM Commander User
Datadog Cloud SIEM Duration	Length of the incident's customer impact in seconds. Equals the difference between customer_impact_start and customer_impact_end.
Datadog Cloud SIEM User Is Service
Datadog Cloud SIEM Customer Impacted
Datadog Cloud SIEM Title	The title of the incident, which summarizes what happened.
Datadog Cloud SIEM Attachment User ID	A unique identifier that represents the user.
Datadog Cloud SIEM Detected	Timestamp when the incident was detected.
Datadog Cloud SIEM User Last Modified
Datadog Cloud SIEM Resolved	Timestamp when the incident's state was last changed from active or stable to resolved or completed.
Datadog Cloud SIEM Relationships User ID
Datadog Cloud SIEM Repair Time
Datadog Cloud SIEM User Verified
Datadog Cloud SIEM Resolution Time	The amount of time in seconds to resolve the incident after it was created. Equals the difference between created and resolved.
Datadog Cloud SIEM Other Org User Id
Datadog Cloud SIEM User Creation Time
Datadog Cloud SIEM Root Cause
Datadog Cloud SIEM Detected Method
Datadog Cloud SIEM Modified	Timestamp when the incident was last modified.

Incident Types

Name	Description
Datadog Cloud SIEM

Integrations

Name	Description
Datadog Cloud SIEM	Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform. The SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack.

Layouts

Name	Description
Datadog Cloud SIEM Layout	Datadog Cloud SIEM Incident Layout

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.0.13 - 1370357 (September 11, 2024)

Layouts

Datadog Cloud SIEM Layout
Updated layout with canvas tab.

Related pull requests:
- 36021

Download

1.0.12 - R1104278 (June 19, 2024)

Integrations

Updated the Docker image to: demisto/datadog-api-client:1.0.0.87364.

Related pull requests:
- 32907

Download

1.0.11 - 752611 (January 9, 2024)

Integrations

Datadog Cloud SIEM

Updated the Docker image to: demisto/datadog-api-client:1.0.0.83589.

Related pull requests:
- 32084

Download

1.0.10 - 6864790 (November 12, 2023)

Integrations

Datadog Cloud SIEM

Updated the Docker image to: demisto/datadog-api-client:1.0.0.80115.

Related pull requests:
- 30829

Download

1.0.9 - 6715201 (October 26, 2023)

Integrations

Datadog Cloud SIEM

Updated the Docker image to: demisto/datadog-api-client:1.0.0.79350.

Related pull requests:
- 30448

Download

1.0.8 - 6313394 (September 13, 2023)

Integrations

Datadog Cloud SIEM

Updated the Docker image to: demisto/datadog-api-client:1.0.0.73456.

Related pull requests:
- 29662

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	May 16, 2023
Last Release	September 11, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.