steampipe plugin install datadog

Table: datadog_security_monitoring_rule - Query Datadog Security Monitoring Rules using SQL

Datadog Security Monitoring Rules is a feature within Datadog that allows users to define and manage rules for security threats. It provides a centralized way to set up and manage rules for various types of security threats, including network intrusions, unauthorized access, and more. Datadog Security Monitoring Rules helps you stay informed about the security status of your resources and take appropriate actions when predefined conditions are met.

Table Usage Guide

The datadog_security_monitoring_rule table provides insights into Security Monitoring Rules within Datadog. As a security engineer, explore rule-specific details through this table, including rule configurations, conditions, and associated metadata. Utilize it to uncover information about rules, such as those related to specific security threats, the conditions that trigger them, and the actions taken when those conditions are met.

Examples

Basic info

Explore which security monitoring rules have been created on your Datadog platform. This allows you to understand who created each rule, when they were created, and any filters or tags applied, helping you manage and organize your security protocols effectively.

select
id,
name,
creation_author_id,
created_at,
is_default,
filters,
tags
from
datadog_security_monitoring_rule;
select
id,
name,
creation_author_id,
created_at,
is_default,
filters,
tags
from
datadog_security_monitoring_rule;

List custom monitoring rules

Uncover the details of custom security monitoring rules in your system, focusing on those that are not default, to better understand your security landscape and identify potential areas of improvement. This query is particularly beneficial for those seeking to optimize their security settings and ensure that custom rules are properly configured and functioning as expected.

select
id,
name,
creation_author_id,
created_at,
is_default,
tags,
filters
from
datadog_security_monitoring_rule
where
not is_default;
select
id,
name,
creation_author_id,
created_at,
is_default,
tags,
filters
from
datadog_security_monitoring_rule
where
is_default = 0;

Filter monitoring rules by tags

Explore which monitoring rules have been specifically tagged for AWS cloud and S3 source. This allows you to quickly identify and review the rules applicable to your AWS S3 resources.

select
id,
name,
creation_author_id,
created_at,
is_default,
tags,
filters
from
datadog_security_monitoring_rule
where
tags @> '["cloud:aws", "source:s3"]' :: jsonb
Error: SQLite does not support the contains operator (@>) for JSON objects.

Schema for datadog_security_monitoring_rule

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
casesjsonbCases for generating signals.
created_attextWhen the rule was created, timestamp in milliseconds.
creation_author_idtextUser ID of the user who created the rule.
filtersjsonbAdditional queries to filter matched events before they are processed.
has_extended_titlebooleanWhether the notifications include the triggering group-by values in their title.
idtext=The ID of the rule.
is_defaultbooleanWhether the rule is included by default.
is_deletedbooleanWhether the rule has been deleted.
is_enabledbooleanWhether the rule is enabled.
messagetextMessage for generated signals.
nametextThe name of the rule.
optionsjsonbAdditional options for security monitoring rules.
queriestextQueries for selecting logs which are part of the rule.
tagsjsonbTags for generated signals.
typetextThe security monitoring rule type.
update_author_idtextUser ID of the user who updated the rule.
versionbigintThe version of the rule.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- datadog

You can pass the configuration to the command with the --config argument:

steampipe_export_datadog --config '<your_config>' datadog_security_monitoring_rule