Loginsoft developed Datadog Cloud SIEM integration for a leading SOAR platform

Datadog is a monitoring and observability platform that helps organizations collect, analyze, and visualize infrastructure and application data. It provides a wide range of features, including:

1. Logs: Datadog collects logs from your infrastructure and applications, such as system logs, application logs, and security logs.
2. Traces: Datadog collects traces from your infrastructure and applications, which can help you identify performance bottlenecks and errors.
3. Alerts: Datadog can send you alerts when your metrics, logs, or traces exceed predefined thresholds. This can help you identify problems early and take corrective action before they impact your users.
4. Metrics: Datadog collects metrics from your infrastructure and applications, such as CPU usage, memory usage, and HTTP requests
5. Dashboards: Datadog provides a variety of pre-built dashboards that you can use to visualize your data. You can also create custom dashboards to meet your specific needs.

This integration (developed by Loginsoft) allows you to send Datadog events, incidents, and metrics to the SOAR platform.

Here are some of the benefits of using Datadog with the SOAR platform:

• Increased visibility
• Improved troubleshooting
• Enhanced collaboration
• Orchestration and Automated Response

Integrating a Datadog Cloud SIEM with a SOAR solution combines the power of each to create a more robust, efficient, and responsive security program. Taking advantage of the Datadog Cloud SIEM’s ability to ingest large volumes of data and generate alerts, the SOAR solution can be layered on top of the SIEM to manage the incident response process to each alert, automating and orchestrating multiple third-party tools from different vendors, carry out a number of enrichment and response actions and a number of mundane and repetitive tasks that would take many manual man hours to complete.

For example, a specific set of playbooks and runbooks for phishing attacks could be used to extract indicators from a Datadog incident, checking each indicator through various threat intelligence sources, any attachments could be extracted and scanned through antivirus or sandbox technology. If any malicious indicators were noted in the previous steps, containment actions such as quarantining the email across the domain, blocking the sender, domain or IP address, banning the execution of the malicious attachment, or many others.

This is just one example of how Datadog Cloud SIEM and SOAR can be used in tandem to respond to potential security threats; however, the potential use cases are limited only by the creativity of the security team.

This integration provides organizations with a solution for centralized security visibility and Automation that can meet their growing needs across a decentralized digital estate and will improve security operations efficiency, efficacy, and consistency.