Datadog

Details
Content
Dependencies
Version History

Deprecated. Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform

Datadog elevates your organization’s threat detection and investigation for their dynamic, cloud-scale environments.

With Datadog, you can augment your existing SIEM investments and deliver better cloud security outcomes. Datadog analyzes operational and security logs in real time—regardless of their volume—while utilizing curated, out-of-the-box integrations and rules to detect threats and investigate them. Developers, security, and operations teams can also leverage detailed observability data to accelerate security investigations in a single, unified platform.

Datadog elevates your organization’s threat detection and investigation for their dynamic, cloud-scale environments.

Classifiers

Name	Description
Datadog Cloud SIEM - Incoming Mapper	Maps incoming Datadog incidents.

Incident Fields

Name	Description
Datadog Cloud SIEM Attachment User ID	A unique identifier that represents the user.
Datadog Cloud SIEM Public ID	The monotonically increasing integer ID for the incident.
Datadog Cloud SIEM User Verified
Datadog Cloud SIEM Integrations ID
Datadog Cloud SIEM Display Name	The name of the notified handle.
Datadog Cloud SIEM Modified	Timestamp when the incident was last modified.
Datadog Cloud SIEM Other Org Id
Datadog Cloud SIEM Resolution Time	The amount of time in seconds to resolve the incident after it was created. Equals the difference between created and resolved.
Datadog Cloud SIEM Detected	Timestamp when the incident was detected.
Datadog Cloud SIEM User Creation Time
Datadog Cloud SIEM Last Modified By	A unique identifier that represents the user.
Datadog Cloud SIEM Detected Method
DatadoDatadog Cloud SIEMg User Is Service
Datadog Cloud SIEM Repair Time
Datadog Cloud SIEM User Last Modified
Datadog Cloud SIEM Commander User
Datadog Cloud SIEM Resolved	Timestamp when the incident's state was last changed from active or stable to resolved or completed.
Datadog Cloud SIEM Customer Impact Scope
Datadog Cloud SIEM Customer Impacted
Datadog Cloud SIEM User Status
Datadog Cloud SIEM Detect and Create Duration
Datadog Cloud SIEM Other Org User Id
Datadog Cloud SIEM User Title
Datadog Cloud SIEM Root Cause
Datadog Cloud SIEM Notification Email	The email address used for the notification.
Datadog Cloud SIEM
Datadog Cloud SIEM Relationships User ID
Datadog Cloud SIEM Duration	Length of the incident's customer impact in seconds. Equals the difference between customer_impact_start and customer_impact_end.
Datadog Cloud SIEM Title	The title of the incident, which summarizes what happened.

Incident Types

Name	Description
Datadog Cloud SIEM

Integrations

Name	Description
Datadog (Partner Contribution)	Deprecated. Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform. The SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack.

Name

Description

Datadog (Partner Contribution)

Deprecated. Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform.

The SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack.

Layouts

Name	Description
Datadog Cloud SIEM Layout	Datadog Cloud SIEM Incident Layout

Classifiers

Name	Description
Datadog Cloud SIEM - Incoming Mapper	Maps incoming Datadog incidents.

Incident Fields

Name	Description
Datadog Cloud SIEM User Title
Datadog Cloud SIEM Title	The title of the incident, which summarizes what happened.
Datadog Cloud SIEM Detected	Timestamp when the incident was detected.
Datadog Cloud SIEM Display Name	The name of the notified handle.
Datadog Cloud SIEM Customer Impacted
Datadog Cloud SIEM Repair Time
Datadog Cloud SIEM Root Cause
Datadog Cloud SIEM Resolution Time	The amount of time in seconds to resolve the incident after it was created. Equals the difference between created and resolved.
Datadog Cloud SIEM Other Org Id
Datadog Cloud SIEM User Status
Datadog Cloud SIEM User Last Modified
Datadog Cloud SIEM Integrations ID
Datadog Cloud SIEM Public ID	The monotonically increasing integer ID for the incident.
Datadog Cloud SIEM Modified	Timestamp when the incident was last modified.
Datadog Cloud SIEM Other Org User Id
Datadog Cloud SIEM Relationships User ID
Datadog Cloud SIEM
Datadog Cloud SIEM Detected Method
Datadog Cloud SIEM Commander User
Datadog Cloud SIEM Detect and Create Duration
Datadog Cloud SIEM Customer Impact Scope
Datadog Cloud SIEM Resolved	Timestamp when the incident's state was last changed from active or stable to resolved or completed.
Datadog Cloud SIEM User Creation Time
Datadog Cloud SIEM Duration	Length of the incident's customer impact in seconds. Equals the difference between customer_impact_start and customer_impact_end.
DatadoDatadog Cloud SIEMg User Is Service
Datadog Cloud SIEM User Verified
Datadog Cloud SIEM Notification Email	The email address used for the notification.
Datadog Cloud SIEM Last Modified By	A unique identifier that represents the user.
Datadog Cloud SIEM Attachment User ID	A unique identifier that represents the user.

Incident Types

Name	Description
Datadog Cloud SIEM

Integrations

Name	Description
Datadog (Partner Contribution)	Deprecated. Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform. The SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack.

Name

Description

Datadog (Partner Contribution)

Deprecated. Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform.

Layouts

Name	Description
Datadog Cloud SIEM Layout	Datadog Cloud SIEM Incident Layout

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.0.18 - 6314563 (December 17, 2025)

Incident Fields

Datadog Cloud SIEM
Updated incident field.
Datadog Cloud SIEM Attachment User ID
Updated incident field.
Datadog Cloud SIEM Commander User
Updated incident field.
Datadog Cloud SIEM Customer Impact Scope
Updated incident field.
Datadog Cloud SIEM Customer Impacted
Updated incident field.
Datadog Cloud SIEM Detect and Create Duration
Updated incident field.
Datadog Cloud SIEM Detected
Updated incident field.
Datadog Cloud SIEM Detected Method
Updated incident field.
Datadog Cloud SIEM Display Name
Updated incident field.
Datadog Cloud SIEM Duration
Updated incident field.
Datadog Cloud SIEM Integrations ID
Updated incident field.
Datadog Cloud SIEM Last Modified By
Updated incident field.
Datadog Cloud SIEM Modified
Updated incident field.
Datadog Cloud SIEM Notification Email
Updated incident field.
Datadog Cloud SIEM Other Org Id
Updated incident field.
Datadog Cloud SIEM Other Org User Id
Updated incident field.
Datadog Cloud SIEM Public ID
Updated incident field.
Datadog Cloud SIEM Relationships User ID
Updated incident field.
Datadog Cloud SIEM Repair Time
Updated incident field.
Datadog Cloud SIEM Resolution Time
Updated incident field.
Datadog Cloud SIEM Resolved
Updated incident field.
Datadog Cloud SIEM Root Cause
Updated incident field.
Datadog Cloud SIEM Title
Updated incident field.
Datadog Cloud SIEM User Creation Time
Updated incident field.
Datadog Cloud SIEM User Last Modified
Updated incident field.
Datadog Cloud SIEM User Status
Updated incident field.
Datadog Cloud SIEM User Title
Updated incident field.
Datadog Cloud SIEM User Verified
Updated incident field.
DatadoDatadog Cloud SIEMg User Is Service
Updated incident field.

Incident Types

Datadog Cloud SIEM
Updated incident type.

Integrations

We are releasing a new Datadog Cloud SIEM integration. This update aligns the integration with Cloud SIEM best practices for security alerting.
Deprecation Notice: The legacy integration is now deprecated. It will remain available for a transition period of 6 months and will be removed entirely on June 30, 2026. We encourage users to migrate to the new integration immediately to ensure continued support.
If this change impacts your workflows, please use this form to let us know. Our team will review your requirements and work with you on a solution, including adding specific commands or functionality to the supported Datadog integration if needed.

Layouts

Datadog Cloud SIEM Layout
Updated layout.

Mappers

Datadog Cloud SIEM - Incoming Mapper

Updated mapper.

Related pull requests:
- 42282
- 42311

Download

1.0.17 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 42149
- 42311
- 42282

Download

1.0.16 - R3444919 (May 18, 2025)

Integrations

Datadog Cloud SIEM

Metadata and documentation improvements.

Related pull requests:
- 39089

Download

1.0.15 - R2988287 (March 26, 2025)

Integrations

Datadog Cloud SIEM

Documentation and metadata improvements.

Related pull requests:
- 37886

Download

1.0.14 - 1928124 (January 5, 2025)

Integrations

Datadog Cloud SIEM

Updated the Docker image to: demisto/datadog-api-client:1.0.0.1832460.

Related pull requests:
- 37789
- 37773
- 37772
- 37774
- 37771

Download

1.0.18 - 6314563 (December 17, 2025)

Incident Fields

Datadog Cloud SIEM
Updated incident field.
Datadog Cloud SIEM Attachment User ID
Updated incident field.
Datadog Cloud SIEM Commander User
Updated incident field.
Datadog Cloud SIEM Customer Impact Scope
Updated incident field.
Datadog Cloud SIEM Customer Impacted
Updated incident field.
Datadog Cloud SIEM Detect and Create Duration
Updated incident field.
Datadog Cloud SIEM Detected
Updated incident field.
Datadog Cloud SIEM Detected Method
Updated incident field.
Datadog Cloud SIEM Display Name
Updated incident field.
Datadog Cloud SIEM Duration
Updated incident field.
Datadog Cloud SIEM Integrations ID
Updated incident field.
Datadog Cloud SIEM Last Modified By
Updated incident field.
Datadog Cloud SIEM Modified
Updated incident field.
Datadog Cloud SIEM Notification Email
Updated incident field.
Datadog Cloud SIEM Other Org Id
Updated incident field.
Datadog Cloud SIEM Other Org User Id
Updated incident field.
Datadog Cloud SIEM Public ID
Updated incident field.
Datadog Cloud SIEM Relationships User ID
Updated incident field.
Datadog Cloud SIEM Repair Time
Updated incident field.
Datadog Cloud SIEM Resolution Time
Updated incident field.
Datadog Cloud SIEM Resolved
Updated incident field.
Datadog Cloud SIEM Root Cause
Updated incident field.
Datadog Cloud SIEM Title
Updated incident field.
Datadog Cloud SIEM User Creation Time
Updated incident field.
Datadog Cloud SIEM User Last Modified
Updated incident field.
Datadog Cloud SIEM User Status
Updated incident field.
Datadog Cloud SIEM User Title
Updated incident field.
Datadog Cloud SIEM User Verified
Updated incident field.
DatadoDatadog Cloud SIEMg User Is Service
Updated incident field.

Incident Types

Datadog Cloud SIEM
Updated incident type.

Integrations

Datadog

Layouts

Datadog Cloud SIEM Layout
Updated layout.

Mappers

Datadog Cloud SIEM - Incoming Mapper

Updated mapper.

Related pull requests:
- 42282
- 42311

Download

1.0.17 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 42149
- 42282
- 42311

Download

1.0.16 - R3444919 (May 18, 2025)

Integrations

Datadog Cloud SIEM

Metadata and documentation improvements.

Related pull requests:
- 39089

Download

1.0.15 - R2988287 (March 26, 2025)

Integrations

Datadog Cloud SIEM

Documentation and metadata improvements.

Related pull requests:
- 37886

Download

1.0.14 - 1928124 (January 5, 2025)

Integrations

Datadog Cloud SIEM

Updated the Docker image to: demisto/datadog-api-client:1.0.0.1832460.

Related pull requests:
- 37789
- 37773
- 37772
- 37774
- 37771

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	May 16, 2023
Last Release	December 17, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.